We have been previously running OTRS 3.1.4 on Server 2003, Apache Web Server, MQSQL (basically just used the
Windows.exe installer). I had LDAP configured for customer log ins and it worked fine.
Over the summer we upgraded our network and put a new Active Directory domain in (Server 2008 R2) with a different tree structure. I have done a fresh install of OTRS 3.1.4 but can no longer get LDAP configuration working.
This is how I have my config.pm set up....
#Enable LDAP authentication for Customers / Users
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = '192.168.0.20';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'OU=ASC Staff,OU=ASC Users & Groups,DC=asc,DC=internal';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrs';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = '*******';
#CustomerUser
#(customer user database backend and settings)
$Self->{CustomerUser} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => '192.168.0.20',
BaseDN => 'OU=ASC Staff,OU=ASC Users & Groups,DC=asc,DC=internal',
SSCOPE => 'sub',
UserDN =>'otrs',
UserPw => '*******',
},
# customer unique id
CustomerKey => 'sAMAccountName',
# customer #
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
#[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
#[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
#[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
Our Primary Domain Controller is 192.168.0.20
I have created a user in AD called "otrs" which is a domain member and a member of the Windows Authorisation Access Group. The user sits in the OU=ASC Staff.
I have used ldp.exe and can connect to AD using the otrs users.
If I log in to the agent interface and go to customers it just says "No Data Found". If I try to log into the customer portal using a user in AD it just says that the user name and password is incorrect.
This is an extract from the Apache error logs:
Module: Kernel::System::CustomerUser::LDAP::_Connect (v1.62.4.1) Line: 197
Module: Kernel::System::CustomerUser::LDAP::CustomerSearch (v1.62.4.1) Line: 348
Module: Kernel::System::CustomerUser::CustomerSearch (v1.63.2.1) Line: 189
Module: Kernel::Modules::AdminCustomerUser::_Overview (v1.99.2.1) Line: 549
Module: Kernel::Modules::AdminCustomerUser::Run (v1.99.2.1) Line: 489
Module: Kernel::System::Web::InterfaceAgent::Run (v1.64) Line: 868
Module: ModPerl::ROOT::ModPerl::Registry::C_3a_Program_20Files_OTRS_OTRS_bin_cgi_2dbin_index_2epl::handler (unknown version) Line: 49
Module: (eval) (v1.90) Line: 204
Module: ModPerl::RegistryCooker::run (v1.90) Line: 204
Module: ModPerl::RegistryCooker::default_handler (v1.90) Line: 170
Module: ModPerl::Registry::handler (v1.99) Line: 31
Any ideas what the problem could be?