ich möchte das alle Mitarbeiter meiner Firma Tickets erstellen können.
Wir haben hier eine Windows Domäne und alle Mitarbeiter sind im AD vorhanden.
Die Agenten können im Otrs System anmelden.
Wenn die Kunden sich anmelden über die otrs\customer.pl webseite erhalten sie folgende Meldung: Panic! No UserData!!!
Obwohl die Anmeldung erfolgreich ist.
((Jul 20 16:18:20 mars OTRS-CGI-10[21402]: [Notice][Kernel::System::CustomerAuth::LDAP::Auth] CustomerUser: otrstest (CN=Ticketsystem\, otrstest,OU=Benutzer,OU=xxxxx intern,DC=xxxxx,DC=xx) authentication ok (REMOTE_ADDR: 127.0.0.1).
Ich habe alle Domänenbenutzer in einer Gruppe zusammengefasst. Meine Config.pm sieht so aus:
package Kernel::Config;
sub Load {
my $Self = shift;
# DatabaseHost
# (The database host.)
$Self->{'DatabaseHost'} = 'localhost';
# Database
# (The database name.)
$Self->{'Database'} = 'otrs';
# DatabaseUser
# (The database user.)
$Self->{'DatabaseUser'} = 'otrs';
# DatabasePw
# (The password of database user. You also can use bin/CryptPassword.pl
# for crypted passwords.)
$Self->{'DatabasePw'} = 'xxxxxxxx';
# DatabaseDSN
# (The database DSN for MySQL ==> more: "man DBD::mysql")
$Self->{DatabaseDSN} = "DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost};";
# (The database DSN for PostgreSQL ==> more: "man DBD::Pg")
# if you want to use a local socket connection
# $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};";
# if you want to use a tcpip connection
# $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};host=$Self->{DatabaseHost};";
# ---------------------------------------------------- #
# fs root directory
# ---------------------------------------------------- #
$Self->{Home} = '/opt/otrs';
# ---------------------------------------------------- #
# insert your own config settings "here" #
# config settings taken from Kernel/Config/Defaults.pm #
# ---------------------------------------------------- #
# $Self->{SessionUseCookie} = 0;
# $Self->{'CheckMXRecord'} = 1;
######## Meine Erweiterungen ###########################################
$Self->{'DefaultCharset'} = 'utf-8';
# --------------------------------------------------- #
# authentication settings #
# (enable what you need, auth against otrs db, #
# against LDAP directory, agains HTTP basic auth #
# or against Radius server) #
# --------------------------------------------------- #
# This is the auth. module againt the otrs db
$Self->{'AuthModule'} = 'Kernel::System::Auth::DB';
# password crypt type (md5|crypt|plain)
# $Self->{'AuthModule::DB::CryptType'} = 'md5';
# This is an example configuration for an LDAP auth. backend.
# (take care that Net::LDAP is installed!)
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'xxxxx.xxxxxx.xx';
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=xxxxx,dc=xx';
$Self->{'AuthModule::LDAP::UID'} = 'uid';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group xyz to use otrs)
$Self->{'AuthModule::LDAP::GroupDN'} = 'cn=otrsagenten,ou=otrs,dc=xxxxx,dc=xx';
#### Wichtig, es mus 'member' und nicht 'memberUid' ############
$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
# $Self->{'AuthModule::LDAP::AccessAttr'} = 'memberUid';
# for ldap posixGroups objectclass (just uid)
# $Self->{'AuthModule::LDAP::UserAttr'} = 'UID';
# for non ldap posixGroups objectclass (with full user dn)
$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
# Password zum Anmelden am AD
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'cn=otrsadm,ou=otrs,dc=xxxxxx,dc=xx';
# Die nachfolgende Zeile ist besonders,
# da es eigentlich wie die obere Zeile sein sollte, das klappt aber nicht.
# Daher steht es so da drin
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'xxxx\otrsxxx';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'xxxxxx';
# --------------------------------------------------- #
# authentication sync settings #
# (enable agent data sync. after succsessful #
# authentication) #
# --------------------------------------------------- #
# This is an example configuration for an LDAP auth sync. backend.
# (take care that Net::LDAP is installed!)
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = 'xxxxxx.xxxxxx.xx';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=xxxxx,dc=xx';
# $Self->{'AuthSyncModule::LDAP::UID'} = 'uid';
$Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
# The following is valid but would only be necessary if the
# anonymous user do NOT have permission to read from the LDAP tree
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'xxxx\xxxxxx';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'xxxxx';
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
# $Self->{'AuthSyncModule::LDAP::AlwaysFilter'} = '';
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
# ! $Self->{'AuthModule::LDAP::Params'} = {
# ! port => 389,
# ! timeout => 120,
# ! async => 0,
# ! version => 3,
# ! };
# AuthSyncModule::LDAP::UserSyncMap
# (map if agent should create/synced from LDAP to DB after successful login)
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
# DB -> LDAP
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
# $Self->{UserSyncLDAPGroups} = [
# 'users',
# ];
# UserTable
$Self->{DatabaseUserTable} = 'users';
$Self->{DatabaseUserTableUserID} = 'id';
$Self->{DatabaseUserTableUserPW} = 'pw';
$Self->{DatabaseUserTableUser} = 'login';
######################### Kunden #####################
# CustomerUser
# (customer user ldap backend and settings)
$Self->{CustomerUser} = {
Name => 'LDAP Datenquelle <xxxxxxxx>',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
# ldap host
Host => 'xxxxx.xxxxxx.xx',
# ldap base dn
BaseDN => 'dc=xxxxx,dc=xx',
# search scope (one|sub)
SSCOPE => 'sub',
# # The following is valid but would only be necessary if the
# # anonymous user does NOT have permission to read from the LDAP tree
# UserDN => 'xxxxxx\xxxxxx',
UserDN => 'cn=otrsadm,ou=otrs,dc=xxxxx,dc=xxxx',
UserPw => 'xxxxx',
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
AlwaysFilter => '(&(objectclass=user)(mail=*))',
# if your frontend is e. g. iso-8859-1 and the charset of your
# ldap server is utf-8, use this options (if not, ignore it)
SourceCharset => 'utf-8',
DestCharset => 'utf-8',
# DestCharset => 'iso-8859-1',
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
Params => {
port => 389,
timeout => 120,
async => 0,
version => 3,
},
},
# customer uniq id
CustomerKey => 'sAMAccountName',
# customer #
CustomerID => 'mail',
CustomerUserListFields => ['cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
# CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
# show not own tickets in customer panel, CompanyTickets
CustomerUserExcludePrimaryCustomerID => 0,
# add a ldap filter for valid users (expert setting)
# CustomerUserValidFilter => '(!(description=gesperrt))',
# admin can't change customer preferences
AdminSetPreferences => 0,
# # cache time to life in sec. - cache any database queris
# CacheTTL => 0,
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly
[ 'UserSalutation', 'Title', 'title', 1, 0, 'var', '', 0 ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var', '', 0 ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var', '', 0 ],
[ 'UserLogin', 'Username', 'uid', 1, 1, 'var', '', 0 ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var', '', 0 ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var', '', 0 ],
# [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1, 0, 'var', '', 0 ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var', '', 0 ],
[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var', '', 0 ],
[ 'UserComment', 'Comment', 'description', 1, 0, 'var', '', 0 ],
],
};
# This is an example configuration for an LDAP auth. backend.
# (take care that Net::LDAP is installed!)
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'xxxx.xxxxxx.xx';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=xxx,dc=xx';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
# The following is valid but would only be necessary if the
# anonymous user do NOT have permission to read from the LDAP tree
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'xxxf\xx';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'xxxxx';
# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group xyz to use otrs)
$Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'cn=otrskunden,ou=otrs,dc=xxxx,dc=xx';
$Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
# for ldap posixGroups objectclass (just uid)
# $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID';
# for non ldap posixGroups objectclass (full user dn)
$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN';
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
$Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '';
# in case you want to add a suffix to each customer login name, then
# you can use this option. e. g. user just want to use user but
# in your ldap directory exists user@domain.
# $Self->{'Customer::AuthModule::LDAP::UserSuffix'} = '@domain.com';
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'Customer::AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
########################### meine ende #####################################
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# data inserted by installer #
# ---------------------------------------------------- #
# $DIBI$
$Self->{'SystemID'} = 10;
$Self->{'SecureMode'} = 1;
$Self->{'Organization'} = 'xxxxx';
$Self->{'LogModule::LogFile'} = '/tmp/otrs.log';
$Self->{'LogModule'} = 'Kernel::System::Log::SysLog';
$Self->{'FQDN'} = 'mars.xxxxx.xx';
$Self->{'DefaultLanguage'} = 'de';
$Self->{'AdminEmail'} = 'root@localhost';
$Self->{'DefaultCharset'} = 'utf-8';
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# #
# End of your own config options!!! #
# #
# ---------------------------------------------------- #
# ---------------------------------------------------- #
}
Ich habe schon auch schon gelesen, das man eine Benutzerdatenbank in Ldap (Domänencontroller) einstellen muß, ich verstehe es aber nicht.
Die User sind ja schon da. Wer hat da eine Idee ?
Mit freundlichen Grüssen Roland
