Unable to integrate OTRS with Active Directory

[sunnysthakur]

Hello,

I have setup OTRS 3.3.8 on a CentOS machine and want to integrate with AD (Windows server 2012, This is our new server) for User authentications. (For both Agents and Customers). But while integrating the same with AD i am facing some issues. I added the code to Config.pm and after restart the server I am unable to login to both Customer and Agent users. Below is the code i am using.

vim Kernel/Config.pm
**************************
Customer Login

Code: Select all

#Enable LDAP authentication for Customers / Users
  $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
  $Self->{'Customer::AuthModule::LDAP::Host'} = 'host.example.com';
  $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=BaseOU,dc=example,dc=com';
  $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';

#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
  $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrs_ldap';
  $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'PASSWORD';

#CustomerUser
#(customer user database backend and settings)
    $Self->{CustomerUser} = {
      Module => 'Kernel::System::CustomerUser::LDAP',
      Params => {
      Host => 'host.example.com',
      BaseDN => 'OU=BaseOU,DC=example,DC=com',
      SSCOPE => 'sub',
      UserDN =>'otrs_ldap',
      UserPw => 'PASSWORD',
    },
# customer unique id
    CustomerKey => 'sAMAccountName',
    # customer #
    CustomerID => 'mail',
    CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserSearchPrefix => '',
    CustomerUserSearchSuffix => '*',
    CustomerUserSearchListLimit => 250,
    CustomerUserPostMasterSearchFields => ['mail'],
    CustomerUserNameFields => ['givenname', 'sn'],
    Map => [
      # note: Login, Email and CustomerID needed!
      # var, frontend, storage, shown, required, storage-type
      #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
      [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
      [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
      [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
      [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
      [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
      [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
      #[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
      #[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
    ],
  };
  
#Add the following lines when only users are allowed to login if they reside in the spicified security group
#Remove these lines if you want to provide login to all users specified in the User Base DN
#example: $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=BaseOU, dc=example, dc=com';
  $Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'CN=otrs_ldap_allow_C,OU=Groups,OU=BaseOU,DC=example,DC=com';
  $Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
  $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN'

Agents Login

Code: Select all

#Enable LDAP authentication for Customers / Users
  $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
  $Self->{'AuthModule::LDAP::Host'} = 'host.example.com';
  $Self->{'AuthModule::LDAP::BaseDN'} = 'ou=BaseOU,dc=example,dc=com';
  $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
  
#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
  $Self->{'AuthModule::LDAP::SearchUserDN'} = 'otrs_ldap';
  $Self->{'AuthModule::LDAP::SearchUserPw'} = 'PASSWORD';

# UserSyncLDAPMap
# (map if agent should create/synced from LDAP to DB after login)
    $Self->{UserSyncLDAPMap} = {
        # DB -> LDAP
        UserFirstname => 'givenName',
        UserLastname => 'sn',
        UserEmail => 'mail',
    };

# UserSyncLDAPGroups
# (If "LDAP" was selected for AuthModule, you can specify
# initial user groups for first login.)
    $Self->{UserSyncLDAPGroups} = [
        'users',
    ];

# UserTable
    $Self->{DatabaseUserTable} = 'users';
    $Self->{DatabaseUserTableUserID} = 'id';
    $Self->{DatabaseUserTableUserPW} = 'pw';
    $Self->{DatabaseUserTableUser} = 'login';

#Add the following lines when only users are allowed to login if they reside in the spicified security group
#Remove these lines if you want to provide login to all users specified in the User Base DN
  $Self->{'AuthModule::LDAP::GroupDN'} =''CN=otrs_ldap_allow_A,OU=Groups,OU=BaseOU,DC=example,DC=com';
  $Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
  $Self->{'AuthModule::LDAP::UserAttr'} = 'DN';

But while accessing the Agent or Customer users from OTRS its saying "Login Failed,Your username or password entered incorrectly" and when i checked /var/log/httpd/error_log below error i found.

ERROR: OTRS-CGI-91 Perl: 5.10.1 OS: linux Time: Tue Jul 22 17:38:51 2014

Message: Search failed! base=''ou=BaseOU, dc=example, dc=com', filter='(member=CN=UseraName,CN=BaseOU,DC=example,DC=com)', 0000208D: NameErr: DSID-03100238, problem 2001 (NO_OBJECT), data 0, best match of:
'DC=example,DC=com'

I tried to find out on google to fix this issue but didn't get any help. And even i think same code i used 6-7 month back and was working (At that time we used windows server 2008 as AD).

Please help me out here.

[crythias]

It's a bit difficult to assist with this. If you're literally using BaseOU and example/example.com, you're going to have errors.

If you've obscured the information to look like the example (wow, I'm impressed!)... we can try to retrofit an answer but it may not work.

[sunnysthakur]

Below is my my actual code.

Customer Login

Code: Select all

#Enable LDAP authentication for Customers / Users
  $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
  $Self->{'Customer::AuthModule::LDAP::Host'} = 'xx.xx.xx.xx';
  $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=Users,dc=test,dc=com';
  $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';

#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
  $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrs_ldap';
  $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'PASSWORD';

#CustomerUser
#(customer user database backend and settings)
    $Self->{CustomerUser} = {
      Module => 'Kernel::System::CustomerUser::LDAP',
      Params => {
      Host => 'test.com',
      BaseDN => 'ou=Users,dc=test,dc=com',
      SSCOPE => 'sub',
      UserDN =>'otrs_ldap',
      UserPw => 'PASSWORD',
    },
# customer unique id
    CustomerKey => 'sAMAccountName',
    # customer #
    CustomerID => 'mail',
    CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserSearchPrefix => '',
    CustomerUserSearchSuffix => '*',
    CustomerUserSearchListLimit => 250,
    CustomerUserPostMasterSearchFields => ['mail'],
    CustomerUserNameFields => ['givenname', 'sn'],
    Map => [
      # note: Login, Email and CustomerID needed!
      # var, frontend, storage, shown, required, storage-type
      #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
      [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
      [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
      [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
      [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
      [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
      [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
      #[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
      #[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
    ],
  };
  
#Add the following lines when only users are allowed to login if they reside in the spicified security group
#Remove these lines if you want to provide login to all users specified in the User Base DN
#example: $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=Users,dc=test,dc=com';
  $Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'CN=otrscust,ou=Users,dc=test,dc=com';
  $Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
  $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN'

Agent Code

Code: Select all

#Enable LDAP authentication for Customers / Users
  $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
  $Self->{'AuthModule::LDAP::Host'} = 'xx.xx.xx.xx';
  $Self->{'AuthModule::LDAP::BaseDN'} = 'ou=Users,dc=test,dc=com';
  $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
  
#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
  $Self->{'AuthModule::LDAP::SearchUserDN'} = 'otrs_ldap';
  $Self->{'AuthModule::LDAP::SearchUserPw'} = 'PASSWORD';

# UserSyncLDAPMap
# (map if agent should create/synced from LDAP to DB after login)
    $Self->{UserSyncLDAPMap} = {
        # DB -> LDAP
        UserFirstname => 'givenName',
        UserLastname => 'sn',
        UserEmail => 'mail',
    };

# UserSyncLDAPGroups
# (If "LDAP" was selected for AuthModule, you can specify
# initial user groups for first login.)
    $Self->{UserSyncLDAPGroups} = [
        'users',
    ];

# UserTable
    $Self->{DatabaseUserTable} = 'users';
    $Self->{DatabaseUserTableUserID} = 'id';
    $Self->{DatabaseUserTableUserPW} = 'pw';
    $Self->{DatabaseUserTableUser} = 'login';

#Add the following lines when only users are allowed to login if they reside in the spicified security group
#Remove these lines if you want to provide login to all users specified in the User Base DN
  $Self->{'AuthModule::LDAP::GroupDN'} =''CN=otrsagent,ou=Users,dc=test,dc=com';
  $Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
  $Self->{'AuthModule::LDAP::UserAttr'} = 'DN';

And below is the error when i am going to login from OTRS GUI.

Code: Select all

Message: Search failed! base='ou=Users, dc=test, dc=com', filter='(member=CN=UseraName,CN=Users,DC=test,DC=com)', 0000208D: NameErr: DSID-03100238, problem 2001 (NO_OBJECT), data 0, best match of:
'DC=test,DC=com'

[crythias]

Before I get too far: My LDAP Troubleshooting Post wherein I state:

A GroupDN must not be a user. Members must be directly members of the GroupDN, not inherited.
A GroupDN is optional, but probably desirable for Agents. If a GroupDN is not specified, and a user authenticates, but doesn't exist (especially as an Agent), an ugly error will let you know this. It's better to make sure unauthorized users can't authenticate than to authenticate and throw "UserID not found!". Note that if the agents are all in an OU, and only agents are in that OU, and the OU is a BaseDN, you may not need a GroupDN for this purpose.

And you present this:

Code: Select all

  $Self->{'AuthModule::LDAP::GroupDN'} =''CN=otrsagent,ou=Users,dc=test,dc=com';

Interestingly, this corresponds with your error message. (also leads off with two (too many) single quotation marks.

[sunnysthakur]

Hello,

Thanks for the prompt reply. I tried the above code but didn't succeed. Now i used the below code but still the issue is same.

Code: Select all

  $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
  $Self->{'Customer::AuthModule::LDAP::Host'} = 'xx.xx.xx.xx';
  $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=test,dc=local';
  $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
  
  $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrs';
  $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'password';
  
  $Self->{CustomerUser} = {
      Module => 'Kernel::System::CustomerUser::LDAP',
      Params => {
      Host => 'xx.xx.xx.xx',
      BaseDN => 'DC=test,DC=local',
      SSCOPE => 'sub',
      UserDN =>'otrs',
      UserPw => 'password',
	    },

    CustomerKey => 'sAMAccountName',
    CustomerID => 'mail',
    CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserSearchPrefix => '',
    CustomerUserSearchSuffix => '*',
    CustomerUserSearchListLimit => 250,
    CustomerUserPostMasterSearchFields => ['mail'],
    CustomerUserNameFields => ['givenname', 'sn'],
    Map => [
      [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
      [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
      [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
      [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
      [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
      [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
    ],
  };

  $Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'CN=otrscust,OU=Users,DC=test,DC=local';
  $Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
  $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN';

  $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
  $Self->{'AuthModule::LDAP::Host'} = 'xx.xx.xx.xx';
  $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=test,dc=local';
  $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';

  $Self->{'AuthModule::LDAP::SearchUserDN'} = 'otrs';
  $Self->{'AuthModule::LDAP::SearchUserPw'} = 'pasword';

  $Self->{UserSyncLDAPMap} = {
        UserFirstname => 'givenName',
        UserLastname => 'sn',
        UserEmail => 'mail',
    };

    $Self->{UserSyncLDAPGroups} = [
        'users',
    ];

    $Self->{DatabaseUserTable} = 'users';
    $Self->{DatabaseUserTableUserID} = 'id';
    $Self->{DatabaseUserTableUserPW} = 'pw';
    $Self->{DatabaseUserTableUser} = 'login';

  $Self->{'AuthModule::LDAP::GroupDN'} ='CN=otrsagent,OU=Users,DC=test,DC=local';
  $Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
  $Self->{'AuthModule::LDAP::UserAttr'} = 'DN';

Error

Code: Select all

ERROR: OTRS-CGI-91 Perl: 5.10.1 OS: linux Time: Tue Jul 22 22:53:48 2014

 Message: Search failed! base='CN=otrsagent,OU=Users,DC=test,DC=local', filter='(member=CN=USer Name,CN=Users,DC=test,DC=local)', 0000208D: NameErr: DSID-03100238, problem 2001 (NO_OBJECT), data 0, best match of:
        'DC=test,DC=local'
^@

 RemoteAddress: xx.xx.xx.xx
 RequestURI: /otrs/index.pl

 Traceback (4377):
   Module: Kernel::System::Auth::LDAP::Auth (OTRS 3.3.8) Line: 273
   Module: Kernel::System::Auth::Auth (OTRS 3.3.8) Line: 184
   Module: Kernel::System::Web::InterfaceAgent::Run (OTRS 3.3.8) Line: 206
   Module: ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_index_2epl::handler (unknown version) Line: 41
   Module: (eval) (v1.99) Line: 204
   Module: ModPerl::RegistryCooker::run (v1.99) Line: 204
   Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 170
   Module: ModPerl::Registry::handler (v1.99) Line: 31

ERROR: OTRS-CGI-91 Perl: 5.10.1 OS: linux Time: Tue Jul 22 22:54:11 2014

 Message: Search failed! base='CN=otrscust,OU=Users,DC=test,DC=local', filter='(member=CN=User Name,CN=Users,DC=test,DC=local)', 0000208D: NameErr: DSID-03100238, problem 2001 (NO_OBJECT), data 0, best match of:
        'DC=test,DC=local'
^@

 RemoteAddress: xx.xx.xx.xx
 RequestURI: /otrs/customer.pl

 Traceback (4375):
   Module: Kernel::System::CustomerAuth::LDAP::Auth (OTRS 3.3.8) Line: 277
   Module: Kernel::System::CustomerAuth::Auth (OTRS 3.3.8) Line: 147
   Module: Kernel::System::Web::InterfaceCustomer::Run (OTRS 3.3.8) Line: 207
   Module: ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_customer_2epl::handler (unknown version) Line: 41
   Module: (eval) (v1.99) Line: 204
   Module: ModPerl::RegistryCooker::run (v1.99) Line: 204
   Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 170
   Module: ModPerl::Registry::handler (v1.99) Line: 31

[Tue Jul 22 22:54:48 2014] [notice] caught SIGTERM, shutting down
[Tue Jul 22 22:54:50 2014] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Jul 22 22:54:56 2014] [notice] Digest: generating secret for digest authentication ...

Please let me know if i am missing something here in code or there is a issue with setup AD.

[sunnysthakur]

Any help on this will be appreciated.

[crythias]

Same error. Same reason. BaseDN cannot be a user.

[sunnysthakur]

Hello,

But i am using 'dc=test,dc=local' as BaseDN.
I am not getting where i am missing in term of BaseDN.

Can you please help me out here.

[crythias]

is your domain literally test and local?

[sunnysthakur]

Hello,

Yes its test.local. That is for sure.
Is there any issue if i am going to use this domain name because i have just created a dummy environment to test out the OTRS

[crythias]

First, search for the error

http://otrs.github.io/doc/manual/admin/ ... h-backends

Code: Select all

# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group xyz to use otrs)
$Self->{'AuthModule::LDAP::GroupDN'} = 'cn=otrsallow,dc=test,dc=local';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';

[crythias]

you do not need a GroupDN for Users. It's assumed that if it can find it under BaseDN, it exists.

[sunnysthakur]

Hello,

You mean to say that instead of below code i need change it from :-

Code: Select all

$Self->{'AuthModule::LDAP::GroupDN'} = 'cn=otrsallow,dc=test,dc=local';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';

to

Code: Select all

$Self->{'AuthModule::LDAP::GroupDN'} = 'dc=test,dc=local';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';

Because i am using the above code so that the users on AD who have otrsagent group will be login to agent dashboard and same for otrscutomer

Please share your view on the same.

[sunnysthakur]

Hello,

After some research i am able to get customer login from AD now. Below is the code i used now to get this done. And i surprised that i didn't see a difference the code now working and code i previously used (Don't know why was not working).
Here otrscust is a group on AD so that users who are a members of this group will be login to customer console.

Code: Select all

  $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
  $Self->{'Customer::AuthModule::LDAP::Host'} = 'xx.xx.xx.xx';
  $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=test,dc=local';
  $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';

  $Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'DC=test,DC=local';
  $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrs';
  $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'test123';

    $Self->{CustomerUser} = {
      Module => 'Kernel::System::CustomerUser::LDAP',
      Params => {
      Host => 'xx.xx.xx.xx',
      BaseDN => 'DC=test,DC=local',
      SSCOPE => 'sub',
      UserDN =>'otrs',
      UserPw => 'test123',
    },

    CustomerKey => 'sAMAccountName',
    CustomerID => 'mail',
    CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserSearchPrefix => '',
    CustomerUserSearchSuffix => '*',
    CustomerUserSearchListLimit => 250,
    CustomerUserPostMasterSearchFields => ['mail'],
    CustomerUserNameFields => ['givenname', 'sn'],
    Map => [
      [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
      [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
      [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
      [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
      [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
      ],
  };
  $Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'CN=otrscust,DC=test,DC=local';
  $Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
  $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN';

Now i am not able to figure out the issue why agents are not logged in via AD. Below code i am using for the same.

Code: Select all

  $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
  $Self->{'AuthModule::LDAP::Host'} = 'xx.xx.xx.xx';
  $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=test,dc=local';
  $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
  
  $Self->{'AuthModule::LDAP::SearchUserDN'} = 'otrs';
  $Self->{'AuthModule::LDAP::SearchUserPw'} = 'test123';
    $Self->{UserSyncLDAPMap} = {
        UserFirstname => 'givenName',
        UserLastname => 'sn',
        UserEmail => 'mail',
    };

    $Self->{UserSyncLDAPGroups} = [
        'users',
    ];
	
    $Self->{DatabaseUserTable} = 'users';
    $Self->{DatabaseUserTableUserID} = 'id';
    $Self->{DatabaseUserTableUserPW} = 'pw';
    $Self->{DatabaseUserTableUser} = 'login';
	
  $Self->{'AuthModule::LDAP::GroupDN'} ='CN=otrsagent,DC=test,DC=local';
  $Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
  $Self->{'AuthModule::LDAP::UserAttr'} = 'DN';

Please let me know if i am missing something here in agent code.

[crythias]

If you say something doesn't/won't/can't happen, usually that is accompanied by an error message. Please include the appropriate messages when you state something isn't working.
At the minimum, where's your agent code for AuthSync?

[sunnysthakur]

Hello,

Below is the error i am getting when using the above mentioned Agent code. About AuthSync where this need to be use and i didn't see this in the agent code which i am using (I am just taking a help from google as i am a Linux administrator by profession and not having good hand in coding.. )

ERROR: OTRS-CGI-91 Perl: 5.10.1 OS: linux Time: Fri Jul 25 03:28:37 2014

Code: Select all

 Message: No UserID found for 'username'!

 RemoteAddress: 10.0.0.3
 RequestURI: /otrs/index.pl

 Traceback (6871):
   Module: Kernel::System::User::UserLookup (OTRS 3.3.8) Line: 834
   Module: Kernel::System::Auth::Auth (OTRS 3.3.8) Line: 241
   Module: Kernel::System::Web::InterfaceAgent::Run (OTRS 3.3.8) Line: 206
   Module: ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_index_2epl::handler (unknown version) Line: 41
   Module: (eval) (v1.99) Line: 204
   Module: ModPerl::RegistryCooker::run (v1.99) Line: 204
   Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 170
   Module: ModPerl::Registry::handler (v1.99) Line: 31

[reneeb]

Did you configure the ActiveDirectory as the customer backend? (customer authentication backend != customer backend)