LDAP Authentication

[LookManOff]

I read FAQ and this forum and write this

Code: Select all

package Kernel::Config;

sub Load {
    my $Self = shift;
    $Self->{'DatabaseHost'} = 'localhost';
    $Self->{'Database'} = 'otrs';
    $Self->{'DatabaseUser'} = 'otrs';
    $Self->{'DatabasePw'} = 'otrs';
    $Self->{DatabaseDSN} = "DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost};";
    $Self->{Home} = '/opt/otrs';
    $Self->{'DefaultCharset'} = 'utf-8';

}

# Enable LDAP Authentication for Agent #
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = '192.168.0.xxx';
$Self->{'AuthModule::LDAP::BaseDN'} = 'CN=MEL,OU=Domain Controllers,DC=xxxx,DC=local';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::GroupDN'} = 'CN=otrs,OU=IT,DC=ukcm,DC=local';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=otrsadmin,OU=IT,DC=xxxx,DC=local';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'xxxxxx';
$Self->{'AuthModule::LDAP::Params'} = {
    port => 389,
    timeout => 10,
    async => 0,
    version => 3,
    debug => 8,
};


# agent data sync against ldap #
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = '192.168.0.xxx';
$Self->{'AuthSyncModule::LDAP::BaseDN'} ='CN=MEL,OU=Domain Controllers,DC=xxxx,DC=local';
$Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthSyncModule::LDAP::UserAttr'} = 'DN';
$Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'CN=otrsadmin,OU=IT,DC=xxxx,DC=local';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'xxxxxx';



$Self->{CustomerUser} = {
        Name   => 'Database Backend',
        Module => 'Kernel::System::CustomerUser::DB',
        Params => {
            Table => 'customer_user',
            DestCharset => 'utf-8',
            SourceCharset => 'utf-8',
        },
        # customer uniq id
        CustomerKey => 'login',
            SearcgKeyType => {
                        CustomerID => 'var',
                        CustomerUserLogin => 'var',
                },

        # customer #
        CustomerID             => 'customer_id',
        CustomerValid          => 'valid_id',
        CustomerUserListFields => [ 'first_name', 'last_name', 'email' ],
        CustomerUserListFields => ['login', 'first_name', 'last_name', 'customer_id', 'email'],
        CustomerUserSearchFields => [ 'login', 'first_name', 'last_name', 'customer_id' ],
        CustomerUserSearchPrefix => '',
        CustomerUserSearchSuffix => '*',
        CustomerUserSearchListLimit => 250,
        CustomerUserPostMasterSearchFields => ['email'],
        CustomerUserNameFields => [ 'salutation', 'first_name', 'last_name' ],
        #CustomerUserEmailUniqCheck => 1,##

        CustomerCompanySupport => 1,
        ReadOnly => 1,
        Map => [

           # note: Login, Email and CustomerID needed!
           # var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly, http-link-target
           # [ 'UserSalutation', 'Salutation', 'salutation', 1, 0, 'var', '', 0 ],
            [ 'UserFirstname',  'Firstname',  'first_name',     1, 1, 'var', '', 0 ],
            [ 'UserLastname',   'Lastname',   'last_name',      1, 1, 'var', '', 0 ],
            [ 'UserLogin',      'Username',   'login',          1, 1, 'var', '', 0 ],
            [ 'UserEmail',      'Email',      'email',          1, 1, 'var', '', 0 ],
            [ 'UserCustomerID', 'CustomerID', 'customer_id',    0, 1, 'var', '', 0 ],
                [ 'UserPhone',        'Phone',       'phone',        1, 0, 'var', 'click2dial.pl?agent=$Env{"UserComment"}&customer=$Data{"UserPhone"}', 0 ],
            [ 'UserMobile',      'Mobile',      'mobile',       1, 0,'var', 'click2dial.pl?agent=$Env{"UserComment"}&customer=$Data{"UserMobile"}', 0 ],
        ],
    };

$Self->{'UserSyncLDAPMap'} = {
 # DB -> LDAP
 UserFirstname => 'givenName',
 UserLastname => 'sn',
 UserEmail => 'mail',
 };

 # (sync following group with rw permission after initial create of first agent login)
 $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
 'Users',
 ];


use strict;
use warnings;

use vars qw(@ISA $VERSION);
$VERSION = qw($Revision: 1.23 $)[1];

use Kernel::Config::Defaults;
push (@ISA, 'Kernel::Config::Defaults');

# -----------------------------------------------------#

1;

Why people from AD can't login use LDAP?
I must change settings in Framework - Frontend::Customer::Auth or not?
Please, help somebody...

[ferrosti]

What does your logfile say?

[LookManOff]

What does your logfile say?

nothing, he's empty...

[jojo]

You have a Auth via LDAP and a DB based CustomerDB. As people are not in the DB they can not login. Sync is not possible for Customers! There also will be Log entries, so it seems that you looked in the wrong place

[LookManOff]

Ok, I know only one log file, he placed in opt/otrs/var/log/TicketCounter.log. and he's empty...
Do you know where I can see another log and what can you say about my script, is fine without mistakes?

[LookManOff]

Tell me please, should I write in Framework - Frontend::Customer::Auth (web interface) all of this configurations like in config.pm?

[LookManOff]

I found log=) User 'Marat' - it's me (Agent)
User '111' it's my test user in ADDS (windows server 2008 Standard sp2)
192.168.0.118 - it's my local IP

Code: Select all

Thu Jun 23 06:19:24 2011	notice	OTRS-CGI-10	User: marat authentication ok (REMOTE_ADDR: 192.168.0.118).
Thu Jun 23 06:19:18 2011	error	OTRS-CGI-10	No UserID found for '111@ukcm.local'!
Thu Jun 23 06:19:18 2011	notice	OTRS-CGI-10	User: 111@ukcm.local doesn't exist or is invalid!!! (REMOTE_ADDR: 192.168.0.118)
Thu Jun 23 06:19:11 2011	notice	OTRS-CGI-10	Removed SessionID 1095ff2c793ffb98a230b06595d070039e.
Thu Jun 23 06:18:59 2011	notice	OTRS-CGI-10	User: marat authentication ok (REMOTE_ADDR: 192.168.0.118).
Thu Jun 23 06:18:55 2011	error	OTRS-CGI-10	No UserID found for '111'!
Thu Jun 23 06:18:55 2011	notice	OTRS-CGI-10	User: 111 doesn't exist or is invalid!!! (REMOTE_ADDR: 192.168.0.118)
Thu Jun 23 06:18:53 2011	error	OTRS-CGI-10	No UserID found for 'ukcm\111'!
Thu Jun 23 06:18:53 2011	notice	OTRS-CGI-10	User: ukcm\111 doesn't exist or is invalid!!! (REMOTE_ADDR: 192.168.0.118)
Thu Jun 23 06:18:46 2011	notice	OTRS-CGI-10	Removed SessionID 10ac801e9dedfa3e385bf60e150ec8c9d9.
Thu Jun 23 06:10:09 2011	notice	OTRS-CGI-10	User: marat authentication ok (REMOTE_ADDR: 192.168.0.118).

Sometimes I see that...

Code: Select all

Thu Jun 23 06:04:24 2011	error	OTRS-CGI-10	MySQL server has gone away, SQL: 'UPDATE sessions SET session_value = ? WHERE session_id = ?'
Thu Jun 23 06:04:17 2011	error	OTRS-CGI-10	MySQL server has gone away, SQL: 'UPDATE sessions SET session_value = ? WHERE session_id = ?'

[LookManOff]

I'm sorry)) Net::LDAP......................Not installed!
I'll install this module and try again and write this my result)

[LookManOff]

So... I install net ldap, write in Framework - Frontend::Customer::Auth (web interface) all of configurations from config.pm and nothing changed...
my log entries the same...

[LookManOff]

Ok, I think i'm closer now))
my log:

Code: Select all

Sat Jun 25 12:31:16 2011	error	OTRS-CGI-10	No such user '222'!
Sat Jun 25 12:31:16 2011	notice	OTRS-CGI-10	CustomerUser: 222 (CN=222,OU=IT,DC=ukcm,DC=local) authentication ok (REMOTE_ADDR: 192.168.0.118).

User '222' already in group 'otrs' that he must login, but...
What you think about this?

[LookManOff]

How can I change costomer authentication if I have this code?

Code: Select all

package Kernel::Config;
sub Load {
    my $Self = shift;
    $Self->{'DatabaseHost'} = 'localhost';
    $Self->{'Database'} = 'otrs ';
    $Self->{'DatabaseUser'} = 'otrs';
    $Self->{'DatabasePw'} = 'otrs';
    $Self->{DatabaseDSN} = "DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost};";
    $Self->{'DefaultCharset'} = 'utf-8';

};

I realy hoping that somebody help me)

[crythias]

You should make sure that the authentication points to ldap.

http://wiki.otrs.org/index.php?title=Us ... _customers

[LookManOff]

Thanks for all! Agents can login now, but costomers can't login...

Code: Select all

CustomerUser: 111 (CN=111,OU=test,DC=ukcm,DC=local) authentication failed: '80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 773, v1772

Some people in forum said it's because DN have UTF8.
Who knows that error?

[LookManOff]

Ok, now OTRS is working!!! ))
Thanks crythias for you help.
P.S. Gays, read instructions attentively!

[tpham]

P.S. Gays, read instructions attentively!

thats not very nice!

[ferrosti]

Since this is rather a self advise, I´d just not care