LDAP issue

Moderator: crythias

Locked
sids1
Znuny newbie
Posts: 29
Joined: 06 Oct 2016, 16:17
Znuny Version: 5.0.13
Real Name: Siddharth S
Company: Trilegal

LDAP issue

Post by sids1 »

Guys,

Can someone help me out please. I am unable to configure LDAP.
Below is the code I am using but am unsuccessful.

Code: Select all

#Enable LDAP authentication for Customers / Users
  $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
  $Self->{'Customer::AuthModule::LDAP::Host'} = 'bgsidom02.tl.com';
  $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'OU=Access Group,OU=Groups,DC=Tl,DC=com';
  $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';

#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
  $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'svc_otrs';
  $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'j7ma9Ah1';

#CustomerUser
#(customer user database backend and settings)
    $Self->{CustomerUser} = {
      Module => 'Kernel::System::CustomerUser::LDAP',
      Params => {
      Host => 'bgsidom02.tl.com',
      BaseDN => 'OU=Access Group,OU=Groups,DC=Tl,DC=com',
      SSCOPE => 'sub',
      UserDN =>'svc_otrs',
      UserPw => 'Removed',
    },
# customer unique id
    CustomerKey => 'sAMAccountName',
    # customer #
    CustomerID => 'mail',
    CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserSearchPrefix => '',
    CustomerUserSearchSuffix => '*',
    CustomerUserSearchListLimit => 250,
    CustomerUserPostMasterSearchFields => ['mail'],
    CustomerUserNameFields => ['givenname', 'sn'],
    Map => [
      # note: Login, Email and CustomerID needed!
      # var, frontend, storage, shown, required, storage-type
      #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
      [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
      [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
      [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
      [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
      [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
      [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
      #[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
      #[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
    ],
  };
 
#Add the following lines when only users are allowed to login if they reside in the spicified security group
#Remove these lines if you want to provide login to all users specified in the User Base DN
#example: $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=BaseOU, dc=example, dc=com';
  $Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'CN=XUSR_Access_TL_OTRSUsers,OU=Access Group,OU=Groups,DC=Tl,DC=com';
  $Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
  $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN'

The error I am getting is
First bind failed! 80090308: LdapErr: DSID-0C0903A8, comment: AcceptSecurityContext error, data 52e, v1db1
I am following the below link:
http://trinityhome.org/Home/index.php?c ... &locale=en

Requesting your help.
Top
root
Administrator
Posts: 4253
Joined: 18 Dec 2007, 12:23
Znuny Version: Znuny and Znuny LTS
Real Name: Roy Kaldung
Company: Znuny
Contact:
Contact root

Re: LDAP issue

Post by root »

You should google a little bit, there's a nice website from IBM out there clearing up this.

52e is the code for invalid credentials. Check your bind user.
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO

Use a test system - always.

Do you need professional services? Check out https://www.znuny.com/

Do you want to contribute or want to know where it goes ?
Top
Locked

Return to “Help”