Wichtige Daten:
Ubuntu 12.04 Server
OTRS 3.1.5
AD: Windows 2008 R2
Search LDAP User: Olaf Otter
Passwort: olotolot
SearchDN: OU=Westend,OU=es.te,DC=healthcare,DC=ads,DC=edv-post,DC=com (dort liegen die Test User)
Die LDAP Authentifizierung funktioniert ja sagt mir das Systemprotokoll aber der User wird in der Internen DB nicht gefunden. "no such user found". Ich denke mal das es beim Sync DB/Ldap -> Map hängt.
Hier meine Config.pm:
# --
# Kernel/Config.pm - Config file for OTRS kernel
# Copyright (C) 2001-2011 xxx, http://otrs.org/
# --
# $Id: Config.pm.dist,v 1.25 2011/09/16 10:58:28 mg Exp $
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (AGPL). If you
# did not receive this file, see http://www.gnu.org/licenses/agpl.txt.
# --
# Note:
#
# -->> OTRS does have a lot of config settings. For more settings
# (Notifications, Ticket::ViewAccelerator, Ticket::NumberGenerator,
# LDAP, PostMaster, Session, Preferences, ...) see
# Kernel/Config/Defaults.pm and copy your wanted lines into "this"
# config file. This file will not be changed on update!
#
# --
package Kernel::Config;
use utf8;
sub Load {
my $Self = shift;
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# #
# Start of your own config options!!! #
# #
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# database settings #
# ---------------------------------------------------- #
# DatabaseHost
# (The database host.)
$Self->{'DatabaseHost'} = 'localhost';
# Database
# (The database name.)
$Self->{'Database'} = 'otrs';
# DatabaseUser
# (The database user.)
$Self->{'DatabaseUser'} = 'otrs';
# DatabasePw
# (The password of database user. You also can use bin/otrs.CryptPassword.pl
# for crypted passwords.)
$Self->{'DatabasePw'} = 'otrs';
# DatabaseDSN
# (The database DSN for MySQL ==> more: "man DBD::mysql")
$Self->{DatabaseDSN} = "DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost};";
# (The database DSN for PostgreSQL ==> more: "man DBD::Pg")
# if you want to use a local socket connection
# $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};";
# if you want to use a tcpip connection
# $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};host=$Self->{DatabaseHost};";
# if you have PostgresSQL 8.1 or earlier, activate the legacy driver with this line:
# $Self->{DatabasePostgresqlBefore82} = 1;
# ---------------------------------------------------- #
# fs root directory
# ---------------------------------------------------- #
$Self->{Home} = '/opt/otrs';
# ---------------------------------------------------- #
# insert your own config settings "here" #
#LDAP authentication for Customers / Users
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'IP AD win2k8 R';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'OU=Westend,OU=es.te,DC=healthcare,DC=ads,DC=edv-post,DC=com';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'CN=Olaf Otter,OU=Westend,OU=es.te,DC=healthcare,DC=ads,DC=edv-post,DC=com';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'olotolot';
# User Mapping
$Self->{'AuthSyncModule::LDAP::UserSyncMap'}={
Username => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
# (customer ldap backend and settings)
$Self->{CustomerUser} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
# ldap host
Host => 'IP AD win2k8 R2',
# ldap base dn
BaseDN => 'OU=Westend,OU=es.te,DC=healthcare,DC=ads,DC=edv-post,DC=com',
# search scope (one|sub)
SSCOPE => 'sub',
# # The following is valid but would only be necessary if the
# # anonymous user does NOT have permission to read from the LDAP tree
UserDN => 'CN=Olaf Otter,OU=Westend,OU=es.te,DC=healthcare,DC=ads,DC=edv-post,DC=com',
UserPw => 'olotolot',
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
AlwaysFilter => '',
# if both your frontend and your LDAP are unicode, use this:
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
Params => {
port => 389,
timeout => 120,
async => 0,
version => 3,
},
},
# customer unique id
CustomerKey => 'sAMAccountName',
# customer #
CustomerID => 'mail',
CustomerUserListFields => ['cn', 'mail'],
CustomerUserSearchFields => ['uid', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
# show not own tickets in customer panel, CompanyTickets
CustomerUserExcludePrimaryCustomerID => 0,
# add a ldap filter for valid users (expert setting)
# CustomerUserValidFilter => '(!(description=locked))',
# admin can't change customer preferences
AdminSetPreferences => 0,
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly
[ 'UserTitle', 'Title', 'title', 1, 0, 'var', '', 0 ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var', '', 0 ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var', '', 0 ],
[ 'UserLogin', 'Username', 'uid', 1, 1, 'var', '', 0 ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var', '', 0 ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var', '', 0 ],
# [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1, 0, 'var', '', 0 ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var', '', 0 ],
[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var', '', 0 ],
[ 'UserComment', 'Comment', 'description', 1, 0, 'var', '', 0 ],
],
};
# config settings taken from Kernel/Config/Defaults.pm #
# ---------------------------------------------------- #
# $Self->{SessionUseCookie} = 0;
# $Self->{CheckMXRecord} = 0;
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# data inserted by installer #
# ---------------------------------------------------- #
# $DIBI$
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# #
# End of your own config options!!! #
# #
# ---------------------------------------------------- #
# ---------------------------------------------------- #
}
# ---------------------------------------------------- #
# needed system stuff (don't edit this) #
# ---------------------------------------------------- #
use strict;
use warnings;
use vars qw(@ISA $VERSION);
$VERSION = qw($Revision: 1.25 $)[1];
use Kernel::Config::Defaults;
push (@ISA, 'Kernel::Config::Defaults');
# -----------------------------------------------------#
1;
Hier mein Systemprotokoll:
Also die LDAP Connect sollten meiner Meinung nach stimmen da er ja immer den richtigen User DN anzeigt (siehe Markierung) egal welchen Ldap Login ich verwende.Thu Jun 7 12:53:59 2012 error OTRS-CGI-10 No such user 'mabr'!
Thu Jun 7 12:53:59 2012 notice OTRS-CGI-10 CustomerUser: mabr (CN=Brombach\, Max,OU=Westend,OU=es.te,DC=healthcare,DC=ads,DC=edv-post,DC=com) authentication ok (REMOTE_ADDR: 10.250.120.17).
Die Ldap User sind natürlich frei erfunden.
Ich hoffe ich bin bei euch an der richtigen Adresse.
