I tried all weekend to get SSO with at least customer backend working, but no chance.
I'm using OTRS 4.0.5 ov CentOS. LDAP-Auth with Active Directory is working, as well as Kerberos auth (as shell-user and in Browser with my Kerberos test-script).
Edit: I set up Kerberos according to the wiki-entry.
Only little customer login will not take the SSO.
Here is the relevant part of my zzz_otrs.conf from Apache
Code: Select all
<Directory "/opt/otrs/bin/cgi-bin/">
AllowOverride None
AuthType Kerberos
AuthName "OTRS"
Krb5Keytab /opt/keytabs/vserv072.mydomain.loc.keytab
KrbAuthRealms MYDOMAIN.LOC
KrbMethodNegotiate on
KrbSaveCredentials off
Require valid-user
Options +ExecCGI -Includes
Order allow,deny
Allow from all
</Directory>
Code: Select all
#
# Bonn Mitarbeiter Start
#
$Self->{'AuthModule1'} = 'Kernel::System::Auth::HTTPBasicAuth';
$Self->{'AuthModule::HTTPBasicAuth::ReplaceRegExp1'} ='@MYDOMAIN.LOC';
#$Self->{'Customer::AuthModule1'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host1'} = 'vserv001.mydomain.loc';
$Self->{'Customer::AuthModule::LDAP::BaseDN1'} ='OU=Users,DC=mydomain,DC=loc'; # hier die DN
$Self->{'Customer::AuthModule::LDAP::UID1'} = 'sAMAccountName';
$Self->{'Customer::AuthModule::LDAP::GroupDN1'} = 'CN=Gruppe-otrscustomers,OU=Groups,DC=mydomain,DC=loc'; #
$Self->{'Customer::AuthModule::LDAP::AccessAttr1'} = 'member';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN1'} = 'CN=OTRS,OU=Users,DC=mydomain,DC=loc';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw1'} = '123456789';
$Self->{'Customer::AuthModule::LDAP::Params1'} = {
'async' => '0',
'timeout' => '120',
'version' => '3',
'port' => '389',
'inet4' => '1'
};
$Self->{'AuthModule1'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host1'} = 'vserv001.mydomain.loc';
$Self->{'AuthModule::LDAP::BaseDN1'} = 'DC=mydomain,DC=loc';
$Self->{'AuthModule::LDAP::UID1'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::SearchUserDN1'} = 'CN=OTRS,OU=Users,DC=mydomain,DC=loc';
$Self->{'AuthModule::LDAP::SearchUserPw1'} = '123456789';
$Self->{'AuthModule::LDAP::Params1'} = {
'async' => '0',
'timeout' => '120',
'version' => '3',
'port' => '389',
'inet4' => '1'
};
$Self->{'AuthModule::LDAP::Die1'} = 1;
$Self->{'UserSyncLDAPMap1'} = {
'UserEmail' => 'mail',
'UserFirstname' => 'givenName',
'UserLastname' => 'sn',
'UserLogin' => 'sAMAccountName'
};
$Self->{CustomerUser1} = {
Name => 'Mitarbeiter Bonn',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'vserv001.mydomain.loc',
BaseDN => 'OU=Users, DC=mydomain,DC=loc',
SSCOPE => 'sub',
UserDN => 'CN=OTRS,OU=Users,DC=mydomain,DC=loc',
UserPw => '123456789',
SourceCharset => 'utf-8',
DestCharset => 'iso-8859-1',
AlwaysFilter => '(&(objectclass=user)(mail=*@ymdomain.loc)(memberOf=CN=Gruppe-otrscustomers,OU=Groups,DC=mydomain,DC=loc))',
},
CustomerKey => 'sAMAccountName',
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
CustomerUserSearchListLimit => 1000,
Map => [
# [ 'UserSalutation', 'Title', 'title', 1, 0, 'var', '' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var', '' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var', '' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var', '' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var', '' ],
# [ 'UserCustomerID', 'CustomerID', 'extensionAttribute9', 0, 1, 'var', '' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var', '' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var', 'dialto:$Data{"UserPhone"}' ],
[ 'UserMobile', 'Mobile', 'mobile', 1, 0, 'var', 'dialto:$Data{"UserMobile"}' ],
[ 'UserTitle', 'Position', 'title', 0, 0, 'var', '' ],
[ 'UserComment', 'Comment', 'extensionAttribute9', 1, 0, 'var', '', 0 ],
],
};
#
# Bonn Mitarbeiter Ende
#
Any help would be appreciated.
Best regards
Timo
Edit:
Increased Apache-LogLevel to Debug and got this:
Code: Select all
[Mon Feb 16 09:02:12.181067 2015] [authz_core:debug] [pid 2562] mod_authz_core.c(802): [client 10.0.4.235:54014] AH01626: authorization result of Require
all granted: granted, referer: http://vserv072/otrs/customer.pl
[Mon Feb 16 09:02:12.181259 2015] [authz_core:debug] [pid 2562] mod_authz_core.c(802): [client 10.0.4.235:54014] AH01626: authorization result of <RequireAny>: granted, referer: http://vserv072/otrs/customer.pl
[Mon Feb 16 09:02:12.186543 2015] [deflate:debug] [pid 2562] mod_deflate.c(849): [client 10.0.4.235:54014] AH01384: Zlib: Compressed 51326 to 11764 : URL
/otrs-web/skins/Customer/default/css-cache/CommonCSS_875a22a8a011425e29aa5409283129bf.css, referer: http://vserv072/otrs/customer.pl
[Mon Feb 16 09:02:12.186641 2015] [headers:debug] [pid 2562] mod_headers.c(823): AH01502: headers: ap_headers_output_filter()
[Mon Feb 16 09:02:12.191239 2015] [authz_core:debug] [pid 2561] mod_authz_core.c(802): [client 10.0.4.235:54015] AH01626: authorization result of Require
all granted: granted, referer: http://vserv072/otrs/customer.pl
[Mon Feb 16 09:02:12.191343 2015] [authz_core:debug] [pid 2561] mod_authz_core.c(802): [client 10.0.4.235:54015] AH01626: authorization result of <RequireAny>: granted, referer: http://vserv072/otrs/customer.pl
[Mon Feb 16 09:02:12.191761 2015] [authz_core:debug] [pid 2560] mod_authz_core.c(802): [client 10.0.4.235:54016] AH01626: authorization result of Require
all granted: granted, referer: http://vserv072/otrs/customer.pl
[Mon Feb 16 09:02:12.191831 2015] [authz_core:debug] [pid 2560] mod_authz_core.c(802): [client 10.0.4.235:54016] AH01626: authorization result of <RequireAny>: granted, referer: http://vserv072/otrs/customer.pl
[Mon Feb 16 09:02:12.193343 2015] [deflate:debug] [pid 2560] mod_deflate.c(849): [client 10.0.4.235:54016] AH01384: Zlib: Compressed 4723 to 1007 : URL /otrs-web/skins/Customer/default/css/thirdparty/jstree-theme/default/style.css, referer: http://vserv072/otrs/customer.pl
[Mon Feb 16 09:02:12.193409 2015] [headers:debug] [pid 2560] mod_headers.c(823): AH01502: headers: ap_headers_output_filter()
[Mon Feb 16 09:02:12.193717 2015] [deflate:debug] [pid 2561] mod_deflate.c(849): [client 10.0.4.235:54015] AH01384: Zlib: Compressed 20677 to 4044 : URL /otrs-web/skins/Customer/default/css/thirdparty/ui-theme/jquery-ui.css, referer: http://vserv072/otrs/customer.pl
[Mon Feb 16 09:02:12.193762 2015] [headers:debug] [pid 2561] mod_headers.c(823): AH01502: headers: ap_headers_output_filter()
[Mon Feb 16 09:02:12.214090 2015] [authz_core:debug] [pid 2562] mod_authz_core.c(802): [client 10.0.4.235:54014] AH01626: authorization result of Require
all granted: granted, referer: http://vserv072/otrs/customer.pl
[Mon Feb 16 09:02:12.214170 2015] [authz_core:debug] [pid 2562] mod_authz_core.c(802): [client 10.0.4.235:54014] AH01626: authorization result of <RequireAny>: granted, referer: http://vserv072/otrs/customer.pl
[Mon Feb 16 09:02:12.214306 2015] [headers:debug] [pid 2562] mod_headers.c(823): AH01502: headers: ap_headers_output_filter()
[Mon Feb 16 09:02:12.214507 2015] [authz_core:debug] [pid 2561] mod_authz_core.c(802): [client 10.0.4.235:54015] AH01626: authorization result of Require
all granted: granted, referer: http://vserv072/otrs/customer.pl
[Mon Feb 16 09:02:12.214544 2015] [authz_core:debug] [pid 2561] mod_authz_core.c(802): [client 10.0.4.235:54015] AH01626: authorization result of <RequireAny>: granted, referer: http://vserv072/otrs/customer.pl
[Mon Feb 16 09:02:12.214703 2015] [headers:debug] [pid 2561] mod_headers.c(823): AH01502: headers: ap_headers_output_filter()
[Mon Feb 16 09:02:15.599840 2015] [authz_core:debug] [pid 2562] mod_authz_core.c(802): [client 10.0.4.235:54014] AH01626: authorization result of Require
all granted: granted, referer: http://vserv072/otrs/customer.pl
[Mon Feb 16 09:02:15.599902 2015] [authz_core:debug] [pid 2562] mod_authz_core.c(802): [client 10.0.4.235:54014] AH01626: authorization result of <RequireAny>: granted, referer: http://vserv072/otrs/customer.pl