LDAP Anbindung - Panic! No UserData!!!

lratue · Post by **lratue** » 03 Sep 2008, 14:37

Hallo,

ich habe bereits die Suche benutzt und auch einiges zu meinem Problem gefunden, es jedoch bis jetzt nicht lösen können. Wir wäre sehr dankbar wenn mir jemand sagen könnte woran mein Problem liegt.

#------------------------------------------------------#
# Agent LDAP Authentication Settings #
#------------------------------------------------------#

$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'legolas.auenland.lkt';
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=auenland,dc=lkt';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';

$Self->{'AuthModule::LDAP::SearchUserDN'} = 'OTRS@auenland.lkt';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'xxxx';

# $Self->{'AuthModule::LDAP::GroupDN'} = 'cn=Users,dc=auenland,dc=lkt';
# $Self->{'AuthModule::LDAP::AccessAttr'} = 'member';

#------------------------------------------------------#
# Customer Search Form Populator #
#------------------------------------------------------#

$Self->{CustomerUser} = {
Name => 'LDAP Source',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
# ldap host
Host => 'legolas.auenland.lkt',
# ldap base dn
BaseDN => 'dc=auenland,dc=lkt',
# search scope (one|sub)
SSCOPE => 'sub',
# The following is valid but would only be necessary if the
# anonymous user does NOT have permission to read from the LDAP tree
# Absolutely necessary for Active Directory
UserDN => 'OTRS@auenland.lkt', # Needs to be fully qualified active directory domain name (user at domain.com)
UserPw => 'xxxx',
},
# customer uniq id
CustomerKey => 'sAMAccountName',
# customer #
CustomerID => 'url',
CustomerUserListFields => ['givenname', 'sn', 'mail'],
CustomerUserSearchFields => ['displayName','sAMAccountName','givenname', 'sn', 'mail','description'],
CustomerUserPostMasterSearchFields => ['displayName','sAMAccountName','givenname','sn','mail','description'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
#[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
#[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
#[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'url', 0, 1, 'var' ],
#[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
#[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
#[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};

#------------------------------------------------------#
# Customer LDAP Authentication #
#------------------------------------------------------#

# This is an example configuration for an LDAP auth. backend.
# (take care that Net::LDAP is installed!)
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'legolas.auenland.lkt';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=auenland,dc=lkt';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';

# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group xyz to use otrs)
# $Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'cn=otrsAgent,cn=Users,dc=domain,dc=com';
# $Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';

# The following is valid but would only be necessary if the
# anonymous user do NOT have permission to read from the LDAP tree
# Absolutely needed for active directory
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'OTRS@auenland.lkt'; # Needs to be fully qualified active directory domain name (user at domain.com)
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'xxxx';
#$Self->{'Customer::AuthModule::LDAP::UserSuffix'} = '@auenland.lkt';

udn hier die passende log file dazu:

[Wed Sep 3 14:36:04 2008][Notice][Kernel::System::Auth::LDAP::Auth] User: OTRS_TEST (CN=OTRS_TEST,CN=Users,DC=auenland,DC=lkt) authentication ok (REMOTE_ADDR: 127.0.0.1).
[Wed Sep 3 14:36:04 2008][Notice][Kernel::System::User::GetUserData] Panic! No UserData for user: 'OTRS_TEST'!!!

Die Authentifizierung scheint zu klappen. Wo liegt also nun mein konkretes Problem?

lratue · Post by **lratue** » 04 Sep 2008, 08:12

Für alle die es interessiert, mit genau dieser config läuft es bei mir nun einwandfrei und ich bekomme keine Panic Meldung mehr.

# UserSyncLDAPMap
# (map if agent should create/synced from LDAP to DB after login)
$Self->{UserSyncLDAPMap} = {
#DB -> LDAP
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};