After installation when I first login as root@localhost and then I change config to use LDAP Agents authentication, everything works just fine.
But if there is no first login on root@localhost and I just add my LDAP config.
Authentication passes but I get message:
No Permission to use this frontend module!
I tried to login on LDAP users that are in cn=otrs-admin,ou=groups,dc=test-devel,dc=local group, and cn=otrs-users,ou=groups,dc=test-devel,dc=local.
Is there any way to do first login with account from LDAP ?
My Config.pm:
Code: Select all
package Kernel::Config;
use strict;
use warnings;
use utf8;
sub Load {
my $Self = shift;
# ---------------------------------------------------- #
# database settings #
# ---------------------------------------------------- #
# The database host
$Self->{DatabaseHost} = '127.0.0.1';
# The database name
$Self->{Database} = 'otrs';
# The database user
$Self->{DatabaseUser} = 'otrs';
# The password of database user. You also can use bin/otrs.Console.pl Maint::Database::PasswordCrypt
# for crypted passwords
$Self->{DatabasePw} = 'some-pass';
# The database DSN for MySQL ==> more: "perldoc DBD::mysql"
$Self->{DatabaseDSN} = "DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost};";
# The database DSN for PostgreSQL ==> more: "perldoc DBD::Pg"
# if you want to use a local socket connection
# $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};";
# if you want to use a TCP/IP connection
# $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};host=$Self->{DatabaseHost};";
# The database DSN for Microsoft SQL Server - only supported if OTRS is
# installed on Windows as well
# $Self->{DatabaseDSN} = "DBI:ODBC:driver={SQL Server};Database=$Self->{Database};Server=$Self->{DatabaseHost},1433";
# The database DSN for Oracle ==> more: "perldoc DBD::oracle"
# $Self->{DatabaseDSN} = "DBI:Oracle://$Self->{DatabaseHost}:1521/$Self->{Database}";
#
# $ENV{ORACLE_HOME} = '/path/to/your/oracle';
# $ENV{NLS_DATE_FORMAT} = 'YYYY-MM-DD HH24:MI:SS';
# $ENV{NLS_LANG} = 'AMERICAN_AMERICA.AL32UTF8';
# ---------------------------------------------------- #
# fs root directory
# ---------------------------------------------------- #
$Self->{Home} = '/opt/otrs';
# ---------------------------------------------------- #
# insert your own config settings "here" #
# config settings taken from Kernel/Config/Defaults.pm #
# ---------------------------------------------------- #
# $Self->{SessionUseCookie} = 0;
# $Self->{CheckMXRecord} = 0;
# This is an example configuration for an LDAP auth. backend for AGENTS
# (Make sure Net::LDAP is installed!)
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'test-devel.local';
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=test-devel,dc=local';
$Self->{'AuthModule::LDAP::UID'} = 'UID';
# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group xyz to use otrs)
$Self->{'AuthModule::LDAP::GroupDN'} = 'cn=users,ou=groups,dc=test-devel,dc=local';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'memberUid';
$Self->{'AuthModule::LDAP::UserAttr'} = 'UID';
# The following is valid but would only be necessary if the
# anonymous user do NOT have permission to read from the LDAP tree
#$Self->{'AuthModule::LDAP::SearchUserDN'} = '';
#$Self->{'AuthModule::LDAP::SearchUserPw'} = '';
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
#$Self->{'AuthModule::LDAP::AlwaysFilter'} = '';
# in case you want to add a suffix to each login name, then
# you can use this option. e. g. user just want to use user but
# in your ldap directory exists user@domain.
# $Self->{'AuthModule::LDAP::UserSuffix'} = '@domain.com';
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
# Sync AGENTS data with OTRS DB
$Self->{CheckEmailAddresses} = 0;
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = 'test-devel.local';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=test-devel,dc=local';
$Self->{'AuthSyncModule::LDAP::UID'} = 'UID';
# The following is valid but would only be necessary if the
# anonymous user do NOT have permission to read from the LDAP tree
#$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = '';
#$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = '';
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
# DB -> LDAP
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
# AuthSyncModule::LDAP::UserSyncInitialGroups
# (sync following group with rw permission after initial create of first agent
# login)
$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
'users',
];
# AuthSyncModule::LDAP::UserSyncGroupsDefinition
# (If "LDAP" was selected for AuthModule and you want to sync LDAP
# groups to otrs groups, define the following.)
$Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'memberUid';
$Self->{'AuthSyncModule::LDAP::UserAttr'} = 'UID';
$Self->{'AuthSyncModule::LDAP::UserSyncGroupsDefinition'} = {
# ldap group
'cn=otrs-admin,ou=groups,dc=test-devel,dc=local' => {
# otrs group
'admin' => {
# permission
rw =>1,
ro =>1,
}
},
'cn=otrs-users,ou=groups,dc=test-devel,dc=local' => {
'users' => {
rw => 1,
ro => 1,
}
}
};
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# data inserted by installer #
# ---------------------------------------------------- #
# $DIBI$
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# #
# end of your own config options!!! #
# #
# ---------------------------------------------------- #
# ---------------------------------------------------- #
}
# ---------------------------------------------------- #
# needed system stuff (don't edit this) #
# ---------------------------------------------------- #
use base qw(Kernel::Config::Defaults);
# -----------------------------------------------------#
1;
P.S sorry for my poor English, still learning
.