Authenticate against Parent and Child Domain.

Moderator: crythias

Locked
ccallow
Znuny newbie
Posts: 2
Joined: 13 Feb 2015, 01:09
Znuny Version: 4.0.5
Real Name: Chris Callow

Authenticate against Parent and Child Domain.

Post by ccallow »

I have my ldap configuration mostly working, I am able to see users from each domain but I am only able to authenticate users from the parent domain. The users from the child domain don`t authenticate. There is nothing in the httpd error_log file as to why. Is there any other place to check?

Here is my configuration with information taken out for security reasons

Parent Domain (This Works Perfectly)

Code: Select all

$Self->{'AuthModule1'} = 'Kernel::System::Auth::LDAP';
                  $Self->{'AuthModule::LDAP::Host'} = 'amec-dc1.parentdomain.com';
      $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=parentdomain,dc=com';
      $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';

      $Self->{'AuthModule::LDAP::SearchUserDN'} = 'cn=otrs,cn=Users,dc=parentdomain,dc=com';
      $Self->{'AuthModule::LDAP::SearchUserPw'} = '**********';

      $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
      $Self->{'Customer::AuthModule::LDAP::Host1'} = 'amec-dc1.parentdomain.com';
      $Self->{'Customer::AuthModule::LDAP::BaseDN1'} = 'dc=parentdomain,dc=com';
      $Self->{'Customer::AuthModule::LDAP::UID1'} = 'sAMAccountName';

      $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=otrs,cn=Users,dc=parentdomain,dc=com';
      $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = '********';

                  $Self->{CustomerUser1} = {
    Module => 'Kernel::System::CustomerUser::LDAP',
    Params => {
      Host => 'amec-dc1.parentdomain.com',
      BaseDN => 'ou=AMEC - Users,dc=parentdomain,dc=com',
      SSCOPE => 'sub',
      UserDN => 'cn=otrs,cn=Users,dc=parentdomain,dc=com',
      UserPw => '********',
    },
     CustomerKey => 'sAMAccountName',
    CustomerID => 'sAMAccountName',
    CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserPostMasterSearchFields => ['mail'],
    CustomerUserNameFields => ['givenname', 'sn'],
    Map => [
      # note: Login, Email and CustomerID needed!
      # var, frontend, storage, shown, required, storage-type
#       [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
      [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
      [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
      [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
      [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
      [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
      [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
#       [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
      [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
    ],
  };
Child Domain (Users Show up but can't login)

Code: Select all

$Self->{'AuthModule2'} = 'Kernel::System::Auth::LDAP';
                  $Self->{'AuthModule::LDAP::Host'} = 'ok-dc1.child.parent.com';
      $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=child,dc=parent,dc=com';
      $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';

      $Self->{'AuthModule::LDAP::SearchUserDN'} = 'cn=otrs,cn=Users,dc=parentdomain,dc=com';
      $Self->{'AuthModule::LDAP::SearchUserPw'} = '********';

      $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
      $Self->{'Customer::AuthModule::LDAP::Host2'} = 'ok-dc1.child.parent.com';
      $Self->{'Customer::AuthModule::LDAP::BaseDN2'} = 'dc=child,dc=parent,dc=com';
      $Self->{'Customer::AuthModule::LDAP::UID2'} = 'sAMAccountName';

      $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=otrs,cn=Users,dc=parentdomain,dc=com';
      $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = '********';

                  $Self->{CustomerUser2} = {
    Module => 'Kernel::System::CustomerUser::LDAP',
    Params => {
      Host => 'ok-dc1.child.parent.com',
      BaseDN => 'ou=Staff Accounts,dc=child,dc=parent,dc=com',
      SSCOPE => 'sub',
      UserDN => 'cn=otrs,cn=Users,dc=parentdomain,dc=com',
      UserPw => '********',
    },
    CustomerKey => 'sAMAccountName',
    CustomerID => 'sAMAccountName',
    CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserPostMasterSearchFields => ['mail'],
    CustomerUserNameFields => ['givenname', 'sn'],
    Map => [
      # note: Login, Email and CustomerID needed!
      # var, frontend, storage, shown, required, storage-type
#       [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
      [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
      [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
      [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
      [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
      [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
      [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
#       [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
      [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
    ],
  };
Thanks for your help
Last edited by crythias on 13 Feb 2015, 15:19, edited 1 time in total.
Reason: [code] tags for sanity
Top
crythias
Moderator
Posts: 10170
Joined: 04 May 2010, 18:38
Znuny Version: 5.0.x
Location: SouthWest Florida, USA
Contact:
Contact crythias

Re: Authenticate against Parent and Child Domain.

Post by crythias »

Don't forget that you must be consistent with your numeric appended index number across all keys that pertain to the index.

(If you use "2", all the other Keys need 2 also.)
OTRS 6.0.x (private/testing/public) on Linux with MySQL database.
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
Top
ccallow
Znuny newbie
Posts: 2
Joined: 13 Feb 2015, 01:09
Znuny Version: 4.0.5
Real Name: Chris Callow

Re: Authenticate against Parent and Child Domain.

Post by ccallow »

Just not sure what other keys I am missing the 2 on in my config
Top
crythias
Moderator
Posts: 10170
Joined: 04 May 2010, 18:38
Znuny Version: 5.0.x
Location: SouthWest Florida, USA
Contact:
Contact crythias

Re: Authenticate against Parent and Child Domain.

Post by crythias »

> $Self->{'AuthModule1'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'amec-dc1.parentdomain.com';
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=parentdomain,dc=com';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
should be:
$Self->{'AuthModule1'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host1'} = 'amec-dc1.parentdomain.com';
$Self->{'AuthModule::LDAP::BaseDN1'} = 'dc=parentdomain,dc=com';
$Self->{'AuthModule::LDAP::UID1'} = 'sAMAccountName';
and so on.

$Self->{'AuthModule2'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'ok-dc1.child.parent.com'; #<-- this is the same "variable" as above
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=child,dc=parent,dc=com';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';

Should be:
$Self->{'AuthModule2'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host2'} = 'ok-dc1.child.parent.com';
$Self->{'AuthModule::LDAP::BaseDN2'} = 'dc=child,dc=parent,dc=com';
$Self->{'AuthModule::LDAP::UID2'} = 'sAMAccountName';
and so on
OTRS 6.0.x (private/testing/public) on Linux with MySQL database.
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
Top
Locked

Return to “Help”