LDAP Binding Error

[zipzoom]

Running OTRS on Server 2008 with Apache keep getting the below error when logging in to OTRS



Wed Aug 15 16:06:31 2012] -e: Use of uninitialized value in concatenation (.) or string at C:/PROGRA~2/OTRS/OTRS//Kernel/System/Log.pm line 161.
ERROR: OTRS-CGI-10 Perl: 5.12.3 OS: MSWin32 Time: Wed Aug 15 16:06:31 2012

Message: Search failed! 000004DC: LdapErr: DSID-0C0906DD, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1772


Config.pm

$Self->{LogModule} = 'Kernel::System::Log::File';
$Self->{LogModule::LogFile} = 'C:/PROGRA~2/OTRS/OTRS/var/log/otrs.log';
# $DIBI$
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'xxx.xxx.xx.xx';
$Self->{'AuthModule::LDAP::BaseDN'} = 'CN=OTRS LDAP,CN=Users,DC=xxx,DC=xxxxx,DC=com';
$Self->{'AuthModule::LDAP::UID'} = 'uid';
#$Self->{'AuthModule::LDAP::GroupDN'} = 'CN=OTRS LDAP,CN=Users,DC=xxx,DC=xxxx,DC=com';
#$Self->{'AuthModule::LDAP::UserAttr'} = 'UID';
#$Self->{'AuthModule::LDAP::AccessAttr'} = 'memberUid';
$Self->{'AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};


$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = '119.206.79.90';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'CN=OTRS LDAP,CN=Users,DC=xxx,DC=xxxx,DC=com';
$Self->{'AuthSyncModule::LDAP::UID'} = 'uid';
#$Self->{'AuthSyncModule::LDAP::UserAttr'} = 'UID';
#$Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'memberUid';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'CN=OTRS LDAP,CN=Users,DC=xxx,DC=xxxxx,DC=com';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'xxxxxx';

$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
'users',
];

[crythias]

viewtopic.php?f=60&t=16543

" In order to perform this operation a successful bind must be completed on the connection., data 0, v1772"
Summary:
you have no
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=OTRS LDAP,CN=Users,DC=xxx,DC=xxxxx,DC=com';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'xxxxxx';

[zipzoom]

Thnks for the fast reply now im getting the below after i added

$Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=OTRS LDAP,CN=Users,DC=xxx,DC=xxxxx,DC=com';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'xxxxxx';


Message: First bind failed! 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 525, v1772


Config.pm

$Self->{LogModule} = 'Kernel::System::Log::File';
$Self->{LogModule::LogFile} = 'C:/PROGRA~2/OTRS/OTRS/var/log/otrs.log';
# $DIBI$
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'xxx.xxx.xx.xx';
$Self->{'AuthModule::LDAP::BaseDN'} = 'CN=OTRS LDAP,CN=Users,DC=xxx,DC=xxxxx,DC=com';
$Self->{'AuthModule::LDAP::UID'} = 'uid';
#$Self->{'AuthModule::LDAP::GroupDN'} = 'CN=OTRS LDAP,CN=Users,DC=xxx,DC=xxxx,DC=com';
#$Self->{'AuthModule::LDAP::UserAttr'} = 'UID';
#$Self->{'AuthModule::LDAP::AccessAttr'} = 'memberUid';
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=OTRS LDAP,CN=Users,DC=xxx,DC=xxxxx,DC=com';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'xxxxxx';
$Self->{'AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};


$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = '119.206.79.90';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'CN=OTRS LDAP,CN=Users,DC=xxx,DC=xxxx,DC=com';
$Self->{'AuthSyncModule::LDAP::UID'} = 'uid';
#$Self->{'AuthSyncModule::LDAP::UserAttr'} = 'UID';
#$Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'memberUid';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'CN=OTRS LDAP,CN=Users,DC=xxx,DC=xxxxx,DC=com';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'xxxxxx';

$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
'users',
];

[zipzoom]

looks like i fixed the binding fogot to take the xxxx out

now when i log into otrs i get login failed but nothing in the apache log or

[Wed Aug 15 16:44:02 2012] -e: Use of uninitialized value in concatenation (.) or string at C:/PROGRA~2/OTRS/OTRS//Kernel/System/Log.pm line 161.
ERROR: OTRS-CGI-10 Perl: 5.12.3 OS: MSWin32 Time: Wed Aug 15 16:44:02 2012

Message: No UserID found for 'otrsldap'!

Traceback (3296):
Module: Kernel::System::User::UserLookup (v1.118) Line: 765
Module: Kernel::System::Auth::Auth (v1.54) Line: 232
Module: Kernel::System::Web::InterfaceAgent::Run (v1.64) Line: 204
Module: ModPerl::ROOT::ModPerl::Registry::C_3a_Program_20Files_20_28x86_29_OTRS_OTRS_bin_cgi_2dbin_index_2epl::handler (unknown version) Line: 49
Module: (eval) (v1.90) Line: 204
Module: ModPerl::RegistryCooker::run (v1.90) Line: 204
Module: ModPerl::RegistryCooker::default_handler (v1.90) Line: 170
Module: ModPerl::Registry::handler (v1.99) Line: 31

[crythias]

Message: No UserID found for 'otrsldap'!

That makes sense to me. You're authenticating an agent that doesn't exist. (index.pl)

Where does that come from?
BaseDN >> GroupDN >> filter.
Your BaseDN AND GroupDN is a user (CN) in AuthSync AND AuthModule. You'll never be able to find a user within a user.

[zipzoom]

Fixed
when i try to login as myself im an agent i get login failed


Now when i try to login as otrsldap i get
Panic, user authenticated but no user data can be found in OTRS DB!! Perhaps the user is invalid.

[crythias]

Read my post again. Your BaseDN cannot be a user. Your GroupDN cannot be a user. Your BaseDN needs to be a DC=x,DC=y,DC=Z or an OU and your GroupDN needs to be a DN underneath the BaseDN. (CN=Group Name,DC=X,DC=Y,DC=Z)

[zipzoom]

Do i need to use groupdn i commented it out i fixed my basedn now i can login as me but if the user is not an agent i get

Panic, user authenticated but no user data can be found in OTRS DB!! Perhaps the user is invalid.

[crythias]

Do i need to use groupdn i commented it out i fixed my basedn now i can login as me but if the user is not an agent i get

Panic, user authenticated but no user data can be found in OTRS DB!! Perhaps the user is invalid.

What do you want to happen?
My guess is that you want to have a GroupDN that contains explicitly the members you wish to have as Agents (log into index.pl). Users not belonging to this group will not authenticate, therefore will not show this error.

[zipzoom]

Thanks got it working

Is it possiable to do sso for customers?

[crythias]

http://doc.otrs.org/3.1/en/html/auth-ba ... -httpbasic

http://httpd.apache.org/docs/2.2/howto/auth.html

http://wiki.otterhub.org/index.php?titl ... ith_Apache

https://www.google.com/search?q=site:fo ... basic-auth

[zipzoom]

got ldap working with customer.pl tried the sso part getting below error

Wed Aug 15 21:57:53 2012] -e: Use of uninitialized value in concatenation (.) or string at C:/PROGRA~2/OTRS/OTRS//Kernel/System/Log.pm line 161.
ERROR: OTRS-CGI-10 Perl: 5.12.3 OS: MSWin32 Time: Wed Aug 15 21:57:53 2012

Message: Need User!

Traceback (2940):
Module: Kernel::System::CustomerUser::LDAP::CustomerUserDataGet (v1.62) Line: 576
Module: Kernel::System::CustomerUser::CustomerUserDataGet (v1.63) Line: 294
Module: Kernel::System::CustomerAuth::Auth (v1.36) Line: 166
Module: Kernel::System::Web::InterfaceCustomer::Run (v1.63) Line: 206
Module: ModPerl::ROOT::ModPerl::Registry::C_3a_Program_20Files_20_28x86_29_OTRS_OTRS_bin_cgi_2dbin_customer_2epl::handler (unknown version) Line: 49
Module: (eval) (v1.44) Line: 204
Module: ModPerl::RegistryCooker::run (v1.44) Line: 204
Module: ModPerl::RegistryCooker::default_handler (v1.44) Line: 170
Module: ModPerl::Registry::handler (v1.99) Line: 31



otrs log

Thu Aug 16 08:10:37 2012][Notice][Kernel::System::CustomerAuth::HTTPBasicAuth::Auth] User: No $ENV{REMOTE_USER} or $ENV{HTTP_REMOTE_USER} !(REMOTE_ADDR: 119.206.79.108).
[Thu Aug 16 08:10:37 2012][Error][Kernel::System::CustomerUser::LDAP::CustomerUserDataGet][576] Need User!