[SOLVED] Strange phenomenon - Customer::AuthModule

SONIC-PS · Post by **SONIC-PS** » 29 Dec 2011, 15:16

Hello,

I am trying to connect our OTRS version 3.0.11 to an Active Directory. I want to authenticate either against the AD or against the OTRS database. While setting this up I ran into a problem.

First I did this:

Example 1

Code: Select all

    # Authentication via LDAP

    $Self->{'Customer::AuthModule'} = 'Kernel::System::Auth::LDAP';
    $Self->{'Customer::AuthModule::LDAP::Host'} = 'sonic-hh-dc.sonic-ps.de';
    $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=Benutzer,dc=sonic-ps,dc=de';
    $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
    $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'CN=OTRS,OU=Dienstkonten,DC=sonic-ps,DC=de';
    $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'geheim';

Works as expected. But when I changed the code to accommodate more then one authentication method like this:

Example 2

Code: Select all

    # Authentication via LDAP

    $Self->{'Customer::AuthModule1'} = 'Kernel::System::Auth::LDAP';
    $Self->{'Customer::AuthModule::LDAP::Host1'} = 'sonic-hh-dc.sonic-ps.de';
    $Self->{'Customer::AuthModule::LDAP::BaseDN1'} = 'ou=Benutzer,dc=sonic-ps,dc=de';
    $Self->{'Customer::AuthModule::LDAP::UID1'} = 'sAMAccountName';
    $Self->{'Customer::AuthModule::LDAP::SearchUserDN1'} = 'CN=OTRS,OU=Dienstkonten,DC=sonic-ps,DC=de';
    $Self->{'Customer::AuthModule::LDAP::SearchUserPw'1} = 'geheim';

It failed! Error message "Need AuthModule::LDAP::Host1 in Kernel/Config.pm". Very odd. I changed to:

Example 3

Code: Select all

    # Authentication via LDAP

    $Self->{'Customer::AuthModule1'} = 'Kernel::System::Auth::LDAP';
    $Self->{'AuthModule::LDAP::Host1'} = 'sonic-hh-dc.sonic-ps.de';
    $Self->{'AuthModule::LDAP::BaseDN1'} = 'ou=Benutzer,dc=sonic-ps,dc=de';
    $Self->{'AuthModule::LDAP::UID1'} = 'sAMAccountName';
    $Self->{'AuthModule::LDAP::SearchUserDN1'} = 'CN=OTRS,OU=Dienstkonten,DC=sonic-ps,DC=de';
    $Self->{'AuthModule::LDAP::SearchUserPw'1} = 'geheim';

Now it worked again. The question now is, why did Example 1 at all? It is simple, I was able to test it by changing a few parameters and observing the log. I had already added an LDAP authentication section for agents:

Example 4

Code: Select all

    $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
    $Self->{'AuthModule::LDAP::Host'} = 'sonic-hh-dc.sonic-ps.de';
    $Self->{'AuthModule::LDAP::BaseDN'} = 'ou=SONIC,ou=Benutzer,dc=sonic-ps,dc=de';
    $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
    $Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=OTRS,OU=Dienstkonten,DC=sonic-ps,DC=de';
    $Self->{'AuthModule::LDAP::SearchUserPw'} = 'geheim';

The line

Code: Select all

    $Self->{'Customer::AuthModule'} = 'Kernel::System::Auth::LDAP';

effected that the agent-authentication was used. As the same AD was defined, that worked. The following lines with "Customer:AuthModule::..." were simply ignored.

But how do I do this correctly now? Is this a bug or a feature? Or a documentation error? The documentation says one should proceed as in examples 1 and 2.

Best
Henrik

SONIC-PS · Post by **SONIC-PS** » 30 Dec 2011, 10:29

Sometimes a good night's sleep helps. I had specified the wrong Authentication Module

Code: Select all

$Self->{'Customer::AuthModule1'} = 'Kernel::System::Auth::LDAP';

After I changed this from 'Kernel::System::Auth::LDAP' to 'Kernel::System::CustomerAuth::LDAP', it worked as expected.
Sorry
Henrik

Znuny Open Source Ticketsystem

[SOLVED] Strange phenomenon - Customer::AuthModule

[SOLVED] Strange phenomenon - Customer::AuthModule

Re: Strange phenomenon - Customer::AuthModule