Hi all,
I am very new to OTRS (2 weeks). I have installed ORTS 3.1.6 with the ITSM modules on a CentOS 6.3 64bit install with MySQL 5.1.61 and Apache 2.2.15.
I have successfully configured Agent LDAP authentication with the LDAP Sync. It works great.
I am having problems getting the Customer side to authenticate. If I perform a search from the Customer Management screen in OTRS I get a list of all of my AD user accounts. However when I try to logon using one of these accounts I get this message....
Oct 12 23:01:18 ITSM OTRS-CGI-10[3029]: [Notice][Kernel::System::CustomerAuth::DB::Auth] CustomerUser: xxx.xxxxx@lcu.edu Authentication with wrong Pw!!! (REMOTE_ADDR: 99.110.47.136)
I have read the entire internet and have not been able to solve the problem. I'm sure its something simple I am missing.
I have pasted my Config.pm below.
Thanks
jvhowell
# --
# Kernel/Config.pm - Config file for OTRS kernel
# Copyright (C) 2001-2011 xxx, http://otrs.org/
# --
# $Id: Config.pm.dist,v 1.25 2011/09/16 10:58:28 mg Exp $
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (AGPL). If you
# did not receive this file, see http://www.gnu.org/licenses/agpl.txt.
# --
# Note:
#
# -->> OTRS does have a lot of config settings. For more settings
# (Notifications, Ticket::ViewAccelerator, Ticket::NumberGenerator,
# LDAP, PostMaster, Session, Preferences, ...) see
# Kernel/Config/Defaults.pm and copy your wanted lines into "this"
# config file. This file will not be changed on update!
#
# --
package Kernel::Config;
use utf8;
sub Load {
my $Self = shift;
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# #
# Start of your own config options!!! #
# #
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# database settings #
# ---------------------------------------------------- #
# DatabaseHost
# (The database host.)
$Self->{'DatabaseHost'} = 'localhost';
# Database
# (The database name.)
$Self->{'Database'} = 'otrs';
# DatabaseUser
# (The database user.)
$Self->{'DatabaseUser'} = 'otrs';
# DatabasePw
# (The password of database user. You also can use bin/otrs.CryptPassword.pl
# for crypted passwords.)
$Self->{'DatabasePw'} = 'XXXXX';
# DatabaseDSN
# (The database DSN for MySQL ==> more: "man DBD::mysql")
$Self->{DatabaseDSN} = "DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost};";
# (The database DSN for PostgreSQL ==> more: "man DBD::Pg")
# if you want to use a local socket connection
# $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};";
# if you want to use a tcpip connection
# $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};host=$Self->{DatabaseHost};";
# if you have PostgresSQL 8.1 or earlier, activate the legacy driver with this line:
# $Self->{DatabasePostgresqlBefore82} = 1;
# ---------------------------------------------------- #
# fs root directory
# ---------------------------------------------------- #
$Self->{Home} = '/opt/otrs';
# ---------------------------------------------------- #
# insert your own config settings "here" #
# config settings taken from Kernel/Config/Defaults.pm #
# ---------------------------------------------------- #
# $Self->{SessionUseCookie} = 0;
# $Self->{CheckMXRecord} = 0;
# This is an example configuration for using an MS AD backend
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'zeus.lcunet.lcu.edu';
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=lcunet,dc=lcu,dc=edu';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group OTRS_Agents to use otrs)
$Self->{'AuthModule::LDAP::GroupDN'} = 'CN=RTUsers,OU=CampusServices,DC=lcunet,DC=lcu,dc=edu';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
# Bind credentials to log into AD
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'cn=LDAPRT,ou=CampusServices,dc=lcunet,dc=lcu,dc=edu';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'XXXXXX';
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
$Self->{'AuthModule::LDAP::AlwaysFilter'} = '(&(objectCategory=person)(objectClass=user))';
# in case you want to add a suffix to each login name, then
# you can use this option. e. g. user just want to use user but
# in your ldap directory exists user@domain.
#$Self->{'AuthModule::LDAP::UserSuffix'} = '';
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
# Now sync data with OTRS DB
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = 'zeus.lcunet.lcu.edu';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=lcunet, dc=lcu, dc=edu';
$Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'cn=LDAPRT,ou=CampusServices,dc=lcunet,dc=lcu,dc=edu';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'XXXXX';
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
# DB -> LDAP
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
AgentID => 'employeeID',
};
# AuthSyncModule::LDAP::UserSyncInitialGroups
# (sync following group with rw permission after initial create of first agent
# login)
$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [ 'users', ];
# CustomerUser
# (customer ldap backend and settings)
$Self->{CustomerUser} = {
Name => 'LDAP Data Source',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
# ldap host
Host => 'zeus.lcunet.lcu.edu',
# ldap base dn
BaseDN => 'DC=lcunet,DC=lcu,DC=edu',
# search scope (one|sub)
SSCOPE => 'sub',
# The following is valid but would only be necessary if the
# anonymous user does NOT have permission to read from the LDAP tree
UserDN => 'CN=LDAPRT,OU=CampusServices,DC=lcunet,DC=lcu,DC=edu',
UserPw => 'XXXXXX',
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
AlwaysFilter => '(&(objectCategory=person)(objectClass=user))',
# if both your frontend and your LDAP are unicode, use this:
SourceCharset => 'utf-8',
DestCharset => 'utf-8',
# if your frontend is unicode and the charset of your
# ldap server is iso-8859-1, use these options.
# SourceCharset => 'iso-8859-1',
# DestCharset => 'utf-8',
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
Params => {
port => 389,
timeout => 120,
async => 0,
version => 3,
},
},
# customer unique id
CustomerKey => 'sAMAccountName',
# customer #
CustomerID => 'sAMAccountName',
CustomerUserListFields => ['sAMAccountName','cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 4000,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
# show not own tickets in customer panel, CompanyTickets
CustomerUserExcludePrimaryCustomerID => 0,
# add an ldap filter for valid users (expert setting)
CustomerUserValidFilter => '(!(description=locked))',
# administrator can't change customer preferences
AdminSetPreferences => 0,
# cache time to live in sec. - cache any database queries
CacheTTL => 0,
Map => [
# note: Login, Email and CustomerID are mandatory!
# var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly
[ 'UserTitle', 'Title', 'title', 1, 0, 'var', '', 0 ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var', '', 0 ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var', '', 0 ],
[ 'UserLogin', 'Username', 'sAMAccountName', 1, 1, 'var', '', 0 ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var', '', 0 ],
[ 'UserCustomerID', 'CustomerID', 'employeeID', 0, 1, 'var', '', 0 ],
# [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1, 0, 'var', '', 0 ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var', '', 0 ],
[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var', '', 0 ],
[ 'UserComment', 'Comment', 'description', 1, 0, 'var', '', 0 ],
],
};
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# data inserted by installer #
# ---------------------------------------------------- #
# $DIBI$
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# #
# End of your own config options!!! #
# #
# ---------------------------------------------------- #
# ---------------------------------------------------- #
}
# ---------------------------------------------------- #
# needed system stuff (don't edit this) #
# ---------------------------------------------------- #
use strict;
use warnings;
use vars qw(@ISA $VERSION);
$VERSION = qw($Revision: 1.25 $)[1];
use Kernel::Config::Defaults;
push (@ISA, 'Kernel::Config::Defaults');
# -----------------------------------------------------#
1;
Active Directory Customer Auth
Moderator: crythias
Re: Active Directory Customer Auth
There is no Customer::Auth Module in your config.
"Production": OTRS™ 8, OTRS™ 7, STORM powered by OTRS
"Testing": ((OTRS Community Edition)) and git Master
Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
"Testing": ((OTRS Community Edition)) and git Master
Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
-
jvhowell
- Znuny newbie
- Posts: 22
- Joined: 12 Oct 2012, 01:54
- Znuny Version: 6.0.25-01
- Real Name: Van Howell
- Company: South Plains College
Re: Active Directory Customer Auth
Thank You,
I setup the Frontend::Customer::Auth in SysConfigs. Now everything's shiny.
On to the next challenge... Companies.
JVH
I setup the Frontend::Customer::Auth in SysConfigs. Now everything's shiny.
On to the next challenge... Companies.
JVH
Re: Active Directory Customer Auth
companies can not be used with LDAP customer data
"Production": OTRS™ 8, OTRS™ 7, STORM powered by OTRS
"Testing": ((OTRS Community Edition)) and git Master
Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
"Testing": ((OTRS Community Edition)) and git Master
Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
Re: Active Directory Customer Auth
Hi, Jojo, Crythias
I can not configured Customer LDap Auth. I copied Jvhowell's code and change for my own but it's not work, pls help me!
# This is an example configuration for using an MS AD backend
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'MDK-INFO.AON.NET';
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=AON,dc=NET';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group OTRS_Agents to use otrs)
$Self->{'AuthModule::LDAP::GroupDN'} = 'CN=RTUsers,OU=CampusServices,DC=lcunet,DC=lcu,dc=edu';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
# Bind credentials to log into AD
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'cn=LDAPRT,ou=CampusServices,dc=lcunet,dc=lcu,dc=edu';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'XXXXXX';
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
$Self->{'AuthModule::LDAP::AlwaysFilter'} = '(&(objectCategory=person)(objectClass=user))';
# in case you want to add a suffix to each login name, then
# you can use this option. e. g. user just want to use user but
# in your ldap directory exists user@domain.
#$Self->{'AuthModule::LDAP::UserSuffix'} = '';
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
# Now sync data with OTRS DB
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = 'MDK-INFO.AON.NET';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=AON, dc=NET';
$Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'cn=LDAPRT,ou=CampusServices,dc=lcunet,dc=lcu,dc=edu';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'XXXXX';
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
# DB -> LDAP
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
AgentID => 'employeeID',
};
# AuthSyncModule::LDAP::UserSyncInitialGroups
# (sync following group with rw permission after initial create of first agent
# login)
$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [ 'users', ];
# CustomerUser
# (customer ldap backend and settings)
$Self->{CustomerUser} = {
Name => 'LDAP Data Source',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
# ldap host
Host => 'MDK-INFO.AON.NET',
# ldap base dn
BaseDN => 'DC=AON,DC=NET',
# search scope (one|sub)
SSCOPE => 'sub',
# The following is valid but would only be necessary if the
# anonymous user does NOT have permission to read from the LDAP tree
UserDN => 'CN=LDAPRT,OU=CampusServices,DC=lcunet,DC=lcu,DC=edu',
UserPw => 'XXXXXX',
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
AlwaysFilter => '(&(objectCategory=person)(objectClass=user))',
# if both your frontend and your LDAP are unicode, use this:
SourceCharset => 'utf-8',
DestCharset => 'utf-8',
# if your frontend is unicode and the charset of your
# ldap server is iso-8859-1, use these options.
# SourceCharset => 'iso-8859-1',
# DestCharset => 'utf-8',
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
Params => {
port => 389,
timeout => 120,
async => 0,
version => 3,
},
},
# customer unique id
CustomerKey => 'sAMAccountName',
# customer #
CustomerID => 'sAMAccountName',
CustomerUserListFields => ['sAMAccountName','cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 4000,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
# show not own tickets in customer panel, CompanyTickets
CustomerUserExcludePrimaryCustomerID => 0,
# add an ldap filter for valid users (expert setting)
CustomerUserValidFilter => '(!(description=locked))',
# administrator can't change customer preferences
AdminSetPreferences => 0,
# cache time to live in sec. - cache any database queries
CacheTTL => 0,
Map => [
# note: Login, Email and CustomerID are mandatory!
# var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly
[ 'UserTitle', 'Title', 'title', 1, 0, 'var', '', 0 ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var', '', 0 ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var', '', 0 ],
[ 'UserLogin', 'Username', 'sAMAccountName', 1, 1, 'var', '', 0 ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var', '', 0 ],
[ 'UserCustomerID', 'CustomerID', 'employeeID', 0, 1, 'var', '', 0 ],
# [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1, 0, 'var', '', 0 ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var', '', 0 ],
[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var', '', 0 ],
[ 'UserComment', 'Comment', 'description', 1, 0, 'var', '', 0 ],
],
};
I can not configured Customer LDap Auth. I copied Jvhowell's code and change for my own but it's not work, pls help me!
# This is an example configuration for using an MS AD backend
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'MDK-INFO.AON.NET';
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=AON,dc=NET';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group OTRS_Agents to use otrs)
$Self->{'AuthModule::LDAP::GroupDN'} = 'CN=RTUsers,OU=CampusServices,DC=lcunet,DC=lcu,dc=edu';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
# Bind credentials to log into AD
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'cn=LDAPRT,ou=CampusServices,dc=lcunet,dc=lcu,dc=edu';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'XXXXXX';
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
$Self->{'AuthModule::LDAP::AlwaysFilter'} = '(&(objectCategory=person)(objectClass=user))';
# in case you want to add a suffix to each login name, then
# you can use this option. e. g. user just want to use user but
# in your ldap directory exists user@domain.
#$Self->{'AuthModule::LDAP::UserSuffix'} = '';
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
# Now sync data with OTRS DB
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = 'MDK-INFO.AON.NET';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=AON, dc=NET';
$Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'cn=LDAPRT,ou=CampusServices,dc=lcunet,dc=lcu,dc=edu';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'XXXXX';
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
# DB -> LDAP
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
AgentID => 'employeeID',
};
# AuthSyncModule::LDAP::UserSyncInitialGroups
# (sync following group with rw permission after initial create of first agent
# login)
$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [ 'users', ];
# CustomerUser
# (customer ldap backend and settings)
$Self->{CustomerUser} = {
Name => 'LDAP Data Source',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
# ldap host
Host => 'MDK-INFO.AON.NET',
# ldap base dn
BaseDN => 'DC=AON,DC=NET',
# search scope (one|sub)
SSCOPE => 'sub',
# The following is valid but would only be necessary if the
# anonymous user does NOT have permission to read from the LDAP tree
UserDN => 'CN=LDAPRT,OU=CampusServices,DC=lcunet,DC=lcu,DC=edu',
UserPw => 'XXXXXX',
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
AlwaysFilter => '(&(objectCategory=person)(objectClass=user))',
# if both your frontend and your LDAP are unicode, use this:
SourceCharset => 'utf-8',
DestCharset => 'utf-8',
# if your frontend is unicode and the charset of your
# ldap server is iso-8859-1, use these options.
# SourceCharset => 'iso-8859-1',
# DestCharset => 'utf-8',
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
Params => {
port => 389,
timeout => 120,
async => 0,
version => 3,
},
},
# customer unique id
CustomerKey => 'sAMAccountName',
# customer #
CustomerID => 'sAMAccountName',
CustomerUserListFields => ['sAMAccountName','cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 4000,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
# show not own tickets in customer panel, CompanyTickets
CustomerUserExcludePrimaryCustomerID => 0,
# add an ldap filter for valid users (expert setting)
CustomerUserValidFilter => '(!(description=locked))',
# administrator can't change customer preferences
AdminSetPreferences => 0,
# cache time to live in sec. - cache any database queries
CacheTTL => 0,
Map => [
# note: Login, Email and CustomerID are mandatory!
# var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly
[ 'UserTitle', 'Title', 'title', 1, 0, 'var', '', 0 ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var', '', 0 ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var', '', 0 ],
[ 'UserLogin', 'Username', 'sAMAccountName', 1, 1, 'var', '', 0 ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var', '', 0 ],
[ 'UserCustomerID', 'CustomerID', 'employeeID', 0, 1, 'var', '', 0 ],
# [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1, 0, 'var', '', 0 ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var', '', 0 ],
[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var', '', 0 ],
[ 'UserComment', 'Comment', 'description', 1, 0, 'var', '', 0 ],
],
};
-
crythias
- Moderator
- Posts: 10170
- Joined: 04 May 2010, 18:38
- Znuny Version: 5.0.x
- Location: SouthWest Florida, USA
- Contact:
Re: Active Directory Customer Auth
viewtopic.php?f=60&t=16543
You copied a non-working config and expected it to work? You, also, don't have a CustomerAuth section.
You copied a non-working config and expected it to work? You, also, don't have a CustomerAuth section.
OTRS 6.0.x (private/testing/public) on Linux with MySQL database.
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
Re: Active Directory Customer Auth
Hi Crythiascrythias wrote:viewtopic.php?f=60&t=16543
You copied a non-working config and expected it to work? You, also, don't have a CustomerAuth section.
I configured CustomerAuth::Ldap in sysconfig, but it's not work. Pls help me!
-
crythias
- Moderator
- Posts: 10170
- Joined: 04 May 2010, 18:38
- Znuny Version: 5.0.x
- Location: SouthWest Florida, USA
- Contact:
Re: Active Directory Customer Auth
My crystal ball tells me that it should work.
If someone asked you the way you asked me, what would you ask him?
If someone asked you the way you asked me, what would you ask him?
OTRS 6.0.x (private/testing/public) on Linux with MySQL database.
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
Re: Active Directory Customer Auth
Hi Crythias
After reading your comment, I've tried to configured my own code without coping above code for Customer Auth Ldap.
This is my code:
# Enable LDAP lookups for Customer logins.
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'hcm.niitquangtrung.vn';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=niitquangtrung,dc=vn';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=htran,cn=Users,dc=niitquangtrung,dc=vn';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'P@ssw0rd';
$Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '(objectclass=user)';
$Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'ou=Company,dc=niitquangtrung,dc=vn';
# $Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'cn=OTRS Customers,cn=Users,dc=mydomain,dc=local';
$Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'memberUid';
$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID';
# Enable LDAP lookups for Customer account information.
$Self->{CustomerUser} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'hcm.niitquangtrung.vn',
BaseDN => 'dc=niitquangtrung,dc=vn',
SSCOPE => 'sub',
UserDN => 'cn=htran,cn=Users,dc=niitquangtrung,dc=vn',
UserPw => 'P@ssw0rd',
AlwaysFilter => '(objectclass=user)',
GroupDN => 'ou=Company,dc=niitquangtrung,dc=vn',
# GroupDN => 'cn=OTRS Customers,cn=Users,dc=mydomain,dc=local',
AccessAttr => 'memberUid',
UserAttr => 'UID',
},
CustomerKey => 'sAMAccountName',
CustomerID => '[customer_id]',
CustomerUserListFields => ['sAMAccountName', 'sn', 'givenname', 'company', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'sn', 'givenname', 'company', 'mail'],
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
CustomerUserValidFilter => '(company=*)',
Map => [
[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'company', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
Then, I restart my OTRS service, have no error.
But, when I log in customer interface with a user domain niitquangtrung.vn, have this error :
"Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, webmaster@somenet.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log."
How can I fix the error? Pls check my code and show me what i wrong! Pls help me!
Many Thanks!
After reading your comment, I've tried to configured my own code without coping above code for Customer Auth Ldap.
This is my code:
# Enable LDAP lookups for Customer logins.
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'hcm.niitquangtrung.vn';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=niitquangtrung,dc=vn';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=htran,cn=Users,dc=niitquangtrung,dc=vn';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'P@ssw0rd';
$Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '(objectclass=user)';
$Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'ou=Company,dc=niitquangtrung,dc=vn';
# $Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'cn=OTRS Customers,cn=Users,dc=mydomain,dc=local';
$Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'memberUid';
$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID';
# Enable LDAP lookups for Customer account information.
$Self->{CustomerUser} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'hcm.niitquangtrung.vn',
BaseDN => 'dc=niitquangtrung,dc=vn',
SSCOPE => 'sub',
UserDN => 'cn=htran,cn=Users,dc=niitquangtrung,dc=vn',
UserPw => 'P@ssw0rd',
AlwaysFilter => '(objectclass=user)',
GroupDN => 'ou=Company,dc=niitquangtrung,dc=vn',
# GroupDN => 'cn=OTRS Customers,cn=Users,dc=mydomain,dc=local',
AccessAttr => 'memberUid',
UserAttr => 'UID',
},
CustomerKey => 'sAMAccountName',
CustomerID => '[customer_id]',
CustomerUserListFields => ['sAMAccountName', 'sn', 'givenname', 'company', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'sn', 'givenname', 'company', 'mail'],
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
CustomerUserValidFilter => '(company=*)',
Map => [
[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'company', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
Then, I restart my OTRS service, have no error.
But, when I log in customer interface with a user domain niitquangtrung.vn, have this error :
"Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, webmaster@somenet.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log."
How can I fix the error? Pls check my code and show me what i wrong! Pls help me!
Many Thanks!
Last edited by kp20mar on 10 Dec 2012, 10:15, edited 2 times in total.
Re: Active Directory Customer Auth
please also show the error messages from apache error log
"Production": OTRS™ 8, OTRS™ 7, STORM powered by OTRS
"Testing": ((OTRS Community Edition)) and git Master
Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
"Testing": ((OTRS Community Edition)) and git Master
Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
Re: Active Directory Customer Auth
This is apche error log:
Scalars leaked: 1
Scalars leaked: 1
Scalars leaked: 1
[Mon Dec 10 15:03:16 2012] [notice] Child 2912: Child process is running
[Mon Dec 10 15:03:16 2012] [notice] Child 2912: Acquired the start mutex.
[Mon Dec 10 15:03:16 2012] [notice] Child 2912: Starting 64 worker threads.
[Mon Dec 10 15:03:17 2012] [notice] Child 2912: Starting thread to listen on port 80.
[Mon Dec 10 15:06:10 2012] [error] [Mon Dec 10 15:06:10 2012] -e: Can't connect to hcm.niitquangtrung.vn: IO::Socket::INET: connect: timeout at C:/PROGRA~1/OTRS/OTRS//Kernel/System/CustomerAuth/LDAP.pm line 176.\n
[Mon Dec 10 15:11:40 2012] [error] [Mon Dec 10 15:11:40 2012] -e: Can't connect to hcm.niitquangtrung.vn: IO::Socket::INET: connect: timeout at C:/PROGRA~1/OTRS/OTRS//Kernel/System/CustomerAuth/LDAP.pm line 176.\n
[Mon Dec 10 15:13:59 2012] [error] [Mon Dec 10 15:13:59 2012] -e: Can't connect to hcm.niitquangtrung.vn: IO::Socket::INET: connect: timeout at C:/PROGRA~1/OTRS/OTRS//Kernel/System/CustomerAuth/LDAP.pm line 176.\n
Scalars leaked: 1
Scalars leaked: 1
Scalars leaked: 1
[Mon Dec 10 15:03:16 2012] [notice] Child 2912: Child process is running
[Mon Dec 10 15:03:16 2012] [notice] Child 2912: Acquired the start mutex.
[Mon Dec 10 15:03:16 2012] [notice] Child 2912: Starting 64 worker threads.
[Mon Dec 10 15:03:17 2012] [notice] Child 2912: Starting thread to listen on port 80.
[Mon Dec 10 15:06:10 2012] [error] [Mon Dec 10 15:06:10 2012] -e: Can't connect to hcm.niitquangtrung.vn: IO::Socket::INET: connect: timeout at C:/PROGRA~1/OTRS/OTRS//Kernel/System/CustomerAuth/LDAP.pm line 176.\n
[Mon Dec 10 15:11:40 2012] [error] [Mon Dec 10 15:11:40 2012] -e: Can't connect to hcm.niitquangtrung.vn: IO::Socket::INET: connect: timeout at C:/PROGRA~1/OTRS/OTRS//Kernel/System/CustomerAuth/LDAP.pm line 176.\n
[Mon Dec 10 15:13:59 2012] [error] [Mon Dec 10 15:13:59 2012] -e: Can't connect to hcm.niitquangtrung.vn: IO::Socket::INET: connect: timeout at C:/PROGRA~1/OTRS/OTRS//Kernel/System/CustomerAuth/LDAP.pm line 176.\n
Re: Active Directory Customer Auth
solve this issue: [Mon Dec 10 15:06:10 2012] [error] [Mon Dec 10 15:06:10 2012] -e: Can't connect to hcm.niitquangtrung.vn: IO::Socket::INET: connect: timeout at C:/PROGRA~1/OTRS/OTRS//Kernel/System/CustomerAuth/LDAP.pm line 176.\n
"Production": OTRS™ 8, OTRS™ 7, STORM powered by OTRS
"Testing": ((OTRS Community Edition)) and git Master
Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
"Testing": ((OTRS Community Edition)) and git Master
Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
Re: Active Directory Customer Auth
Thanks Jojo, I know this problem but I don't know why it can't connect to domain controller. Because Otrs server is joined domain. so can you help me any more?
Re: Active Directory Customer Auth
Pls help me!
Re: Active Directory Customer Auth
ask your network guys to help you on LDAP connection
"Production": OTRS™ 8, OTRS™ 7, STORM powered by OTRS
"Testing": ((OTRS Community Edition)) and git Master
Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
"Testing": ((OTRS Community Edition)) and git Master
Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
Re: Active Directory Customer Auth
Hi Jojo,
I've new problem. Otrs log is :
"[Notice][Kernel::System::CustomerUser::LDAP] Customer User:
> authentication failed, no LDAP group entry foundGroup"
Can you help me fix it? Many thanks !
I've new problem. Otrs log is :
"[Notice][Kernel::System::CustomerUser::LDAP] Customer User:
> authentication failed, no LDAP group entry foundGroup"
Can you help me fix it? Many thanks !
Re: Active Directory Customer Auth
check your Group Settings for the customer
"Production": OTRS™ 8, OTRS™ 7, STORM powered by OTRS
"Testing": ((OTRS Community Edition)) and git Master
Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
"Testing": ((OTRS Community Edition)) and git Master
Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
Re: Active Directory Customer Auth
Hi jojo,
I've tried my best but it's not work. the error:
"[Thu Dec 13 09:57:28 2012][Notice][main::_AutoRestart] Scheduler service is stopping due a restart.
[Thu Dec 13 09:57:36 2012][Error][Kernel::System::CustomerAuth::LDAP::Auth][282] Search failed! base='ou=Users,dc=aon,dc=net', filter='(member=CN=TRAN HOANG LONG,OU=USER,OU=AON USER,DC=AON,DC=NET)', 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of:
'DC=AON,DC=NET'
Hic, My deadline's going... Pls help me!
I've tried my best but it's not work. the error:
"[Thu Dec 13 09:57:28 2012][Notice][main::_AutoRestart] Scheduler service is stopping due a restart.
[Thu Dec 13 09:57:36 2012][Error][Kernel::System::CustomerAuth::LDAP::Auth][282] Search failed! base='ou=Users,dc=aon,dc=net', filter='(member=CN=TRAN HOANG LONG,OU=USER,OU=AON USER,DC=AON,DC=NET)', 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of:
'DC=AON,DC=NET'
Hic, My deadline's going... Pls help me!
Re: Active Directory Customer Auth
Well, your deadline not from interesst for anyone here.
If you are an internal, ask your boss to get some professional help
if you are an external -> you sold things which you can not do on your own. Buy some professional help.
Check again if the user is member of the LDAP group, if the LDAP group is existing. A LDIF of the user will help you (ask the LDAP/AD admin to get you one)
If you are an internal, ask your boss to get some professional help
if you are an external -> you sold things which you can not do on your own. Buy some professional help.
Check again if the user is member of the LDAP group, if the LDAP group is existing. A LDIF of the user will help you (ask the LDAP/AD admin to get you one)
"Production": OTRS™ 8, OTRS™ 7, STORM powered by OTRS
"Testing": ((OTRS Community Edition)) and git Master
Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
"Testing": ((OTRS Community Edition)) and git Master
Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
Re: Active Directory Customer Auth
Many thanks Jojo! It's done! Uninstall and reinstall then it's working, can't understand! and now I try to learn about customer group... Any idea for me?