Problem with ldap backend[solved]

[fisk5]

Im trying to authenticate the customers with the existing ldap structure (active directory)
Im getting this error

Message: 000004DC: LdapErr: DSID-0C0906DD, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1772

Traceback (28061):
Module: Kernel::System::CustomerUser::LDAP::CustomerUserDataGet (v1.61) Line: 604
Module: Kernel::System::CustomerUser::CustomerUserDataGet (v1.61) Line: 283
Module: Kernel::System::CustomerAuth::Auth (v1.34) Line: 166
Module: Kernel::System::Web::InterfaceCustomer::Run (v1.56) Line: 203
Module: ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_customer_2epl::handler (unknown version) Line: 45
Module: (eval) (v1.43) Line: 204
Module: ModPerl::RegistryCooker::run (v1.43) Line: 204
Module: ModPerl::RegistryCooker::default_handler (v1.43) Line: 170
Module: ModPerl::Registry::handler (v1.99) Line: 31

The config looks like this:

Code: Select all

# --
# Kernel/Config.pm - Config file for OTRS kernel
# Copyright (C) 2001-2010 xxx, http://otrs.org/
# --
# $Id: Config.pm.dist,v 1.23 2010/01/13 22:25:00 martin Exp $
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (AGPL). If you
# did not receive this file, see http://www.gnu.org/licenses/agpl.txt.
# --
#  Note:
#
#  -->> OTRS does have a lot of config settings. For more settings
#       (Notifications, Ticket::ViewAccelerator, Ticket::NumberGenerator,
#       LDAP, PostMaster, Session, Preferences, ...) see
#       Kernel/Config/Defaults.pm and copy your wanted lines into "this"
#       config file. This file will not be changed on update!
#
# --

package Kernel::Config;

sub Load {
    my $Self = shift;
    # ---------------------------------------------------- #
    # ---------------------------------------------------- #
    #                                                      #
    #         Start of your own config options!!!          #
    #                                                      #
    # ---------------------------------------------------- #
    # ---------------------------------------------------- #

    # ---------------------------------------------------- #
    # database settings                                    #
    # ---------------------------------------------------- #
    # DatabaseHost
    # (The database host.)
    $Self->{'DatabaseHost'} = 'localhost';
    # Database
    # (The database name.)
    $Self->{'Database'} = 'otrs';
    # DatabaseUser
    # (The database user.)
    $Self->{'DatabaseUser'} = 'otrs';
    # DatabasePw
    # (The password of database user. You also can use bin/otrs.CryptPassword.pl
    # for crypted passwords.)
    $Self->{'DatabasePw'} = 'hot';
    # DatabaseDSN
    # (The database DSN for MySQL ==> more: "man DBD::mysql")
    $Self->{DatabaseDSN} = "DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost};";

    # (The database DSN for PostgreSQL ==> more: "man DBD::Pg")
    # if you want to use a local socket connection
#    $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};";
    # if you want to use a tcpip connection
#    $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};host=$Self->{DatabaseHost};";

    $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
    $Self->{'Customer::AuthModule::LDAP::Host'} = '192.168.0.2';
    $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=Kunder,dc=test,dc=local';
    $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
    $Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'OU=Users,OU=Kunder,dc=test,dc=local';
   # $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID';
    $Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'memberUid';
    $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'CN=otrs,cn=Users,dc=test,dc=local';
    $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'Kebab';
    $Self->{'Customer::AuthModule::LDAP::Params'} = {
        port => 389,
        timeout => 120,
        async => 0,
        version => 3,
    };

 $Self->{CustomerUser} = {
      Name => 'LDAP Datasource',
      Module => 'Kernel::System::CustomerUser::LDAP',
      Params => {
         Host => '192.168.0.2',
         BaseDN => 'ou=users,ou=kunder,dc=test,dc=local',
         SSCOPE => 'sub',
         UserDN => 'cn=otrs,cn=Users,dc=test,dc=local',
         UserPW => 'Kebab',
         Params => {
            port => 389,
            timeout => 120,
            async => 0,
            version => 3,
         },
      },
      CustomerKey => 'uid',
      CustomerID => 'mail',
      CustomerUserListFields => ['sn', 'cn', 'mail'],
      CustomerUserSearchFields => ['uid', 'cn', 'sn', 'mail'],
CustomerUserSearchPrefix => '',
       CustomerUserSearchSuffix => '*',
       CustomerUserSearchListLimit => 250,
       CustomerUserPostMasterSearchFields => ['mail'],
       CustomerUserNameFields => ['givenname', 'sn'],
       CustomerUserExcludePrimaryCustomerID => 0,
       AdminSetPreferences => 0,
       Map => [
           [ 'UserSalutation', 'Title',      'title',           1, 0, 'var', '', 0 ],
           [ 'UserFirstname',  'Firstname',  'cn',              1, 1, 'var', '', 0 ],
           [ 'UserLastname',   'Lastname',   'sn',              1, 1, 'var', '', 0 ],
           [ 'UserLogin',      'Username',   'uid',             1, 1, 'var', '', 0 ],
           [ 'UserEmail',      'Email',      'mail',            1, 1, 'var', '', 0 ],
           [ 'UserCustomerID', 'CustomerID', 'mail',            0, 1, 'var', '', 0 ],
           [ 'UserPhone',      'Phone',      'telephonenumber', 1, 0, 'var', '', 0 ],
           [ 'UserAddress',    'Address',    'postaladdress',   1, 0, 'var', '', 0 ],
           [ 'UserComment',    'Comment',    'description',     1, 0, 'var', '', 0 ],
       ],
    };







    # ---------------------------------------------------- #
    # fs root directory
    # ---------------------------------------------------- #
    $Self->{Home} = '/opt/otrs';

    # ---------------------------------------------------- #
    # insert your own config settings "here"               #
    # config settings taken from Kernel/Config/Defaults.pm #
    # ---------------------------------------------------- #
    # $Self->{SessionUseCookie} = 0;
    # $Self->{CheckMXRecord} = 0;

    # ---------------------------------------------------- #

    # ---------------------------------------------------- #
    # data inserted by installer                           #
    # ---------------------------------------------------- #
    # $DIBI$
    $Self->{'DefaultCharset'} = 'utf-8';

    # ---------------------------------------------------- #
    # ---------------------------------------------------- #
    #                                                      #
    #           End of your own config options!!!          #
    #                                                      #
    # ---------------------------------------------------- #
    # ---------------------------------------------------- #
}

# ---------------------------------------------------- #
# needed system stuff (don't edit this)                #
# ---------------------------------------------------- #
use strict;
use warnings;

use vars qw(@ISA $VERSION);
$VERSION = qw($Revision: 1.23 $)[1];

use Kernel::Config::Defaults;
push (@ISA, 'Kernel::Config::Defaults');

# -----------------------------------------------------#




1;

[fisk5]

update: i got this error in the ldap log

Code: Select all

Log Name:      Directory Service
Source:        Microsoft-Windows-ActiveDirectory_DomainService
Date:          2/17/2011 10:50:04 AM
Event ID:      2889
Task Category: LDAP Interface
Level:         Information
Keywords:      Classic
User:          ANONYMOUS LOGON
Computer:     apa.test.local
Description:
The following client performed a SASL (Negotiate/Kerberos/NTLM/Digest) LDAP bind without requesting signing (integrity verification), or performed a simple bind over a cleartext (non-SSL/TLS-encrypted) LDAP connection. 
 
Client IP address:
192.168.1.2:44305 
Identity the client attempted to authenticate as:
test\otrs

[Giulio Soleni]

Hi,
I'm not sure if this may help, but I see from your cfg file that you have commented out the line:

Code: Select all

# $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID';

and you have a AccessAttr parameter set with 'memberUid' value...

In my configuration everything seems to work correctly with these settings:

Code: Select all

$Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN';

Also check if the password 'Kebab' is correct for the otrs user.

As a final suggestion... I think that your aim is to substitute the embedded DB with the ActiveDirectory as a source for Customer.
In this case, be aware that some feature (e.g. the self password change for customers) won't work.

If you would like to have both backend (ActiveDirectory and MySQL db) active for customer backend, you should add a digit at the end of each configuration key... to distinguish them from the default ones, predefined for the database.
In other words you should use, for example:

Code: Select all

    $Self->{'Customer::AuthModule1'} = 'Kernel::System::CustomerAuth::LDAP';
    $Self->{'Customer::AuthModule::LDAP::Host1'} = '192.168.0.2';
    $Self->{'Customer::AuthModule::LDAP::BaseDN1'} = 'ou=Kunder,dc=test,dc=local';

and so on...

HTH
Giulio

[fisk5]

Now i work (sort of) but i get this error insted

"Authentication succeeded, but no customer record is found in the customer backend. Please contact your administrator."

[Giulio Soleni]

In the customer backend "Params" definition, after UserPW => 'Kebab', line just try to add the following:

Code: Select all

AlwaysFilter => '(memberOf=OU=Users,OU=Kunder,dc=test,dc=local)',

HTH
Giulio

[fisk5]

I followed this guide, and now it works.
http://trinityhome.org/Home/index.php?w ... ront_id=18