[Solved] Single Sign-On - with non-latin names users LDAP

capitannemo · Post by **capitannemo** » 24 Oct 2012, 12:37

Good day to all. Have a problem with which the head is not broken, but bent thoroughly.
Domain AD Windows 2008, OTRS 3.1.11 - win on Windows XP SP3, customers enter a domain workstation, IE 8.
Realized that - agents and clients authenticate via LDAP,'s all right if you are interested I can put a working config.
For customer convenience (not to enter a password each time) and made pass-through authentication, mod_auth_sspi-1.0.4-2.2.2.
This works. But only if the user's login name - in English letters, Russian does not take any.
Log example (for the user named шеф and his own named shief):
[Tue Oct 23 11:17:15 2012] [Notice] [Kernel :: System :: CustomerAuth :: HTTPBasicAuth :: Auth] User: oao Authentication ok (REMOTE_ADDR: 192.168.7.52).
[Tue Oct 23 11:17:15 2012] [Error] [Kernel :: System :: CustomerUser :: SetPreferences] [506] No such user 'oao'!
[Tue Oct 23 11:43:04 2012] [Notice] [Kernel :: System :: CustomerAuth :: HTTPBasicAuth :: Auth] User: shief Authentication ok (REMOTE_ADDR: 192.168.7.52).
[Tue Oct 23 11:43:12 2012] [Notice] [Kernel :: System :: CustomerAuth :: HTTPBasicAuth :: Auth] User: shief Authentication ok (REMOTE_ADDR: 192.168.7.52).

There is a strong suspicion that in Apache or Perl to improve work with coding, as if you remove the pass-through authentication and the client himself will introduce the name and password - all work.
[Tue Oct 23 11:54:30 2012] [Notice] [Kernel :: System :: CustomerAuth :: LDAP :: Auth] CustomerUser: Chef (CN = N?? ΜN?, OU = UsersCTK, DC = stkspb, DC = ctk, DC = onego, DC = ru) authentication ok (REMOTE_ADDR: 192.168.7.52).
Who tried, who have ideas?
Thanks in advance.

Post by **crythias** » 24 Oct 2012, 14:09

You may look at the encoding for single signon.

capitannemo · Post by **capitannemo** » 24 Oct 2012, 15:47

crythias wrote:You may look at the encoding for single signon.

Thank you, Crythias. But I could not find where it is possible to change the configuration file.
Can you show me an example?
It may be useful for many peoples/

capitannemo · Post by **capitannemo** » 25 Oct 2012, 10:29

capitannemo wrote:
crythias wrote:You may look at the encoding for single signon.
Thank you, Crythias. But I could not find where it is possible to change the configuration file.
Can you show me an example?
It may be useful for many peoples/

I try :
$Self->{'Customer::AuthModule::LDAP::Charset'} = 'utf-8';
$Self->{'Customer::AuthModule::LDAP::SourceCharset'} = 'utf-8';
$Self->{'Customer::AuthModule::LDAP::DestCharset'} = 'utf-8';

But I think there is a problem before.

There seems to bundle Apache + Perl + mod_auth_sspi
Apache access log to see

192.168.7.52 - smallbusiness \ \ shief [25/Oct/2012: 13:13:41 +0500] "GET / otrs / customer.pl? Action = CustomerTicketOverview; Subaction = MyTickets HTTP/1.1" 200 5180
192.168.7.52 - [25/Oct/2012: 13:13:42 +0500] "GET / otrs-web/skins/Customer/default/css-cache/CommonCSS_7525790b954ce8c0ec71463914c82109.css HTTP/1.1" 200 29593
...
192.168.7.52 - [25/Oct/2012: 13:13:45 +0500] "GET / otrs / customer.pl HTTP/1.1" 401 401
192.168.7.52 - [25/Oct/2012: 13:13:45 +0500] "GET / otrs / customer.pl HTTP/1.1" 401 401
192.168.7.52 - smallbusiness \ \ \ xf8 \ xe5 \ xf4 [25/Oct/2012: 13:13:45 +0500] "GET / otrs / customer.pl HTTP/1.1" 302 73
192.168.7.52 - smallbusiness \ \ \ xf8 \ xe5 \ xf4 [25/Oct/2012: 13:13:45 +0500] "GET / otrs / customer.pl? Action = Login; RequestedURL = HTTP/1.1" 302 75

smallbusiness \ \ \ xf8 \ xe5 \ xf4 - here are can not understand how to remove the

Respectively - Apache error log after
Scalars leaked: 1
[Thu Oct 25 13:13:37 2012] [notice] Apache/2.2.22 (Win32) mod_auth_sspi/1.0.4 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.12.3 configured - resuming normal operations
[Thu Oct 25 13:13:37 2012] [notice] Server built: Jan 28 2012 11:16:39
[Thu Oct 25 13:13:37 2012] [notice] Parent: Created child process 4004
Scalars leaked: 1
Scalars leaked: 1
Scalars leaked: 1
[Thu Oct 25 13:13:40 2012] [notice] Child 4004: Child process is running
[Thu Oct 25 13:13:40 2012] [notice] Child 4004: Acquired the start mutex.
[Thu Oct 25 13:13:40 2012] [notice] Child 4004: Starting 64 worker threads.
[Thu Oct 25 13:13:40 2012] [notice] Child 4004: Starting thread to listen on port 80.
[Thu Oct 25 13:13:42 2012]-e: Wide character in print at C :/ OTRS / OTRS / / Kernel / Output / HTML / Layout.pm line 1643.
ERROR: OTRS-CGI-10 Perl: 5.12.3 OS: MSWin32 Time: Thu Oct 25 13:13:45 2012

Message: No such user 'шеф'!

Traceback (4004):
Module: Kernel :: System :: CustomerUser :: SetPreferences (v1.63.2.1) Line: 506
Module: Kernel :: System :: CustomerAuth :: Auth (v1.36) Line: 155
Module: Kernel :: System :: Web :: InterfaceCustomer :: Run (v1.63) Line: 206
Module: ModPerl :: ROOT :: ModPerl :: Registry :: C_3a_OTRS_OTRS_bin_cgi_2dbin_customer_2epl :: handler (unknown version) Line: 46
Module: (eval) (v1.44) Line: 204
Module: ModPerl :: RegistryCooker :: run (v1.44) Line: 204
Module: ModPerl :: RegistryCooker :: default_handler (v1.44) Line: 170
Module: ModPerl :: Registry :: handler (v1.99) Line: 31

Znuny Open Source Ticketsystem

[Solved] Single Sign-On - with non-latin names users LDAP

[Solved] Single Sign-On - with non-latin names users LDAP

Re: Single Sign-On - problem with non-latin names users LDAP

Re: Single Sign-On - problem with non-latin names users LDAP

Re: Single Sign-On - problem with non-latin names users LDAP