How to integrate OTRS and MS Active Directory

Moderator: crythias

Locked
nkrivtsov
Znuny newbie
Posts: 10
Joined: 06 Oct 2016, 12:37
Znuny Version: 5.0.13
Real Name: Nikolay Krivtsov
Company: Corporate Business Systems

How to integrate OTRS and MS Active Directory

Post by nkrivtsov »

Hi OTRS Community! I trying integrate OTRS and MS Active Directory, but it not working. I again and again get error in my apache log ->

=============================================================================================
Message: No UserID found for 'blabalabla@domain.com'!

RemoteAddress: 10.1.5.17
RequestURI: /otrs/index.pl

Traceback (3799):
Module: Kernel::System::User::UserLookup Line: 935
Module: Kernel::System::Auth::Auth Line: 251
Module: Kernel::System::Web::InterfaceAgent::Run Line: 228
Module: ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_index_2epl::handler Line: 40
Module: (eval) (v1.99) Line: 207
Module: ModPerl::RegistryCooker::run (v1.99) Line: 207
Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 173
Module: ModPerl::Registry::handler (v1.99) Line: 32
=============================================================================================

I have attached a file listing of config.pm.

Please help me understand, what i do wrong :(

#Agent section

Code: Select all

#	
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'DC_IP';
$Self->{'AuthModule::LDAP::BaseDN'} = 'my_domain';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
#	
$Self->{'AuthModule::LDAP::GroupDN'} = 'CN=OTRS_AGENTS_ACCESS_G,OU=Access Groups,OU=Groups,DC=Domain,DC=Com';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
#	
$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=Admin OTRS,OU=Agents,DC=Domain,DC=Com';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'My_Password';
#	
$Self->{'AuthModule::LDAP::AlwaysFilter'} = '';	
#	
$Self->{'AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
#Agent data sync against LDAP

Code: Select all

$Self->{'AuthModule::UseSyncBackend'} = 'AuthSyncBackend';	
#
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = 'ldap://DC_IP';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'my_domain';
$Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
#	
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'CN=Admin OTRS,OU=Agents,DC=Domain,DC=Com';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'My_Password'';
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
# DB -> LDAP
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
#
$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
'users',
];
_________________
OTRS 5.0.13 + ITSM + MariaDB
CentOS 7.6
Top
root
Administrator
Posts: 4253
Joined: 18 Dec 2007, 12:23
Znuny Version: Znuny and Znuny LTS
Real Name: Roy Kaldung
Company: Znuny
Contact:
Contact root

Re: How to integrate OTRS and MS Active Directory

Post by root »

There is no user in the database with the given login: "Message: No UserID found for 'blabalabla@domain.com'!"

Authentication and sync can't work with 'blabalabla@domain.com' because the UID is set to sAMAccountName. This value usually does not contain a domain part. Try userPrincipalname for the settings if this fits or use just the sAMAccountName for the login. Way better: configure Kerberos SSO for Domain Member
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO

Use a test system - always.

Do you need professional services? Check out https://www.znuny.com/

Do you want to contribute or want to know where it goes ?
Top
nkrivtsov
Znuny newbie
Posts: 10
Joined: 06 Oct 2016, 12:37
Znuny Version: 5.0.13
Real Name: Nikolay Krivtsov
Company: Corporate Business Systems

Re: How to integrate OTRS and MS Active Directory

Post by nkrivtsov »

Thanks! Working! :D
Top
Locked

Return to “Help”