After reviewing Apache logs, the following error message appears:
ERROR: OTRS-CGI-10 Perl: 5.12.3 OS: MSWin32 Time: Wed Sep 12 18:13:14 2012
Message: First bind failed! 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
Traceback (1700):
Module: Kernel::System::CustomerAuth::LDAP::Auth (v1.38) Line: 193
Module: Kernel::System::CustomerAuth::Auth (v1.36) Line: 151
Module: Kernel::System::Web::InterfaceCustomer::Run (v1.63) Line: 206
Module: ModPerl::ROOT::ModPerl::Registry::C_3a_Program_20Files_OTRS_OTRS_bin_cgi_2dbin_customer_2epl::handler (unknown version) Line: 49
Module: (eval) (v1.44) Line: 204
Module: ModPerl::RegistryCooker::run (v1.44) Line: 204
Module: ModPerl::RegistryCooker::default_handler (v1.44) Line: 170
Module: ModPerl::Registry::handler (v1.99) Line: 31
Our config.pm file is attached.
I also configured the parameters in the GUI with no success.
Unable to connect to OTRS customer data using LDAP
Moderator: crythias
-
hugolg7904
- Znuny newbie
- Posts: 10
- Joined: 14 Sep 2012, 00:03
- Znuny Version: 3.1.9
- Real Name: Hugo Lozano
- Company: Delphi
-
crythias
- Moderator
- Posts: 10170
- Joined: 04 May 2010, 18:38
- Znuny Version: 5.0.x
- Location: SouthWest Florida, USA
- Contact:
Re: Unable to connect to OTRS customer data using LDAP
OTRS 6.0.x (private/testing/public) on Linux with MySQL database.
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
-
hugolg7904
- Znuny newbie
- Posts: 10
- Joined: 14 Sep 2012, 00:03
- Znuny Version: 3.1.9
- Real Name: Hugo Lozano
- Company: Delphi
Re: Unable to connect to OTRS customer data using LDAP
Hello, thanks for you help,
Finally we can connect OTRs with AD, all users appear in OTRs but unfortunately we can not login.
Probably our configurations is incomplete.
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# #
# Start of your own config options!!! #
# #
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# database settings #
# (take care that Net::LDAP is installed!)
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'XXX.XXX.XXX.XXX';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=xxxxx,dc=com';
$Self->{'AuthModule::LDAP::UserSuffix'} = '@xxxxx.com';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=XXXUSer,ou=XXX,ou=XXX,dc=XXXXX,dc=com';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'XXXXXX';
$Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '';
# for ldap posixGroups objectclass (just uid)
$Self->{'AuthModule::LDAP::UserAttr'} = 'UID';
# for non ldap posixGroups objectclass (with full user dn)
# $Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
$Self->{'Customer::AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
# CustomerUser
# (customer user ldap backend and settings)
$Self->{CustomerUser} = {
Name => 'LDAP qtcdph',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'XXX.XXX.XXX.XXX',
#Define base users database
BaseDN => 'ou=XXX,ou=XXX,dc=XXXXX,dc=com',
SSCOPE => 'sub',
UserDN => 'cn=XXXUSer,ou=XXX,ou=XXX,dc=XXXXX,dc=com',
#UserDN => 'cn=XXXUSer,ou=XXX,ou=XXX,dc=XXXXX,dc=com',
UserPw => 'XXXXX',
AlwaysFilter => '',
SourceCharset => 'utf-8',
DestCharset => 'iso-8859-1',
Params => {
port => 389,
timeout => 120,
async => 0,
version => 3,
},
},
# customer uniq id
CustomerKey => 'sAMAccountName',
# customer #
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 1000,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
#[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
#[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
#[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
#[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
Finally we can connect OTRs with AD, all users appear in OTRs but unfortunately we can not login.
Probably our configurations is incomplete.
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# #
# Start of your own config options!!! #
# #
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# database settings #
# (take care that Net::LDAP is installed!)
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'XXX.XXX.XXX.XXX';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=xxxxx,dc=com';
$Self->{'AuthModule::LDAP::UserSuffix'} = '@xxxxx.com';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=XXXUSer,ou=XXX,ou=XXX,dc=XXXXX,dc=com';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'XXXXXX';
$Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '';
# for ldap posixGroups objectclass (just uid)
$Self->{'AuthModule::LDAP::UserAttr'} = 'UID';
# for non ldap posixGroups objectclass (with full user dn)
# $Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
$Self->{'Customer::AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
# CustomerUser
# (customer user ldap backend and settings)
$Self->{CustomerUser} = {
Name => 'LDAP qtcdph',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'XXX.XXX.XXX.XXX',
#Define base users database
BaseDN => 'ou=XXX,ou=XXX,dc=XXXXX,dc=com',
SSCOPE => 'sub',
UserDN => 'cn=XXXUSer,ou=XXX,ou=XXX,dc=XXXXX,dc=com',
#UserDN => 'cn=XXXUSer,ou=XXX,ou=XXX,dc=XXXXX,dc=com',
UserPw => 'XXXXX',
AlwaysFilter => '',
SourceCharset => 'utf-8',
DestCharset => 'iso-8859-1',
Params => {
port => 389,
timeout => 120,
async => 0,
version => 3,
},
},
# customer uniq id
CustomerKey => 'sAMAccountName',
# customer #
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 1000,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
#[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
#[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
#[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
#[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
-
crythias
- Moderator
- Posts: 10170
- Joined: 04 May 2010, 18:38
- Znuny Version: 5.0.x
- Location: SouthWest Florida, USA
- Contact:
Re: Unable to connect to OTRS customer data using LDAP
Error messages?hugolg7904 wrote:unfortunately we can not login.
OTRS 6.0.x (private/testing/public) on Linux with MySQL database.
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
-
hugolg7904
- Znuny newbie
- Posts: 10
- Joined: 14 Sep 2012, 00:03
- Znuny Version: 3.1.9
- Real Name: Hugo Lozano
- Company: Delphi
Re: Unable to connect to OTRS customer data using LDAP
Hello crythias
I am now able to see users when logged in as an agent, but the problem now is in the user portal. Changing different schemas, the errors are as follow:
If I set my base DN to
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=xxxxxx,dc=net';
The error can be:
If enter in user portal Domain\username:
[Fri Sep 21 12:13:09 2012][Notice][Kernel::System::CustomerAuth::LDAP::Auth] CustomerUser: qtcdph\mzlrb2@qtcdph.net authentication failed, no LDAP entry found!BaseDN='dc=qtcdph,dc=net', Filter='(UID=xxxxxx\\mzlrb22@xxxxxx.net)', (REMOTE_ADDR: 127.0.0.1).
if enter in user portal only username and password:
[Fri Sep 21 12:13:00 2012][Notice][Kernel::System::CustomerAuth::LDAP::Auth] CustomerUser: mzlrb22@xxxxxx.net authentication failed, no LDAP entry found!BaseDN='dc=xxxxxx,dc=net', Filter='(UID=mzlrb22@xxxxxx.net)', (REMOTE_ADDR: 127.0.0.1).
Other common errors when placing in my complete ou=xxx,ou=yyy,dc=xxx,dc=net; base dn are:
[Fri Sep 21 12:03:12 2012][Error][Kernel::System::CustomerAuth::LDAP::Auth][221] Search failed! 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of: 'DC=xxxxxx,DC=net'
I think we are missing in the config.pm something to use a group and the parameter sAMAccountName, or UID. Not sure if I should try domain\username or only the username in the user portal. And other is the one that we are not syncing or mapping users ids and password correctly.
Here is a snippet of new additions to the configuration I already sent to you.
# UserSyncLDAPMap
# (map if agent should create/synced from LDAP to DB after login)
$Self->{UserSyncLDAPMap} = {
# DB -> LDAP
Firstname => 'givenName',
Lastname => 'sn',
Email => 'mail',
id => 'uidNumber',
login => 'uid',
first_name => 'cn',
last_name => 'gecos',
valid_id => 'uidNumber',
};
# UserSyncLDAPGroups
# (If "LDAP" was selected for AuthModule, you can specify
# initial user groups for first login.)
$Self->{UserSyncLDAPGroups} = [
'users',
];
Thanks in advance for your help.
I am now able to see users when logged in as an agent, but the problem now is in the user portal. Changing different schemas, the errors are as follow:
If I set my base DN to
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=xxxxxx,dc=net';
The error can be:
If enter in user portal Domain\username:
[Fri Sep 21 12:13:09 2012][Notice][Kernel::System::CustomerAuth::LDAP::Auth] CustomerUser: qtcdph\mzlrb2@qtcdph.net authentication failed, no LDAP entry found!BaseDN='dc=qtcdph,dc=net', Filter='(UID=xxxxxx\\mzlrb22@xxxxxx.net)', (REMOTE_ADDR: 127.0.0.1).
if enter in user portal only username and password:
[Fri Sep 21 12:13:00 2012][Notice][Kernel::System::CustomerAuth::LDAP::Auth] CustomerUser: mzlrb22@xxxxxx.net authentication failed, no LDAP entry found!BaseDN='dc=xxxxxx,dc=net', Filter='(UID=mzlrb22@xxxxxx.net)', (REMOTE_ADDR: 127.0.0.1).
Other common errors when placing in my complete ou=xxx,ou=yyy,dc=xxx,dc=net; base dn are:
[Fri Sep 21 12:03:12 2012][Error][Kernel::System::CustomerAuth::LDAP::Auth][221] Search failed! 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of: 'DC=xxxxxx,DC=net'
I think we are missing in the config.pm something to use a group and the parameter sAMAccountName, or UID. Not sure if I should try domain\username or only the username in the user portal. And other is the one that we are not syncing or mapping users ids and password correctly.
Here is a snippet of new additions to the configuration I already sent to you.
# UserSyncLDAPMap
# (map if agent should create/synced from LDAP to DB after login)
$Self->{UserSyncLDAPMap} = {
# DB -> LDAP
Firstname => 'givenName',
Lastname => 'sn',
Email => 'mail',
id => 'uidNumber',
login => 'uid',
first_name => 'cn',
last_name => 'gecos',
valid_id => 'uidNumber',
};
# UserSyncLDAPGroups
# (If "LDAP" was selected for AuthModule, you can specify
# initial user groups for first login.)
$Self->{UserSyncLDAPGroups} = [
'users',
];
Thanks in advance for your help.
-
crythias
- Moderator
- Posts: 10170
- Joined: 04 May 2010, 18:38
- Znuny Version: 5.0.x
- Location: SouthWest Florida, USA
- Contact:
Re: Unable to connect to OTRS customer data using LDAP
Read this, please. viewtopic.php?f=60&t=16543
OTRS 6.0.x (private/testing/public) on Linux with MySQL database.
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
-
crythias
- Moderator
- Posts: 10170
- Joined: 04 May 2010, 18:38
- Znuny Version: 5.0.x
- Location: SouthWest Florida, USA
- Contact:
Re: Unable to connect to OTRS customer data using LDAP
Since I repeated myself above, I'll repeat the relevant part from the link:
CustomerUser: mzlrb22@xxxxxx.net authentication failed, no LDAP entry found!BaseDN='dc=xxxxxx,dc=net', Filter='(UID=mzlrb22@xxxxxx.net)', (REMOTE_ADDR: 127.0.0.1).
If you don't have such in AD/LDAP, the link I provided tells you how to troubleshoot it, why it doesn't work for you, and options to fix.
CustomerUser: mzlrb22@xxxxxx.net authentication failed, no LDAP entry found!BaseDN='dc=xxxxxx,dc=net', Filter='(UID=mzlrb22@xxxxxx.net)', (REMOTE_ADDR: 127.0.0.1).
If you don't have such in AD/LDAP, the link I provided tells you how to troubleshoot it, why it doesn't work for you, and options to fix.
OTRS 6.0.x (private/testing/public) on Linux with MySQL database.
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask