LDAP Auth for Customer

[crons]

Integration with LDAP for customers. OTRS can search/find the customeruser but not able to authorize .Below is from Config.pm

Code: Select all

    $Self->{'Customer::AuthModule1'} = 'Kernel::System::CustomerAuth::LDAP';
    $Self->{'Customer::AuthModule::LDAP::Host1'} = 'xx.xx.xx.xx';
    $Self->{'Customer::AuthModule::LDAP::BaseDN1'} = 'dc=example,dc=local';
    $Self->{'Customer::AuthModule::LDAP::UID1'} = 'mail';
    $Self->{'Customer::AuthModule::LDAP::SearchUserDN1'} = '';
    $Self->{'Customer::AuthModule::LDAP::SearchUserPw1'} = '';

    #$Self->{'Customer::AuthModule::LDAP::AlwaysFilter1'} = '';
    $Self->{'Customer::AuthModule::LDAP::Params1'} = { async => 0, port => 389, timeout => 120, version =>3, };
    ## The above is the LDAP Customer Authentication module.

         $Self->{CustomerUser1} = {
         Module => 'Kernel::System::CustomerUser::LDAP',
         Name => 'LDAP',
         Params => {
         Host => 'xx.xx.xx.xx',
         BaseDN => 'dc=example,dc=local',
         SSCOPE => 'sub',
         UserDN => '',
         UserPw => '',
        # AlwaysFilter => '',
         },
         CustomerKey => 'mail',
         CustomerID => 'mail',
         CustomerUserListFields => ['uid','cn', 'mail'],
         CustomerUserSearchFields => ['uid', 'cn', 'mail'],
         CustomerUserSearchPrefix => '',
         CustomerUserSearchSuffix => '*',
         CustomerUserSearchListLimit => 500,
         CustomerUserPostMasterSearchFields => ['mail'],
         CustomerUserNameFields => ['givenname', 'sn'],
         #CacheTTL => 120,
         Map => [
         # note: Login, Email and CustomerID needed!
         # var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly
                [ 'UserFirstname',  'Firstname',            'givenname',            1, 1, 'var' ],
                [ 'UserLastname',   'Lastname',             'sn',                           1, 1, 'var' ],
                [ 'UserLogin',          'Login',                 'mail',       1, 1, 'var' ],
                [ 'UserPassword',   'Password',   'pw',         0, 1, 'var', '', 0 ],
                [ 'UserEmail',          'Email',                'mail',                         1, 1, 'var' ],
                [ 'UserCustomerID',     'CustomerID',           'mail',                         0, 1, 'var' ],
        ],
    };
  

error from logs

Code: Select all

CustomerUser: testemail@example.com (x500uniqueidentifier=43254,dc=example,dc=local) authentication failed: 'Invalid credentials' 

[crons]

LDAP integration with OTRS.

Configured ldap For customers, unable to log despite correct credentials

Code: Select all

CustomerUser: test@domian.com (x500uniqueidentifier=43254,dc=domain,dc=com) authentication failed: 'Invalid credentials' (REMOTE_ADDR: xxx.xxx.xxx.xxx).

Below is my config.pm

Code: Select all

$Self->{CustomerUser} = {
    Name => 'LDAP Data ',
    Module => 'Kernel::System::CustomerUser::LDAP',
    Params => {
        # ldap host
        Host => 'xx.xxx.xx',
        # ldap base dn
        BaseDN => 'dc=domain,dc=com',
        # search scope (one|sub)
        SSCOPE => 'sub',
        UserDN => '',
        UserPw => '',
        # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
        Params => {
            port => 389,
            timeout => 120,
            async => 0,
            version => 3,
        },
    },
    ReadOnly => 1,
    # customer unique id
    CustomerKey => 'mail',
    CustomerID => 'mail',
    CustomerUserListFields => ['cn', 'mail'],
    CustomerUserSearchFields => ['cn', 'givenname', 'mail'],
    CustomerUserSearchPrefix => '',
    CustomerUserSearchSuffix => '*',
    CustomerUserSearchListLimit => 250,
    CustomerUserPostMasterSearchFields => ['mail'],
    CustomerUserNameFields => ['givenname', 'sn'],
    # show not own tickets in customer panel, CompanyTickets
    CustomerUserExcludePrimaryCustomerID => 0,
# add an ldap filter for valid users (expert setting)
    #CustomerUserValidFilter => '(!(description=locked))',
    # administrator can't change customer preferences
    AdminSetPreferences => 0,
        # cache time to live in sec. - cache any database queries
    CacheTTL => 120,
    Map => [
        # note: Login, Email and CustomerID are mandatory!
        # if you need additional attributes from AD, just map them here.
        # var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly
        [ 'UserFirstname',  'Firstname',   'givenname',       1, 1, 'var', '', 0 ],
        [ 'UserLastname',   'Lastname',    'sn',              1, 1, 'var', '', 0 ],
        [ 'UserLogin',      'Username',    'mail',  1, 1, 'var', '', 0 ],
        [ 'UserEmail',      'Email',       'mail',            1, 1, 'var', '', 0 ],
        [ 'UserCustomerID', 'CustomerID',  'mail',  0, 1, 'var', '', 0 ],
        [ 'UserPhone',      'Phone',       'telephoneNumber', 1, 0, 'var', '', 0 ],
    ],
};
##Enable LDAP authentication for Customers / Users
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'xx.xxx.xx.xx';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=domain,dc=com';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'mail';
#$Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'DN';
#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = '';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = '';
$Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '';
##$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN';

[Rooobaaat]

CustomerUser: test@domian.com (x500uniqueidentifier=43254,dc=domain,dc=com) authentication failed: 'Invalid credentials' (REMOTE_ADDR: xxx.xxx.xxx.xxx).

typing failure?

[crons]

No the credetials are correct, infact I tested with same credentials logging into other application which is integrated withsame LDAP. Also OTRS is identifying username correctly (x500uniqueidentifier=43254). But always says as invalid credentials.

[crons]

I see this error now. Any idea on this?

Code: Select all

CustomerUser: testemail@domain.com (x500uniqueidentifier=43254,dc=domain,dc=com) authentication failed:
'No AUTH supplied' (REMOTE_ADDR: xxx.xxx.xxx.xxx).
LDAP error code = 48

[Rooobaaat]

I think your UID is wrong. But correct me if i'm wrong.

[crythias]

you might want to use sAMAccountName if you're using AD. If not, check the DN for a user.