Mac OS X Open Directory Auth [SOLVED]

[ggirao]

Hello,

I successfully installed OTRS (3.3. on a windows 2008 server, but I will require to bind to my local Open Directory (similar to LDAP) which I cant do it.

Any starting tips? TY

[crythias]

Welcome to the OTRS forums! Please take a moment to read my Need Help? link in my signature and adjust your signature.

[ggirao]

I am using OTRS Version:3.3.8
I am using OS: windows 20008 R2
I am using Database: SQL Server
I have this problem: Cant bind to Max OS X Snow Leopard Server Open Directory
I am encountering my issue on this screen: index.pl costumer.pl
I can replicate the issue by:
This is what I've tried:change settings on Config.pm
These are the posts I've found that are relevant, but don't seem to answer my question: About LDAP Active Diretory
I've looked at the HowTos on this:
I've looked at the Docs.
The logs say: cant find any entry on my OD server log
I've done a non-specific generic search for the error message and it says:
That doesn't apply to me because:
My question is: Cant bind to Max OS X Snow Leopard Server Open Directory

[crythias]

Me, neither, and I don't know how to replicate your experience.

That is, please post your config. Please post error messages.

Without knowing what you tried or how far you've gotten, it's not possible to answer your question.

[ggirao]

Code: Select all

# --
# Kernel/Config.pm - Config file for OTRS kernel
# Copyright (C) 2001-2014 xxx, http://otrs.com/
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (AGPL). If you
# did not receive this file, see http://www.gnu.org/licenses/agpl.txt.
# --
#  Note:
#
#  -->> Most OTRS configuration should be done via the OTRS web interface
#       and the SysConfig. Only for some configuration, such as database
#       credentials and customer data source changes, you should edit this
#       file. For changes do customer data sources you can copy the definitions
#       from Kernel/Config/Defaults.pm and paste them in this file.
#       Config.pm will not be overwritten when updating OTRS.
# --

package Kernel::Config;

use strict;
use warnings;
use utf8;

sub Load {
    my $Self = shift;

    # ---------------------------------------------------- #
    # database settings                                    #
    # ---------------------------------------------------- #

    # The database host
    $Self->{'DatabaseHost'} = '192.168.2.3\SQLSERVER2008R2';

    # The database name
    $Self->{'Database'} = "###";

    # The database user
    $Self->{'DatabaseUser'} = "###";

    # The password of database user. You also can use bin/otrs.CryptPassword.pl
    # for crypted passwords
    $Self->{'DatabasePw'} = '###';

    # The database DSN for MySQL ==> more: "perldoc DBD::mysql"
    $Self->{'DatabaseDSN'} = "DBI:ODBC:driver={SQL Server};Database=$Self->{Database};Server=$Self->{DatabaseHost}";

    # The database DSN for PostgreSQL ==> more: "perldoc DBD::Pg"
    # if you want to use a local socket connection
#    $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};";
    # if you want to use a TCP/IP connection
#    $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};host=$Self->{DatabaseHost};";
    # if you have PostgresSQL 8.1 or earlier, activate the legacy driver with this line:
#    $Self->{DatabasePostgresqlBefore82} = 1;

    # The database DSN for Microsoft SQL Server - only supported if OTRS is
    # installed on Windows as well
#    $Self->{DatabaseDSN} = "DBI:ODBC:driver={SQL Server};Database=$Self->{Database};Server=$Self->{DatabaseHost},1433";

    # The database DSN for Oracle ==> more: "perldoc DBD::oracle"
#    $ENV{ORACLE_HOME} = '/u01/app/oracle/product/10.2.0/client_1';
#    $ENV{NLS_DATE_FORMAT} = 'YYYY-MM-DD HH24:MI:SS';
#    $ENV{NLS_LANG} = "american_america.utf8";

#    $Self->{DatabaseDSN} = "DBI:Oracle:sid=OTRS;host=$Self->{DatabaseHost};port=1522;";

    # ---------------------------------------------------- #
    # fs root directory
    # ---------------------------------------------------- #
    $Self->{Home} = 'C:/otrs/OTRS';

    # ---------------------------------------------------- #
    # insert your own config settings "here"               #
    # config settings taken from Kernel/Config/Defaults.pm #
    # ---------------------------------------------------- #
    # $Self->{SessionUseCookie} = 0;
    # $Self->{CheckMXRecord} = 0;

    # ---------------------------------------------------- #

    # ---------------------------------------------------- #
    # data inserted by installer                           #
    # ---------------------------------------------------- #

    $Self->{'LogModule'}          = 'Kernel::System::Log::File';
    $Self->{'LogModule::LogFile'} = 'C:/otrs/OTRS/var/log/otrs.log';
    # $DIBI$
### LDAP conf by ggirao

#Enable LDAP authentication for Customers / Users
  $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
  $Self->{'Customer::AuthModule::LDAP::Host'} = '192.168.2.1';
  $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'CN=otrsadministrator,ou=Users,dc=ldapmasterserver,dc=companyname,dc=local';
  $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';

#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
  $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'adminuser';
  $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'adminpasswd';

#CustomerUser
#(customer user database backend and settings)
    $Self->{CustomerUser} = {
      Module => 'Kernel::System::CustomerUser::LDAP',
      Params => {
      Host => '192.168.2.1',
      BaseDN => 'CN=otrsadministrator,ou=Users,dc=ldapmasterserver,dc=companyname,dc=local'
      SSCOPE => 'sub',
      UserDN =>'adminuser',
      UserPw => 'adminpasswd',
    },
# customer unique id
    CustomerKey => 'sAMAccountName',
    # customer #
    CustomerID => 'mail',
    CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserSearchPrefix => '',
    CustomerUserSearchSuffix => '*',
    CustomerUserSearchListLimit => 250,
    CustomerUserPostMasterSearchFields => ['mail'],
    CustomerUserNameFields => ['givenname', 'sn'],
    Map => [
      # note: Login, Email and CustomerID needed!
      # var, frontend, storage, shown, required, storage-type
      #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
      [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
      [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
      [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
      [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
      [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
      [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
      #[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
      #[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
    ],
  };
### End LDAP conf by ggirao

    # ---------------------------------------------------- #
    # ---------------------------------------------------- #
    #                                                      #
    # end of your own config options!!!                    #
    #                                                      #
    # ---------------------------------------------------- #
    # ---------------------------------------------------- #
}

# ---------------------------------------------------- #
# needed system stuff (don't edit this)                #
# ---------------------------------------------------- #

use base qw(Kernel::Config::Defaults);

# -----------------------------------------------------#

1;

[ggirao]

I'm looking for a current LDAP binding on my local wifi authenticated service and I see the port 389.

Where is the port configuration here?

[crythias]

"I can't do it" isn't a fixable question. At what point are you stumped?'
Don't say what you've already said. Tell us in different words ERROR MESSAGES that you're encountering.

"When I am at [this screen], I put in [this information] and get [this error message] in System Log."

[ggirao]

"I can't do it" isn't a fixable question. At what point are you stumped?'
Don't say what you've already said. Tell us in different words ERROR MESSAGES that you're encountering.

"When I am at [this screen], I put in [this information] and get [this error message] in System Log."

Did you saw my last question? Where I mention that I have a cisco controller binded to OD over port 389?

I am an IT and trying not to be a BOFH... but nevermind.

You can close this post.

Thank you for your time replying only by slapping my face

[crythias]

I'm looking for a current LDAP binding on my local wifi authenticated service and I see the port 389.

Where is the port configuration here?

Why would you think this is a problem to be solved on an OTRS forum? This sounds like a hardware issue.

[crythias]

I'm not trying to be difficult. I can't translate what you request into something that can be answered.

The documentation is good for connection to LDAP. I'm assuming that it's generally okay for you. You asked about binding, and I guess it's the same but I don't have a Mac.

I'm assuming connectivity at least attempts to work and that log messages indicate something to fix. So far, you haven't even gotten that far. Or, maybe you have?

So you've posted your Config. Great. I assume it works or it doesn't, but since I have nothing to go on because I don't have your environment, I assume that there is additional information that indicates your're trying or not.

No, you're just saying "I successfully installed OTRS (3.3.8) on a windows 2008 server, but I will require to bind to my local Open Directory (similar to LDAP) which I cant do it."
OK. so what is preventing you from doing it? At what point are you stopped? What is the evidence of you being unable to do it? How can random person replicate your experience?
Do you have error messages? (no, apparently not. You're just looking at the thing and saying "I can't do it."). So if would someone who came to you and gave you exactly the same information you provided, what would you say to that person? What questions would you ask?

Then you bring up this random Cisco thing like how is that relevant to your environment and where is it between your OTRS server and the MAC server?

[ggirao]

Ok,

now that I'm recovering from Burnout Syndrome I am able to keep this post alive.

Can you be explicit what are the best ways to provide information for this to work?

Logs? The config I already sent

TY

[ggirao]

Last log lines

Wed Sep 24 12:16:40 2014][Notice][Kernel::System::CustomerAuth::DB::Auth] CustomerUser: No auth record in 'customer_user' for 'adminxxx' (REMOTE_ADDR: xxx.xxx.xxx.xxx)
[Wed Sep 24 12:16:50 2014][Notice][Kernel::System::CustomerAuth::DB::Auth] CustomerUser: No auth record in 'customer_user' for 'userxxx' (REMOTE_ADDR: xxx.xxx.xxx.xxx)

[crythias]

ERROR messages! Finally!

Look, if someone told you "X doesn't work" that's as much useless information as not telling you anything. Of course it doesn't work. Otherwise, you wouldn't be complaining.

On topic, great. The error messages are talking about DB not LDAP. Chances are, you have this configured in SysConfig, so don't do that.

[ggirao]

TY!

I'm editing 2 files:
Config.pm in C:\otrs\OTRS\Kernel
and
ZZZAuto in C:\otrs\OTRS\Kernel\Config\Files

[jojo]

ZZZAuto in C:\otrs\OTRS\Kernel\Config\Files

Never do this! This file is changed by sysconfig only

[ggirao]

OK, I found on admin settings change the DB to LDAP:

now I have:

[Wed Sep 24 13:18:00 2014][Error][Kernel::System::CustomerAuth::LDAP::Auth][188] First bind failed! Bad file descriptor
[Wed Sep 24 13:18:00 2014][Error][Kernel::System::CustomerUser::LDAP::_Connect][197] First bind failed! Bad file descriptor

[crythias]

Bad file descriptor means different things, but *generally* it means you're asking for ipv4 information by way of ipv6.
viewtopic.php?f=60&t=16543

[ggirao]

That worked, but then:

[Thu Sep 25 01:58:28 2014][Notice][Kernel::System::CustomerAuth::LDAP::Auth] CustomerUser: otrs (uid=otrs,cn=users,dc=server,dc=group,dc=local) authentication ok (REMOTE_ADDR: 192.168.10.2).
[Thu Sep 25 01:58:28 2014][Error][Kernel::System::CustomerUser::LDAP::_Connect][197] First bind failed! Bad file descriptor
[Thu Sep 25 01:58:28 2014][Error][Kernel::System::CustomerUser::SetPreferences][587] No such user 'otrs'!
[Thu Sep 25 01:58:28 2014][Error][Kernel::System::CustomerUser::LDAP::CustomerUserDataGet][758] Can't contact LDAP server

[crythias]

it worked for auth. do the same for user.

[ggirao]

Where?

[crythias]

Config.pm

[ggirao]

Config.pm

(Y)

Going there...

[ggirao]

SO I have:
But not entirely sure what to do (essentially on params)

I understand that I have to map key (from otrs) to value (on Open directory), right?


#(customer user database backend and settings)
$Self->{CustomerUser} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => '192.168.2.1',
BaseDN => 'uid=otrs,cn=users,dc=server,dc=group,dc=local',
SSCOPE => 'sub',
BaseDN => 'uid=otrs,cn=users,dc=server,dc=group,dc=local',
UserPw => 'passwd',
},
# customer unique id
CustomerKey => 'uid',
# customer #
CustomerID => 'EmailAddress',
CustomerUserListFields => ['uid', 'cn', 'mail'],
CustomerUserSearchFields => ['uid', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
};

[crythias]

CustomerAuth had bad file descriptor. According to you, you fixed that.. what did you do?
Next, CustomerUser had bad file descriptor. Same fix.

[ggirao]

Hello,

I'm getting back to this, because i'm not confortable with the correct settings in the CustomerUser.


Could be the LDAP mapping? I'm not sure i'm a little lost and confused

[ggirao]

It's working, Aleluia

I was also auth for getting ldap results. Not necessary :-/

[ggirao]

Is it possible to have companies as LDAP groups?

[crythias]

new question, new topic, please? And, I don't think it will work like that. Explain what you want to accomplish in a new topic.