Bind must be completed on the connection

Moderator: crythias

Post Reply
pbkessler
Znuny newbie
Posts: 2
Joined: 07 Jun 2016, 08:20
Znuny Version: 5 Update 10

Bind must be completed on the connection

Post by pbkessler »

Hello everyone,

after migrating OTRS 5 Update 10 to another Server and joint to our Active Directory
Server we have got after successfully login with valid AD Credentials the message:

Search failed! (DC=eew,DC=de) filter='(sAMAccountName=pb)' 000004DC: LdapErr:
DSID-0C090748, comment: In order to perform this operation a successful bind must be
completed on the connection., data 0, v2580

Unfortunately we have got the exact same configuration using a different stack in use.
Maybe someone got a solution to this issue yet. Help would be recommended.

cat /opt/otrs/Kernel/Config.pm
...

Code: Select all

   # ---------------------------------------------------- #
    # auth agents via AD                                   #
    # ---------------------------------------------------- #
    $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
    $Self->{'AuthModule::LDAP::Host'} = 'coresrv1.eew.de';
    $Self->{'AuthModule::LDAP::BaseDN'} = 'DC=eew,DC=de';
    $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';

    $Self->{'AuthModule::LDAP::SearchUserDN'} = 'ldapbind@eew.de';
    $Self->{'AuthModule::LDAP::SearchUserPw'} = 'secret';

    # Check if the user is allowed to auth in a posixGroup
    # (e. g. user needs to be in a group xyz to use otrs)
    #$Self->{'AuthModule::LDAP::GroupDN'} = 'CN=tcktadm,CN=groups,DC=eew,DC=de';
    #$Self->{'AuthModule::LDAP::AccessAttr'} = 'memberUid';

    # ---------------------------------------------------- #
    # sync agents data from AD                             #
    # ---------------------------------------------------- #
    $Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
    $Self->{'AuthSyncModule::LDAP::Host'} = 'coresrv1.eew.de';
    $Self->{'AuthSyncModule::LDAP::BaseDN'} = 'DC=eew,DC=de';
    $Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';

    $Self->{'AuthModule::LDAP::SearchUserDN'} = 'ldapbind@eew.de';
    $Self->{'AuthModule::LDAP::SearchUserPw'} = 'secret';

    $Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
        UserFirstname => 'givenName',
        UserLastname  => 'sn',
        UserEmail     => 'mail',
    };

    # Attributes needed for group syncs
    # (attribute name for group value key)
    $Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'member';
    $Self->{'AuthSyncModule::LDAP::UserAttr'} = 'DN';

    $Self->{'AuthSyncModule::LDAP::UserSyncGroupsDefinition'} = {
        # ldap group
        'CN=tcktadm,OU=Groups,DC=eew,DC=de' => {
            # otrs group
            'admin' => {
                rw => 1,
            },
            'stats' => {
                rw => 1,
            },
        },
    'CN=helpdeskeew,OU=Groups,DC=eew,DC=de' => {
    'helpdeskeew' => {
        rw => 1,
        },
    },
    'CN=helpdeskbgk,OU=Groups,DC=eew,DC=de' => {
        'helpdeskmcd' => {
                rw => 1,
                },
        },
    };
}
....


Regards
Last edited by crythias on 07 Jun 2016, 16:54, edited 1 time in total.
Reason: added [code] markup
crythias
Moderator
Posts: 10169
Joined: 04 May 2010, 18:38
Znuny Version: 5.0.x
Location: SouthWest Florida, USA
Contact:

Re: Bind must be completed on the connection

Post by crythias »

This is old but probably relevant: viewtopic.php?t=16543

You probably don't need to reuse

Code: Select all

    $Self->{'AuthModule::LDAP::SearchUserDN'} = 'ldapbind@eew.de';
    $Self->{'AuthModule::LDAP::SearchUserPw'} = 'secret';
OTRS 6.0.x (private/testing/public) on Linux with MySQL database.
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
pbkessler
Znuny newbie
Posts: 2
Joined: 07 Jun 2016, 08:20
Znuny Version: 5 Update 10

Re: Bind must be completed on the connection

Post by pbkessler »

Hi crythias,
thank you for your recommendation. It seems you are right and I am able to remove the reuse of SearchUserDN/SearchUserPw. Unfortunately the message still appears in the system protocol. But I must confess that the login seems to work without any problems.
cgl
Znuny newbie
Posts: 10
Joined: 15 Oct 2013, 23:37
Znuny Version: 4.0.23
Real Name: Charles Lambrecht
Company: University of Tennessee College of Vet Med

Re: Bind must be completed on the connection

Post by cgl »

Hello,
I see this message in my logs as well. I can login and everything works, but I'm not sure where the fail message comes from.
Does anyone who uses AD authentication know how to resolve the error message?
Regards,
Charles
----------
Charles Lambrecht
IT Manager
UT CVM
OTRS 3.2.17
Perl 5.10
MySQL 5.1.73
Post Reply