LDAP Sync not working

Moderator: crythias

Locked
oragain
Znuny newbie
Posts: 7
Joined: 22 Dec 2014, 17:59
Znuny Version: OTRS 4

LDAP Sync not working

Post by oragain »

Hi,

So, just setup OTRS, found out how to have multiple authentication backend running and I can connect with the root@localhost just as much as with my AD account. So for this AD account I manually added it to the Agent list to check that the LDAP auth was working. And it is.

Now I tried to setup the Sync part so that the Agent would be automatically created. So here is the configuration part I have at the moment. I also tried using UserSyncLDAPMap1 instead of UserSyncMap1 but to no avail:

Code: Select all

$Self->{'AuthModule1'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host1'} = 'domain.local';
$Self->{'AuthModule::LDAP::BaseDN1'} = 'dc=domain,dc=local';
$Self->{'AuthModule::LDAP::UID1'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::SearchUserDN1'} = 'username_for_ldap';
$Self->{'AuthModule::LDAP::SearchUserPw1'} = 'the_pw';

$Self->{'AuthModule::LDAP::Params1'} = {
    port => 389,
    timeout => 120,
    async => 0,
    version => 3,
};

# Now sync data with OTRS DB
$Self->{'AuthModule::UseSyncBackend1'} = 'AuthSyncBackend1';

$Self->{'AuthSyncModule1'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host1'} = 'domain.local';
$Self->{'AuthSyncModule::LDAP::BaseDN1'} = 'dc=domain,dc=local';
$Self->{'AuthSyncModule::LDAP::UID1'} = 'sAMAccountName';
$Self->{'AuthSyncModule::LDAP::SearchUserDN1'} = 'username_for_ldap';
$Self->{'AuthSyncModule::LDAP::SearchUserPw1'} = 'the_pw';

$Self->{'AuthSyncModule::LDAP::UserSyncMap1'} = {
    # DB -> LDAP
    UserFirstname => 'givenName',
    UserLastname => 'sn',
    UserEmail => 'mail',
};
#initial groups for new users
$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups1'} = [
    'users',
];
The error in the apache log is:

Code: Select all

ERROR: OTRS-CGI-77 Perl: 5.18.2 OS: linux Time: Mon Dec 22 10:48:06 2014

 Message: No UserID found for 'a_user'!

 RemoteAddress: 192.128.61.103
 RequestURI: /otrs/index.pl

 Traceback (10216):
   Module: Kernel::System::User::UserLookup Line: 878
   Module: Kernel::System::Auth::Auth Line: 253
   Module: Kernel::System::Web::InterfaceAgent::Run Line: 242
   Module: ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_index_2epl::handler Line: 41
   Module: (eval) (v1.99) Line: 206
   Module: ModPerl::RegistryCooker::run (v1.99) Line: 206
   Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 172
   Module: ModPerl::Registry::handler (v1.99) Line: 31
Which is, normal, since that user does not exist in the database.

So the question is:
* How do I get the SYNC working :) ?
Top
oragain
Znuny newbie
Posts: 7
Joined: 22 Dec 2014, 17:59
Znuny Version: OTRS 4

Re: LDAP Sync not working

Post by oragain »

Happy new year all.

So I have tried changing UserSyncMap1 to UserSyncLDAPMap1 and it still does not sync.

So any idea what I am missing in my user sync configuration to get sync to work ?

Code: Select all

# Now sync data with OTRS DB
$Self->{'AuthModule::UseSyncBackend1'} = 'AuthSyncBackend1';

$Self->{'AuthSyncModule1'} = 'Kernel::System::Auth::Sync::LDAP';
#$Self->{'AuthSyncModule::UseSyncBackend'} = 'AuthSyncBackend2';
$Self->{'AuthSyncModule::LDAP::Host1'} = 'domain.local';
$Self->{'AuthSyncModule::LDAP::BaseDN1'} = 'dc=domain,dc=local';
$Self->{'AuthSyncModule::LDAP::UID1'} = 'sAMAccountName';
$Self->{'AuthSyncModule::LDAP::SearchUserDN1'} = 'an_ldap_query_account';
$Self->{'AuthSyncModule::LDAP::SearchUserPw1'} = 'a_password';
$Self->{'AuthSyncModule::LDAP::UserSyncMap1'} = {
    # DB -> LDAP
#    Login => 'sAMAccountName',
    UserFirstname => 'givenName',
    UserLastname => 'sn',
    UserEmail => 'mail',
};
$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups1'} = [
    'users',
];
Top
Rooobaaat
Znuny wizard
Posts: 432
Joined: 11 Sep 2014, 16:28
Znuny Version: OTRS 5.0.x

Re: LDAP Sync not working

Post by Rooobaaat »

This should work. I hope your agents have an email-address assigned in their ldap-accounts
$Self->{AuthSyncModule} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = 'your_ad_controller';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'your_base_dn';
$Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'ldap-search-user';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'SECRET';
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
# DB -> LDAP
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
$Self->{'AuthSyncModule::LDAP::Charset'} = 'iso-8859-1';
$Self->{'AuthSyncModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [ 'users', ];
$Self->{'AuthSyncModule::LDAP::Die'} = 1;
My english is better than your german :P

"Produktiv": OTRS: 5.0.x, OTRS::ITSM 5.0.x
"Testing": OTRS 6 git
OS: Debian 8.0 (Jessie)
Apache2.4.10/MySQL 5.5.41
Top
oragain
Znuny newbie
Posts: 7
Joined: 22 Dec 2014, 17:59
Znuny Version: OTRS 4

Re: LDAP Sync not working

Post by oragain »

Hi,

Thanks, but still does not work.

However, funny thing, the map is actually working. It just does not work for first time connection (if the account is not already created). I found out by accident when one of the user stop receiving emails. The email in his AD account was wrong and OTRS had updated it.

Regards,
Top
Locked

Return to “Help”