configuring an LDAP customer backend

Moderator: crythias

Locked
gfontanili
Znuny newbie
Posts: 4
Joined: 15 Sep 2016, 10:28
Znuny Version: 5.0.4
Real Name: Gianfranco Fontanili
Company: Brevini Fluid Power SPA

configuring an LDAP customer backend

Post by gfontanili »

Hi,
I want to configure an LDAP customer backend.

I've changing the file Config.pm adding this code:

Code: Select all

# 2. Customer user backend: LDAP
# (customer ldap backend and settings)
$Self->{CustomerUser2} = {
    Name => 'LDAP Datasource',
    Module => 'Kernel::System::CustomerUser::LDAP',
    Params => {
        # ldap host
        Host => 'example.com',
        # ldap base dn
        BaseDN => 'CN=helpdesk_customers,OU=Groups,OU=ITA,DC=example,DC=com',
        # search scope (one|sub)
        SSCOPE => 'sub',
        # The following is valid but would only be necessary if the
        # anonymous user does NOT have permission to read from the LDAP tree
        UserDN => 'authorized_user',
        UserPw => 'pwd_authorized_user',
        # in case you want to add always one filter to each ldap query, use
        # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
        AlwaysFilter => '',
        # if the charset of your ldap server is iso-8859-1, use this:
#        SourceCharset => 'iso-8859-1',

        # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
        Params => {
            port => 389,
            timeout => 120,
            async => 0,
            version => 3,
        },
    },
    # customer unique id
    CustomerKey => 'uid',
    # customer #
    CustomerID => 'mail',
    CustomerUserListFields => ['cn', 'mail'],
    CustomerUserSearchFields => ['uid', 'cn', 'mail'],
    CustomerUserSearchPrefix => '',
    CustomerUserSearchSuffix => '*',
    CustomerUserSearchListLimit => 250,
    CustomerUserPostMasterSearchFields => ['mail'],
    CustomerUserNameFields => ['givenname', 'sn'],
    # show not own tickets in customer panel, CompanyTickets
    CustomerUserExcludePrimaryCustomerID => 0,
    # add a ldap filter for valid users (expert setting)
#    CustomerUserValidFilter => '(!(description=locked))',
    # admin can't change customer preferences
    AdminSetPreferences => 0,
    Map => [
        # note: Login, Email and CustomerID needed!
        # var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly
        [ 'UserTitle',      'Title',      'title',           1, 0, 'var', '', 0 ],
        [ 'UserFirstname',  'Firstname',  'givenname',       1, 1, 'var', '', 0 ],
        [ 'UserLastname',   'Lastname',   'sn',              1, 1, 'var', '', 0 ],
        [ 'UserLogin',      'Username',   'uid',             1, 1, 'var', '', 0 ],
        [ 'UserEmail',      'Email',      'mail',            1, 1, 'var', '', 0 ],
        [ 'UserCustomerID', 'CustomerID', 'mail',            0, 1, 'var', '', 0 ],
#        [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1, 0, 'var', '', 0 ],
        [ 'UserPhone',      'Phone',      'telephonenumber', 1, 0, 'var', '', 0 ],
        [ 'UserAddress',    'Address',    'postaladdress',   1, 0, 'var', '', 0 ],
        [ 'UserComment',    'Comment',    'description',     1, 0, 'var', '', 0 ],
    ],
};
In the clients list I don't see the members of group "helpdesk_customers".

In the log there is this:
Can't contact LDAP server
Thu Sep 15 09:51:35 2016 error OTRS-CGI-87 First bind failed! 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1

Where am I doing wrong?

Gianfranco
Top
wurzel
Znuny guru
Posts: 3273
Joined: 08 Jul 2010, 22:25
Znuny Version: x.x.x
Real Name: Florian

Re: configuring an LDAP customer backend

Post by wurzel »

Hi,

wrong username/password for ldap queries.

Flo
OTRS 2025 SILVER (Prod)
OTRS 2025 auf Debian 12 (Test)
Znuny 7.x latest version testing auf Debian 12

-- Ich beantworte keine Forums-Fragen PN - No PN please

I won't answer to unfriendly users any more. A greeting and regards are just polite.
Top
skullz
Znuny superhero
Posts: 658
Joined: 24 Feb 2012, 03:58
Znuny Version: LTS and Features
Real Name: Mo Azfar
Location: Kuala Lumpur, MY
Contact:
Contact skullz

Re: configuring an LDAP customer backend

Post by skullz »

you didn't have auth module there..

Code: Select all

$Self->{'Customer::AuthModule2'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host2'} = 'LDAP_IP_ADDRESS';															
$Self->{'Customer::AuthModule::LDAP::BaseDN2'} = 'dc=XXXX,dc=XXX';															
$Self->{'Customer::AuthModule::LDAP::UID2'} = 'sAMAccountName';

#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
$Self->{'Customer::AuthModule::LDAP::SearchUserDN2'} = 'CN=IT Service Center,OU=Service Accounts,DC=XXXX,DC=XXX';	
$Self->{'Customer::AuthModule::LDAP::SearchUserPw2'} = 'XXXXXX';

# 2. Customer user backend: LDAP
# (customer ldap backend and settings)
$Self->{CustomerUser2} = {
.................................
.................................
My Github
OTRS CE/LTS Discord Channel
Cant Update Package Anymore ? Check This

Professional OTRS, Znuny & OTOBO services: efflux.de/en
Free and premium add-ons: English
Top
gfontanili
Znuny newbie
Posts: 4
Joined: 15 Sep 2016, 10:28
Znuny Version: 5.0.4
Real Name: Gianfranco Fontanili
Company: Brevini Fluid Power SPA

Re: configuring an LDAP customer backend

Post by gfontanili »

Nobody can help me?
I use OTRS:ITSM 5.
Top
root
Administrator
Posts: 4253
Joined: 18 Dec 2007, 12:23
Znuny Version: Znuny and Znuny LTS
Real Name: Roy Kaldung
Company: Znuny
Contact:
Contact root

Re: configuring an LDAP customer backend

Post by root »

Are there any entries in the otrs log?
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO

Use a test system - always.

Do you need professional services? Check out https://www.znuny.com/

Do you want to contribute or want to know where it goes ?
Top
sids1
Znuny newbie
Posts: 29
Joined: 06 Oct 2016, 16:17
Znuny Version: 5.0.13
Real Name: Siddharth S
Company: Trilegal

Re: configuring an LDAP customer backend

Post by sids1 »

I have the same problem too, below is my code.
I believe we have to change it to 'samaccountname' in case of Windows AD, which I did (this might help the above user)

Code: Select all

# CustomerUser
# (customer ldap backend and settings)
$Self->{CustomerUser} = {
    Name => 'LDAP Data Source',
    Module => 'Kernel::System::CustomerUser::LDAP',
    Params => {
        # ldap host
        Host => 'removed',
        # ldap base dn
        BaseDN => 'CN=XUSR_Access_TL_OTRS,OU=Access Group,OU=Groups,DC=Removed,DC=removed',
        # search scope (one|sub)
        SSCOPE => 'sub',
        # The following is valid but would only be necessary if the
        # anonymous user does NOT have permission to read from the LDAP tree
        UserDN => 'CN=svc_otrs,OU=Svc_Acc,OU=India,OU=Account,DC=Removedl,DC=removed',
        UserPw => 'Removed',
        # in case you want to add always one filter to each ldap query, use
        # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
        AlwaysFilter => '',
            # if the charset of your ldap server is iso-8859-1, use this:
#            SourceCharset => 'iso-8859-1',

            # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
            Params => {
                port => 389,
                timeout => 120,
                async => 0,
                version => 3,
            },
    },
    # customer unique id
    CustomerKey => 'samaccountname',
    # customer #
    CustomerID => 'mail',
    CustomerUserListFields => ['cn', 'mail'],
    CustomerUserSearchFields => ['samaccountname', 'cn', 'mail'],
    CustomerUserSearchPrefix => '',
    CustomerUserSearchSuffix => '*',
    CustomerUserSearchListLimit => 250,
    CustomerUserPostMasterSearchFields => ['mail'],
    CustomerUserNameFields => ['givenname', 'sn'],
    # show not own tickets in customer panel, CompanyTickets
    CustomerUserExcludePrimaryCustomerID => 0,
    # add an ldap filter for valid users (expert setting)
#    CustomerUserValidFilter => '(!(description=locked))',
    # administrator can't change customer preferences
    AdminSetPreferences => 0,
#    # cache time to live in sec. - cache any database queries
#    CacheTTL => 0,
    Map => [
        # note: Login, Email and CustomerID are mandatory!
        # var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly
        [ 'UserTitle',      'Title',      'title',           1, 0, 'var', '', 0 ],
        [ 'UserFirstname',  'Firstname',  'givenname',       1, 1, 'var', '', 0 ],
        [ 'UserLastname',   'Lastname',   'sn',              1, 1, 'var', '', 0 ],
        [ 'UserLogin',      'Username',   'samaccountname',  1, 1, 'var', '', 0 ],
        [ 'UserEmail',      'Email',      'mail',            1, 1, 'var', '', 0 ],
        [ 'UserCustomerID', 'CustomerID', 'mail',            0, 1, 'var', '', 0 ],
#        [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1, 0, 'var', '', 0 ],
        [ 'UserPhone',      'Phone',      'telephonenumber', 1, 0, 'var', '', 0 ],
        [ 'UserAddress',    'Address',    'postaladdress',   1, 0, 'var', '', 0 ],
        [ 'UserComment',    'Comment',    'description',     1, 0, 'var', '', 0 ],
    ],
};
I get the below error in the system logs
First bind failed! 80090308: LdapErr: DSID-0C0903A8, comment: AcceptSecurityContext error, data 52e, v1db1
As per my reading, I see that 52e is related to login failure and is sent when a
Username is valid but not the password
Is this to say that my searchDN password is wrong

P.S: I dont mean to hijack this post but I think we both are having the same problems.
Top
Locked

Return to “Help”