[Solved] Help to configure Customer DB using LDAP

[ksbuchanan]

I am trying to install OTRS and connect to LDAP. I have Agents and Customer Authentication working, but I can't connect the customers to LDAP. I am using the SAME LDAP connection user/password, but the error seems to point to an connection error.

Here are the errors...

Customer gets this error:
Authentication succeeded, but no customer record is found in the customer backend. Please contact your administrator.

OTRS.log:
[Sat Dec 11 15:32:12 2010][Notice][Kernel::System::CustomerAuth::LDAP::Auth] CustomerUser: testkscott (CN=testkscott,OU=MIS_Employees,OU=MIS,DC=lmh,DC=cc) authentication ok (REMOTE_ADDR: 172.16.2.35).
[Sat Dec 11 15:32:12 2010][Error][Kernel::System::CustomerUser::LDAP::CustomerUserDataGet][590] 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece
[Sat Dec 11 15:32:12 2010][Error][Kernel::System::CustomerUser::SetPreferences][493] No such user 'testkscott'!
[Sat Dec 11 15:32:12 2010][Error][Kernel::System::CustomerUser::LDAP::CustomerUserDataGet][590] 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece
[Sat Dec 11 15:32:12 2010][Error][Kernel::System::CustomerUser::LDAP::CustomerUserDataGet][590] 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece

Code: Select all

# ---------------------------------------------------- #
# OTRS Active Directory Integration Customers#
# ---------------------------------------------------- #

#Enable LDAP authentication for Customers / Users
  $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
  $Self->{'Customer::AuthModule::LDAP::Host'} = 'xxxx';
  $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=xxx,dc=xxx';
  $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';

#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
  $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'CN=xxxx,OU=Administrative-Generic Accounts,OU=MIS,DC=lmh,DC=cc';
  $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'xxxxx';

# ----------------------------------------------------   #
# OTRS Active Directory Integration Backed DB Customers  #
# ----------------------------------------------------   #

 $Self->{CustomerUser} = {
      Name => 'LDAP Datasource',
      Module => 'Kernel::System::CustomerUser::LDAP',
      Params => {
         Host => 'xxx',
         BaseDN => 'OU=MIS_Employees,ou=MIS,dc=lmh,dc=cc',
         SSCOPE => 'sub',
         UserDN => 'CN=xxxxx,OU=Administrative-Generic Accounts,OU=MIS,DC=lmh,DC=cc',
         UserPW => 'xxxx',
         Params => {
            port => 389,
            timeout => 120,
            async => 0,
            version => 3,
         },
      },
      CustomerKey => 'sAMAccountName',
      CustomerID => 'mail',
      CustomerUserListFields => ['sn', 'cn', 'mail'],
      CustomerUserSearchFields => ['sAMAccountName', 'cn', 'sn', 'mail'],
      CustomerUserSearchPrefix => '',
       CustomerUserSearchSuffix => '*',
       CustomerUserSearchListLimit => 250,
       CustomerUserPostMasterSearchFields => ['mail'],
       CustomerUserNameFields => ['givenname', 'sn'],
       CustomerUserExcludePrimaryCustomerID => 0,
       AdminSetPreferences => 0,
       Map => [
           [ 'UserSalutation', 'Title',      'title',           1, 0, 'var', '', 0 ],
           [ 'UserFirstname',  'Firstname',  'cn',              1, 1, 'var', '', 0 ],
           [ 'UserLastname',   'Lastname',   'sn',              1, 1, 'var', '', 0 ],
           [ 'UserLogin',      'Username',   'sAMAccountName',  1, 1, 'var', '', 0 ],
           [ 'UserEmail',      'Email',      'mail',            1, 1, 'var', '', 0 ],
           [ 'UserCustomerID', 'CustomerID', 'mail',            0, 1, 'var', '', 0 ],
           [ 'UserPhone',      'Phone',      'telephonenumber', 1, 0, 'var', '', 0 ],
           [ 'UserAddress',    'Address',    'postaladdress',   1, 0, 'var', '', 0 ],
           [ 'UserComment',    'Comment',    'description',     1, 0, 'var', '', 0 ],
       ],
    };

[ksbuchanan]

After a LOT of trial and errors, I finally came up with a config that actually worked! (below)

Mind you - this config works for me, and I am using v3.0.3 on Windows 2003 server, and the customer can authenticate against LDAP, and the customer database is actually LDAP (Windows 2003 Domain controllers).

Good luck to everyone!

Code: Select all

# ---------------------------------------------------- #
# OTRS Active Directory Integration Customers#
# ---------------------------------------------------- #

#Enable LDAP authentication for Customers / Users
  $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
  $Self->{'Customer::AuthModule::LDAP::Host'} = 'xxxxx';
  $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=xxxxx,dc=xxxxx';
  $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';

#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
  $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'CN=xxxxx,OU=Administrative-Generic Accounts,OU=MIS,DC=lmh,DC=cc';
  $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'xxxxx';

# ----------------------------------------------------   #
# OTRS Active Directory Integration Backed DB Customers  #
# ----------------------------------------------------   #

    $Self->{CustomerUser} = {
        Name => 'LMH Users',
        Module => 'Kernel::System::CustomerUser::LDAP',
        Params => {
            Host => 'xxxxx',
            BaseDN => 'dc=xxxxx,dc=xxxxx',
            SSCOPE => 'sub',
            UserDN => 'CN=xxxxx,OU=Administrative-Generic Accounts,OU=MIS,DC=lmh,DC=cc',
            UserPw => 'xxxxx',
            AlwaysFilter => '',
            Params => {
                port => 389,
                timeout => 120,
                async => 0,
                version => 3,
            },
        },
        CustomerKey => 'sAMAccountName',
        CustomerID => 'mail',
        CustomerUserListFields => ['cn', 'mail'],
        CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
        CustomerUserSearchListLimit => 250,
        CustomerUserPostMasterSearchFields => ['mail'],
        CustomerUserNameFields => ['givenname', 'sn'],
        CustomerUserExcludePrimaryCustomerID => 0,
        AdminSetPreferences => 0,
        Map => [
           [ 'UserSalutation', 'Title',      'title',           1, 0, 'var', '', 0 ],
            [ 'UserFirstname',  'Firstname',  'givenname',       1, 1, 'var', '', 0 ],
            [ 'UserLastname',   'Lastname',   'sn',              1, 1, 'var', '', 0 ],
            [ 'UserLogin',      'Username',   'sAMAccountName',             1, 1, 'var', '', 0 ],
            [ 'UserEmail',      'Email',      'mail',            1, 1, 'var', '', 0 ],
            [ 'UserCustomerID', 'CustomerID', 'mail',            0, 1, 'var', '', 0 ],
            [ 'UserPhone',      'Phone',      'telephonenumber', 1, 0, 'var', '', 0 ],
            [ 'UserAddress',    'Address',    'postaladdress',   1, 0, 'var', '', 0 ],
            [ 'UserComment',    'Comment',    'description',     1, 0, 'var', '', 0 ],
        ],
    };

[admin4otrs]

hi
I am a newbie and have just started with OTRS installation. Can you pls let me know in which file/folder to copy this code and to execute? Mine implementation is OTRS 3.0 on Windows 2003 Server

Txs
Admin Guys

[earwax]

you edit the Kernel/Config.pm file