LDAP User Anbindung

Hilfe zu Znuny Problemen aller Art
Forum rules
Locked
bLazE
Znuny newbie
Posts: 2
Joined: 13 Jul 2010, 11:25
Znuny Version: 2.4.7, Win 2008 R2

LDAP User Anbindung

Post by bLazE »

Hallo zusammen,
wir richten bei uns im Moment ein Ticketsystem ein und wollen die User aus dem AD einbinden.
Das AD konnten wir zwar in OTRS anzeigen lassen, aber als User kann man sich nicht anmelden.

Diese Fehlermeldung erscheint dann im Log:
[Notice][Kernel::System::CustomerAuth::LDAP::Auth] CustomerUser: username@firma.local authentication failed, no LDAP entry found!BaseDN='DC=firma,DC=local', Filter='(sAMAccountName=username@firma.local)', (REMOTE_ADDR: 127.0.0.1).

Das ist der Code mit dem wir bis dahin gekommen sind.

Code: Select all

sub Load {
    my $Self = shift;
    # ---------------------------------------------------- #
    # ---------------------------------------------------- #
    #                                                      #
    #         Start of your own config options!!!          #
    #                                                      #
    # ---------------------------------------------------- #
    # ---------------------------------------------------- #

    # ---------------------------------------------------- #
    # database settings                                    #
    # ---------------------------------------------------- #
    # DatabaseHost
    # (The database host.)
    $Self->{'DatabaseHost'} = 'localhost';
    # Database
    # (The database name.)
    $Self->{'Database'} = 'otrs';
    # DatabaseUser
    # (The database user.)
    $Self->{'DatabaseUser'} = 'otrs';
    # DatabasePw
    # (The password of database user. You also can use bin/CryptPassword.pl
    # for crypted passwords.)
    $Self->{'DatabasePw'} = 'passwort';
    # DatabaseDSN
    # (The database DSN for MySQL ==> more: "man DBD::mysql")
    $Self->{DatabaseDSN} = "DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost};";

    # (The database DSN for PostgreSQL ==> more: "man DBD::Pg")
    # if you want to use a local socket connection
#    $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};";
    # if you want to use a tcpip connection
#    $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};host=$Self->{DatabaseHost};";

    # ---------------------------------------------------- #
    # fs root directory
    # ---------------------------------------------------- #
    $Self->{Home} = 'C:/PROGRA~2/OTRS/OTRS';

    # ---------------------------------------------------- #
    # insert your own config settings "here"               #
    # config settings taken from Kernel/Config/Defaults.pm #
    # ---------------------------------------------------- #
    # $Self->{SessionUseCookie} = 0;
    # $Self->{'CheckMXRecord'} = 1;

    # ---------------------------------------------------- #

    # ---------------------------------------------------- #
    # data inserted by installer                           #
    # ---------------------------------------------------- #

    $Self->{'LogModule'}          = 'Kernel::System::Log::File';
    $Self->{'LogModule::LogFile'} = 'C:/PROGRA~2/OTRS/OTRS/var/log/otrs.log';
    $Self->{SpellChecker}       = '0';
    # $DIBI$
    $Self->{'SystemID'} = 10;
    $Self->{'SecureMode'} = 1;
    $Self->{'Organization'} = ' ';
    $Self->{'LogModule'} = 'Kernel::System::Log::File';
    $Self->{'FQDN'} = 'firma.local';
    $Self->{'DefaultLanguage'} = 'en_GB';
    $Self->{'AdminEmail'} = 'E-Mail';
    $Self->{'DefaultCharset'} = 'utf-8';
    $Self->{'ProductName'} = 'Ticketsystem';

    $Self->{'AttachmentDownloadType'} = 'inline';




 # Start of Example Config
  $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
  $Self->{'AuthModule::LDAP::Host'} = 'IP';
  $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=firma,dc=local';
  $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
  $Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=OTRS_admin,OU=ORTS,OU=RESSOURCES,OU=ORG,DC=firma,DC=local';
  $Self->{'AuthModule::LDAP::SearchUserPw'} = 'passwort';


  # This is an example configuration for an LDAP auth. backend.
  # (take care that Net::LDAP is installed!)
  $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
  $Self->{'Customer::AuthModule::LDAP::Host'} = 'IP';
  $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=firma,dc=local';
  $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';

 # CustomerUser
  # (customer user database backend and settings)
    $Self->{CustomerUser} = {
        Name => 'Active Directory',
        Module => 'Kernel::System::CustomerUser::DB',
        Params => { Table => 'customer_user',
            # to use an external database
#           DSN => 'DBI:odbc:yourdsn',
#           DSN => 'DBI:mysql:database=customerdb;host=customerdbhost',
#           User => '', Password => '',
        },
        # customer uniq id
        CustomerKey => 'login',
        CustomerID => 'customer_id',
        CustomerValid => 'valid_id',
        CustomerUserListFields => ['first_name', 'last_name', 'email'],
#       CustomerUserListFields => ['login', 'first_name', 'last_name', 'customer_id', 'email'],
        CustomerUserSearchFields => ['login', 'last_name', 'customer_id'],
        CustomerUserSearchPrefix => '',
        CustomerUserSearchSuffix => '*',
        CustomerUserSearchListLimit => 500,
        CustomerUserPostMasterSearchFields => ['email'],
        CustomerUserNameFields => ['salutation', 'first_name', 'last_name'],
#       ReadOnly => 1,
        Map => [
            # note: Login, Email and CustomerID needed!
            # var, frontend, storage, shown, required, storage-type, http-link
            [ 'UserSalutation', 'Salutation', 'salutation', 1, 0, 'var' ],
            [ 'UserFirstname', 'Firstname', 'first_name', 1, 1, 'var' ],
            [ 'UserLastname', 'Lastname', 'last_name', 1, 1, 'var' ],
            [ 'UserLogin', 'Login', 'login', 1, 1, 'var' ],
            [ 'UserPassword', 'Password', 'pw', 0, 1, 'var' ],
            [ 'UserEmail', 'Email', 'email', 0, 1, 'var' ],
            [ 'UserCustomerID', 'CustomerID', 'customer_id', 0, 1, 'var' ],
            [ 'UserComment', 'Comment', 'comments', 1, 0, 'var' ],
            [ 'ValidID', 'Valid', 'valid_id', 0, 1, 'int' ],
        ],
    };


      $Self->{CustomerUser1} = {
      Module => 'Kernel::System::CustomerUser::LDAP',
      Params => {
      # ldap host
      Host => 'IP',
      # ldap base dn
      BaseDN => 'dc=firma,dc=local',
      # search scope (one|sub)
      SSCOPE => 'sub',
      # The following is valid but would only be necessary if the
      # anonymous user does NOT have permission to read from the LDAP tree
      UserDN => 'CN=OTRS_admin,OU=ORTS,OU=RESSOURCES,OU=ORG,DC=plaston,DC=local',
      UserPw => 'passwort',
      AlwaysFilter => '',
      SourceCharset => 'utf-8',
      DestCharset => 'iso-8859-1',
    },
    # customer uniq id
    CustomerKey => 'sAMAccountName',
    # customer #
    CustomerID => 'mail',
    CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserSearchPrefix => '',
    CustomerUserSearchSuffix => '*',
    CustomerUserSearchListLimit => 500,
    CustomerUserPostMasterSearchFields => ['mail'],
    CustomerUserNameFields => ['givenname', 'sn'],
    Map => [
      # note: Login, Email and CustomerID needed!
      # var, frontend, storage, shown, required, storage-type
      #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
      [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
      [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
      [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
      [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
      [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
      [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
      #[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
      #[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
           [ 'ValidID', 'Valid', 'valid_id', 0, 1, 'int' ],
    ],
  };
Könnt ihr mir vielleicht sagen, was hier falsch ist oder was fehlt?

Gruss bLazE
OTRS 2.4.7, VM Windows 2008 R2
Top
Faenerk
Znuny newbie
Posts: 42
Joined: 09 Jun 2010, 10:48
Znuny Version: 2.4.7

Re: LDAP User Anbindung

Post by Faenerk »

das gleiche Problem habe ich bei mir, mit der gleichen Fehlermeldung.
siehe Threat "Kunden aus Actvie Directory"

ist aber auch noch nicht gelöst.
egtl sagt die fehlermeldung ja aus, dass das LDAP Verzeichnis falsch angegeben ist, aber ích habe mir sogar extra noch Softerra LDAP Administrator installiert, um die Pfade korrekt zu haben.

hoffe wir finde da bald die lösung, will das endlich fertig haben und das Backend dann noch konfigurieren...
OTRS 2.4.7, Windows Server 2003 R2 SP2(VM)
Top
bLazE
Znuny newbie
Posts: 2
Joined: 13 Jul 2010, 11:25
Znuny Version: 2.4.7, Win 2008 R2

Re: LDAP User Anbindung

Post by bLazE »

Hallo Zusammen,

ich bin nun ein bischen Weiter... nun bekomme ich aber wenn sich ein User anmeldet folgende Meldung:
Benutzer und/oder Passwort ist falsch.

Im Log steht folgendes.

[Fri Jul 23 13:32:54 2010][Error][Kernel::System::CustomerAuth::LDAP::Auth][193] First bind failed! 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece

Gruss bLazE
OTRS 2.4.7, VM Windows 2008 R2
Top
Locked

Return to “Hilfe”