Probleme LDAP Anbindung: Keine Daten

Hilfe zu Znuny Problemen aller Art
Post Reply
drago
Znuny newbie
Posts: 1
Joined: 03 Sep 2024, 15:16
Znuny Version: 7.1
Real Name: eugen gottfried

Probleme LDAP Anbindung: Keine Daten

Post by drago »

Hallo Community,

ich habe auf einem Debian 12 die aktuellste Version von znuny 7.1 installiert und wollte jetzt als Kundenbenutzer die Daten unserer Active Directory übernehmen. Ich habe dazu die Datei "/opt/znuny/Kernel/Config/Config.pm" mit folgendem Inhalt angelegt:

Code: Select all

$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = '192.168.199.111';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=User,dc=meinefirma,dc=local';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'znunyuser';

# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
 $Self->{'Customer::AuthModule::LDAP::Params'} = {
        port    => 389,
        timeout => 120,
        async   => 0,
        version => 3,
  };


CustomerUser
(customer user ldap backend and settings)
   $Self->{CustomerUser} = {
       Name => 'LDAP Backend',
       Module => 'Kernel::System::CustomerUser::LDAP',
       Params => {
           Host => '192.168.199.111',
           BaseDN => 'ou=User,dc=meinefirma,dc=local',
           SSCOPE => 'sub',
           UserDN => 'znunyuser',
           UserPw => 'znunyuser',
           # in case you want to add always one filter to each ldap query, use
           # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
           AlwaysFilter => '',
           # if the charset of your ldap server is iso-8859-1, use this:
           # SourceCharset => 'iso-8859-1',
           # die if backend can't work, e. g. can't connect to server
           Die => 0,
           # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
           Params => {
               port    => 389,
               timeout => 120,
               async   => 0,
               version => 3,
           },
       },
       # customer unique id
       CustomerKey => 'uid',
       # customer #
       CustomerID => 'mail',
       CustomerUserListFields => ['cn', 'mail'],
       CustomerUserSearchFields => ['uid', 'cn', 'mail'],
       CustomerUserSearchPrefix => '',
       CustomerUserSearchSuffix => '*',
       CustomerUserSearchListLimit => 250,
       CustomerUserPostMasterSearchFields => ['mail'],
       CustomerUserNameFields => ['givenname', 'sn'],
       # Configures the character for joining customer user name parts. Join single space if it is not defined.
       CustomerUserNameFieldsJoin => '',
       # show customer user and customer tickets in customer interface
       CustomerUserExcludePrimaryCustomerID => 0,
       # add a ldap filter for valid users (expert setting)
       # CustomerUserValidFilter => '(!(description=gesperrt))',
       # admin can't change customer preferences
       AdminSetPreferences => 0,
       # cache time to live in sec. - cache any ldap queries
       CacheTTL => 0,
       Map => [
           # note: Login, Email and CustomerID needed!
           # var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly, http-link-target, link class(es)
           [ 'UserTitle',       Translatable('Title or salutation'), 'title',               1, 0, 'var', '', 1, undef, undef ],
           [ 'UserFirstname',   Translatable('Firstname'),           'givenname',           1, 1, 'var', '', 1, undef, undef ],
           [ 'UserLastname',    Translatable('Lastname'),            'sn',                  1, 1, 'var', '', 1, undef, undef ],
           [ 'UserLogin',       Translatable('Username'),            'uid',                 1, 1, 'var', '', 1, undef, undef ],
           [ 'UserEmail',       Translatable('Email'),               'mail',                1, 1, 'var', '', 1, undef, undef ],
           [ 'UserCustomerID',  Translatable('CustomerID'),          'mail',                0, 1, 'var', '', 1, undef, undef ],
           # [ 'UserCustomerIDs', Translatable('CustomerIDs'),         'second_customer_ids', 1, 0, 'var', '', 1, undef, undef ],
           [ 'UserPhone',       Translatable('Phone'),               'telephonenumber',     1, 0, 'var', '', 1, undef, undef ],
           [ 'UserAddress',     Translatable('Address'),             'postaladdress',       1, 0, 'var', '', 1, undef, undef ],
           [ 'UserComment',     Translatable('Comment'),             'description',         1, 0, 'var', '', 1, undef, undef ],

           # this is needed, if "SMIME::FetchFromCustomer" is active
           # [ 'UserSMIMECertificate', 'SMIMECertificate', 'userSMIMECertificate', 0, 1, 'var', '', 1, undef, undef ],

           # Dynamic field example
           # [ 'DynamicField_Name_X', undef, 'Name_X', 0, 0, 'dynamic_field', undef, 0, undef, undef ],
       ],
   };
Die LDAP-Verbindung habe ich im Vorfeld mit folgendem Befehl erfolgreich getestet:
ldapsearch -x -D "cn=znunyuser,ou=User,dc=meinefirma,dc=local" -W -H ldap://192.168.199.111 -b "ou=User,dc=meinefirma,dc=local"

Ich erhalte jedoch in der Kundenbenutzer-Verwaltung noch keine Benutzer, aber kann hier leider auch gar nicht erst auf LDAP umstellen (links der Filter), dort ist nur "Datenbank-Backend" hinterlegt. Auch sind im Adminbereich unter Systemkonfiguration "Customer::AuthModule" noch auf DB, muss ich auch hier die Werte noch händisch anpassen?

Danke vorab für Anregungen.
root
Administrator
Posts: 4106
Joined: 18 Dec 2007, 12:23
Znuny Version: Znuny and Znuny LTS
Real Name: Roy Kaldung
Company: Znuny
Contact:

Re: Probleme LDAP Anbindung: Keine Daten

Post by root »

HI,

Code: Select all

$Self->{'Customer::AuthModule::LDAP::UID'} = 'znunyuser
';

statt znunyuser sollte da mal der Name des Attributes rein in dem der Loginname steht. Beim AD wären das sAMAccountName, UPN, mail, oder was auch immer.

- Roy

P.S.: Keine Fehlermeldung in den Logdateien?
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO

Use a test system - always.

Do you need professional services? Check out https://www.znuny.com/

Do you want to contribute or want to know where it goes ?
Post Reply