Can't get my LDAP to work the way I want!

Moderator: crythias

Locked
iweissenberger
Znuny newbie
Posts: 4
Joined: 12 Apr 2011, 23:07
Znuny Version: 2.2.4

Can't get my LDAP to work the way I want!

Post by iweissenberger »

Hello all,

I am in the process of doing a fresh install of OTRS 3.0.7 on CentOS 5. I have gotten LDAP *partially* working, but not to my satisfaction. What I would like to be able to happen is for the agents to automatically be added to the OTRS database when they sign in. From my understanding of it, this should be possible by using the Kernel::System::Auth::Sync::LDAP module. However, I have tried following others posts using their configs to get this to work but to no avail. My customer login seems to work fine.

When I attempt to sign in with a test user that is part of the OTRS agents group in AD, I get the error: "Panic, user authenticated but no user data can be found in OTRS DB!! Perhaps the user is invalid."

As far as I can tell, that would mean that the link to AD with LDAP is working fine, it just can't perform the "sync".


This is my current Config.pm file below:

Code: Select all

# --
# Kernel/Config.pm - Config file for OTRS kernel
# Copyright (C) 2001-2010 xxx, http://otrs.org/
# --
# $Id: Config.pm.dist,v 1.23 2010/01/13 22:25:00 martin Exp $
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (AGPL). If you
# did not receive this file, see http://www.gnu.org/licenses/agpl.txt.
# --
#  Note:
#
#  -->> OTRS does have a lot of config settings. For more settings
#       (Notifications, Ticket::ViewAccelerator, Ticket::NumberGenerator,
#       LDAP, PostMaster, Session, Preferences, ...) see
#       Kernel/Config/Defaults.pm and copy your wanted lines into "this"
#       config file. This file will not be changed on update!
#
# --

package Kernel::Config;

sub Load {
    my $Self = shift;
    # ---------------------------------------------------- #
    # ---------------------------------------------------- #
    #                                                      #
    #         Start of your own config options!!!          #
    #                                                      #
    # ---------------------------------------------------- #
    # ---------------------------------------------------- #

    # ---------------------------------------------------- #
    # database settings                                    #
    # ---------------------------------------------------- #
    # DatabaseHost
    # (The database host.)
    $Self->{'DatabaseHost'} = 'localhost';
    # Database
    # (The database name.)
    $Self->{'Database'} = 'XXXX';
    # DatabaseUser
    # (The database user.)
    $Self->{'DatabaseUser'} = 'XXXX';
    # DatabasePw
    # (The password of database user. You also can use bin/otrs.CryptPassword.pl
    # for crypted passwords.)
    $Self->{'DatabasePw'} = 'XXXX';
    # DatabaseDSN
    # (The database DSN for MySQL ==> more: "man DBD::mysql")
    $Self->{DatabaseDSN} = "DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost};";

    # (The database DSN for PostgreSQL ==> more: "man DBD::Pg")
    # if you want to use a local socket connection
#    $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};";
    # if you want to use a tcpip connection
#    $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};host=$Self->{DatabaseHost};";

    # ---------------------------------------------------- #
    # fs root directory
    # ---------------------------------------------------- #
    $Self->{Home} = '/opt/otrs';

    # ---------------------------------------------------- #
    # insert your own config settings "here"               #
    # config settings taken from Kernel/Config/Defaults.pm #
    # ---------------------------------------------------- #
    # $Self->{SessionUseCookie} = 0;
    # $Self->{CheckMXRecord} = 0;

    # ---------------------------------------------------- #
# LDAP auth. backend********************************** #
    # (take care that Net::LDAP is installed!)
    $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
    $Self->{'AuthModule::LDAP::Host'} = 'XXXXXXX';
    $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=XXXXXXX,dc=XXXXX';
    $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';

    # Check if the user is allowed to auth in a posixGroup
    # (e. g. user needs to be in a group xyz to use otrs)
    $Self->{'AuthModule::LDAP::GroupDN'} = 'cn=OTRS-USERS,ou=Security Groups,ou=Groups,dc=XXXXXX,dc=XXXXXXX';
    $Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
    # for ldap posixGroups objectclass (just uid)
#    $Self->{'AuthModule::LDAP::UserAttr'} = 'UID';
    # for non ldap posixGroups objectclass (with full user dn)
#    $Self->{'AuthModule::LDAP::UserAttr'} = 'DN';

    # The following is valid but would only be necessary if the
    # anonymous user do NOT have permission to read from the LDAP tree
    $Self->{'AuthModule::LDAP::SearchUserDN'} = 'cn=OTRS,ou=XXXXX,ou=XXXXX, dc=XXXXXX,dc=XXXXXXX';
    $Self->{'AuthModule::LDAP::SearchUserPw'} = 'XXXXXX';

    # in case you want to add always one filter to each ldap query, use
    # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
#   $Self->{'AuthModule::LDAP::AlwaysFilter'} = '';

    # in case you want to add a suffix to each login name, then
    # you can use this option. e. g. user just want to use user but
    # in your ldap directory exists user@domain.
#    $Self->{'AuthModule::LDAP::UserSuffix'} = '@domain.com';

    # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
#    $Self->{'AuthModule::LDAP::Params'} = {
#        port => 389,
#        timeout => 120,
#        async => 0,
#        version => 3,
#    };

# Now sync data with OTRS DB
    $Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
    $Self->{'AuthSyncModule::LDAP::Host'} = 'XXXXXX';
    $Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=XXXXXXX, dc=XXXXX';
    $Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
    $Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'cn=OTRS,ou=XXXXXX,ou=XXXXXX,dc=XXXXXXX,dc=XXXXXX';
    $Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'XXXXXXX';
 
    $Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
        # DB -> LDAP
        UserFirstname => 'givenName',
        UserLastname  => 'sn',
        UserEmail     => 'mail',
    };
 
    # AuthSyncModule::LDAP::UserSyncInitialGroups
    # (sync following group with rw permission after initial create of first agent
    # login)
   $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
        'users',
    ];


#################################CUSTOMER LDAP#####################################


  $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
  $Self->{'Customer::AuthModule::LDAP::Host'} = 'XXXXXXX';
  $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=XXXXX,dc=XXXXXX';
  $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
  $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=XXXXXX,ou=XXXXX,ou=XXXXXX, dc=XXXXXX,dc=XXXXX';
  $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'XXXXXXX';

  $Self->{CustomerUser1} = {
    Module => 'Kernel::System::CustomerUser::LDAP',
    Params => {
      Host => 'XXXXXXXX',
      BaseDN => 'dc=XXXXXX,dc=XXXXX',
      SSCOPE => 'sub',
      UserDN => 'cn=OTRS,ou=XXXXXXX,ou=XXXXXXXX, dc=XXXXXX,dc=XXXXXXXX',
      UserPw => 'XXXXXXX',
    },
    CustomerKey => 'sAMAccountName',
    #CustomerKey => 'mail'
    CustomerID => 'mail',
    #CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserListFields => ['mail'],
    #CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserSearchFields => ['mail'],
    CustomerUserPostMasterSearchFields => ['mail'],
    CustomerUserNameFields => ['givenname', 'sn'],
    Map => [
      # note: Login, Email and CustomerID needed!
      # var, frontend, storage, shown, required, storage-type
#       [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
      [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
      [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
      [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
      [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
      [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
#       [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
#       [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
#       [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
    ],
  };

    # CustomerGroupSupport (0 = compat. to OTRS 1.1 or lower)
    # (if this is 1, the you need to set the group <-> customer user
    # relations! http://host/otrs/index.pl?Action=AdminCustomerUserGroup
    # otherway, each user is ro/rw in each group!)
    $Self->{CustomerGroupSupport} = 1;

    # CustomerGroupAlwaysGroups
    # (if CustomerGroupSupport is true and you don't want to manage
    # each customer user for this groups, then put the groups
    # for all customer user in there)
    #$Self->{CustomerGroupAlwaysGroups} = ['XXXXXXX','XXXXXXXXXXXXXX','XXXXXX','XXXXX'];



    # ---------------------------------------------------- #
    # data inserted by installer                           #
    # ---------------------------------------------------- #
    # $DIBI$
    $Self->{'DefaultCharset'} = 'utf-8';

    # ---------------------------------------------------- #
    # ---------------------------------------------------- #
    #                                                      #
    #           End of your own config options!!!          #
    #                                                      #
    # ---------------------------------------------------- #
    # ---------------------------------------------------- #
}

# ---------------------------------------------------- #
# needed system stuff (don't edit this)                #
# ---------------------------------------------------- #
use strict;
use warnings;

use vars qw(@ISA $VERSION);
$VERSION = qw($Revision: 1.23 $)[1];

use Kernel::Config::Defaults;
push (@ISA, 'Kernel::Config::Defaults');

# -----------------------------------------------------#

1;

Is there anything else that I seem to be missing??

Thanks!
Top
crythias
Moderator
Posts: 10170
Joined: 04 May 2010, 18:38
Znuny Version: 5.0.x
Location: SouthWest Florida, USA
Contact:
Contact crythias

Re: Can't get my LDAP to work the way I want!

Post by crythias »

At the minimum uncomment

$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
OTRS 6.0.x (private/testing/public) on Linux with MySQL database.
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
Top
iweissenberger
Znuny newbie
Posts: 4
Joined: 12 Apr 2011, 23:07
Znuny Version: 2.2.4

Re: Can't get my LDAP to work the way I want!

Post by iweissenberger »

crythias wrote:At the minimum uncomment

$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
Ok thanks for the info.

I removed the comment before that and it is still giving me the same message: "Panic, user authenticated but no user data can be found in OTRS DB!! Perhaps the user is invalid."

Everything else still seems to be working the same.
Top
Locked

Return to “Help”