LDAP Anbindung/Sync Probleme

[telnet]

Servus,

Ich bin gerade dabei unser OTRS auf die Version 4.0.5 umzustellen und dabei auch einige Verbesserungen einzubauen.
Nach langem suchen, lesen und Googlen habe ich noch immer 2 Probleme:

1. Die autentifizierung über LDAP klappt super. Sogar mit verschlüsselter Verbindung.
Seit dem ich die Authentifizierung aktiviert habe Speichert das OTRS leider nicht meine Einstellungen im Dashboard mehr. (

2. Ich bekomme es leider nicht hin, dass ein Benutzer der noch nicht angelegt ist im OTRS aber per LDAP authentifiziert wurde, in der Datenbank angelegt wird.

Fehlermeldung:

"Panic, user authenticated but no user data can be found in OTRS DB!! Perhaps the user is invalid."
(Ebenfalls natürlich die Fehlermeldung im Apache log.)

Hier mein Config.pm File auszug:

Code: Select all

    #Enable LDAP authentication for Agents
  $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
  $Self->{'AuthModule::LDAP::Host'} = 'ldaps://dc1.win.***.de';
  $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=win,dc=***,dc=de';
  $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';

    #The following is valid but would only be necessary if the
    #anonymous user do NOT have permission to read from the LDAP tree
  $Self->{'AuthModule::LDAP::SearchUserDN'} = 'otrs@win.***.de';
  $Self->{'AuthModule::LDAP::SearchUserPw'} = '***';

  # Parameter für die SSL verschlüsselung
  $Self->{'AuthModule::LDAP::Params'} = {
               # verify => 'require',
                port => 636,
                timeout => 120,
                async => 0,
                version => 3,
               # cafile => '/etc/ldap/cacert.pm'
                                      },

# Agentync:

# defines AuthSyncBackend (AuthSyncModule) for AuthModule
# if this key exists and is empty, there won't be a sync.
# example values: AuthSyncBackend, AuthSyncBackend2
#$Self->{'AuthModule::UseSyncBackend'} = 'AuthSyncBackend';
# agent data sync against ldap
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = 'ldap://dc1.***.de';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=dc1, dc=***, dc=de';
$Self->{'AuthSyncModule::LDAP::UID'} = 'uid';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'otrs@win.***.de';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = '***';
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
 # DB -> LDAP
 UserFirstname => 'givenName',
 UserLastname => 'sn',
 UserEmail => 'mail',
};
#$Self->{'AuthSyncModule::LDAP::Params'}={
#       port => 636,
#       timeout => 120,
#       async => 0,
#       version => 3,},

# AuthSyncModule::LDAP::UserSyncInitialGroups
# (sync following group with rw permission after initial create of first agent
# login)
$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
 'users',
];

#UserTable
    $Self->{DatabaseUserTable} = 'users';
    $Self->{DatabaseUserTableUserID} = 'id';
    $Self->{DatabaseUserTableUserPW} = 'pw';
    $Self->{DatabaseUserTableUser} = 'login';

Ich habe am Config.pm File schon einiges aus dem Forum ausprobiert bekomme aber keine Lösung hin.

Ein paar Kleinigkeiten nebenher noch, ich hab nur Verschlüsselte Verbindungen zugelassen (https:// und kein http mehr) (Wurde im Apache so konfiguriert. (Kann das ein Problem darstellen?)

Ich hoffe Ihr könnt mir helfen.

[telnet]

Ich habs nach 3 Tagen endlich gelöst.
Das Problem mit dem Sync ist behoben.
Lösung des ganzen war "ldaps:/" , ein " , -> ; "Fehler und die Richtige Angabe der BaseDN.

Hier meine Config.pm:

Code: Select all

# --
# Kernel/Config.pm - Config file for OTRS kernel
# Copyright (C) 2001-2011 xxx, http://otrs.org/
# --
# $Id: Config.pm.dist,v 1.25 2011-09-16 10:58:28 mg Exp $
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (AGPL). If you
# did not receive this file, see http://www.gnu.org/licenses/agpl.txt.
# --
#  Note:
#
#  -->> OTRS does have a lot of config settings. For more settings
#       (Notifications, Ticket::ViewAccelerator, Ticket::NumberGenerator,
#       LDAP, PostMaster, Session, Preferences, ...) see
#       Kernel/Config/Defaults.pm and copy your wanted lines into "this"
#       config file. This file will not be changed on update!
#
# --

package Kernel::Config;

use utf8;

sub Load {
    my $Self = shift;
    # ---------------------------------------------------- #
    # ---------------------------------------------------- #
    #                                                      #
    #         Start of your own config options!!!          #
    #                                                      #
    # ---------------------------------------------------- #
    # ---------------------------------------------------- #

    # ---------------------------------------------------- #
    # database settings                                    #
    # ---------------------------------------------------- #
    # DatabaseHost
    # (The database host.)
    $Self->{DatabaseHost} = 'localhost';
    # Database
    # (The database name.)
    $Self->{Database} = 'otrs';
    # DatabaseUser
    # (The database user.)
    $Self->{DatabaseUser} = 'otrs';
    # DatabasePw
    # (The password of database user. You also can use bin/otrs.CryptPassword.pl
    # for crypted passwords.)
    $Self->{DatabasePw} = '***';
    # DatabaseDSN
    # (The database DSN for MySQL ==> more: "man DBD::mysql")
    $Self->{DatabaseDSN} = "DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost};";
    # (The database DSN for PostgreSQL ==> more: "man DBD::Pg")
    # if you want to use a local socket connection
#    $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};";
    # if you want to use a tcpip connection
#    $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};host=$Self->{DatabaseHost};";
    # if you have PostgresSQL 8.1 or earlier, activate the legacy driver with this line:
#    $Self->{DatabasePostgresqlBefore82} = 1;

    # ---------------------------------------------------- #
    # fs root directory
    # ---------------------------------------------------- #
    $Self->{Home} = '/opt/otrs';

    # ---------------------------------------------------- #
    # insert your own config settings "here"               #
    # config settings taken from Kernel/Config/Defaults.pm #
    # ---------------------------------------------------- #
    # $Self->{SessionUseCookie} = 0;
    # $Self->{CheckMXRecord} = 0;

    # ---------------------------------------------------- #

    # ---------------------------------------------------- #
    # data inserted by installer                           #
    # ---------------------------------------------------- #
    # $DIBI$
    #------------------------------------------------------#


    #Enable LDAP authentication for Agents
  $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
  $Self->{'AuthModule::LDAP::Host'} = 'ldaps://***';
  $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=**,dc=**,dc=de';
  $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';

    #The following is valid but would only be necessary if the
    #anonymous user do NOT have permission to read from the LDAP tree
  $Self->{'AuthModule::LDAP::SearchUserDN'} = 'otrs@***';
  $Self->{'AuthModule::LDAP::SearchUserPw'} = '***';

  # Parameter für die SSL verschlüsselung
  $Self->{'AuthModule::LDAP::Params'} = {
                port => 636,
                timeout => 120,
                async => 0,
                version => 3,           
                                      },

# Agentsync:

# defines AuthSyncBackend (AuthSyncModule) for AuthModule
# if this key exists and is empty, there won't be a sync.
# example values: AuthSyncBackend, AuthSyncBackend2

$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = 'ldaps://**';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=**, dc=**, dc=de';
$Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';

$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'otrs@***';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = '***';

$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
 # DB -> LDAP
 UserFirstname => 'givenName',
 UserLastname => 'sn',
 UserEmail => 'mail',
};

$Self->{'AuthSyncModule::LDAP::Params'}={
        port => 636,
        timeout => 120,
        async => 0,
        version => 3,};

# AuthSyncModule::LDAP::UserSyncInitialGroups
# (sync following group with rw permission after initial create of first agent
# login)
$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
 'users',
];


#UserTable
    $Self->{DatabaseUserTable} = 'users';
    $Self->{DatabaseUserTableUserID} = 'id';
    $Self->{DatabaseUserTableUserPW} = 'pw';
    $Self->{DatabaseUserTableUser} = 'login';

#Add the following lines when only users are allowed to login if they reside in the spicified security group
#Remove these lines if you want to provide login to all users specified in the User Base DN
#  $Self->{'AuthModule::LDAP::GroupDN'} =''CN=otrs_ldap_allow_A,OU=Groups,OU=BaseOU,DC=example,DC=com';
#  $Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
#  $Self->{'AuthModule::LDAP::UserAttr'} = 'DN';



    # ---------------------------------------------------- #
    # ---------------------------------------------------- #
    #                                                      #
    #           End of your own config options!!!          #
    #                                                      #
    # ---------------------------------------------------- #
    # ---------------------------------------------------- #
}

# ---------------------------------------------------- #
# needed system stuff (don't edit this)                #
# ---------------------------------------------------- #
use strict;
use warnings;

use vars qw(@ISA $VERSION);
$VERSION = qw($Revision: 1.25 $)[1];

use Kernel::Config::Defaults;
push (@ISA, 'Kernel::Config::Defaults');

# -----------------------------------------------------#

1;

Jetzt fehlt nur noch das Problem mit der Dashboardeinstellungs speicherung.

[telnet]

Am Demomode liegts schonmal nicht.