Please help on AD integration issue

Moderator: crythias

Locked
freedomsun
Znuny newbie
Posts: 2
Joined: 18 Dec 2012, 09:58
Znuny Version: 3.1.11

Please help on AD integration issue

Post by freedomsun »

Hi All,

I've built a test lab for OTRS with Active Directory but it seems failed. Please help me to check this error and thanks so much.

When I try to access the agent page http://OTRS/otrs/index.pl ,it says

Login failed! Your username or password was entered incorrectly.

in Log:
[Tue Dec 18 16:14:19 2012][Notice][Kernel::System::Auth::LDAP::Auth] User: freeman.sun authentication failed, no LDAP group entry foundGroupDN='OU=OTRS Agents,DC=cn,DC=contoso,DC=com', Filter='(memberUid=freeman.sun)'! (REMOTE_ADDR: 192.168.98.76).
[Tue Dec 18 16:14:19 2012][Error][Kernel::System::User::UserLookup][797] No UserID found for 'freeman.sun'!


When I try to access the customer page http://OTRS/otrs/customer.pl ,it says

Login failed! Your user name or password was entered incorrectly.

in Log:

[Tue Dec 18 16:15:53 2012][Notice][Kernel::System::CustomerAuth::LDAP::Auth] CustomerUser: freeman.sun@contoso.com authentication failed, no LDAP entry found!BaseDN='DC=cn,DC=contoso,DC=com', Filter='(&(sAMAccountName=freeman.sun@contoso.com)(objectclass=user))', (REMOTE_ADDR: 192.168.0.149).


Environment:

OTRS 3.1.7 on windows 2008

Here are my configuration in Kernel\Config.pm.

# Enable LDAP lookups for Agent logins. User must be a member of OTRS Agents group.
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'dc01.cn.contoso.com';
$Self->{'AuthModule::LDAP::BaseDN'} = 'DC=cn,DC=contoso,DC=com';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=IT Monitor,OU=Service Accounts,OU=I.T.,OU=contoso,DC=cn,DC=contoso,DC=com';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'xxxxxxx';
$Self->{'AuthModule::LDAP::AlwaysFilter'} = '(objectclass=user)';
$Self->{'AuthModule::LDAP::GroupDN'} = 'OU=OTRS Agents,DC=cn,DC=contoso,DC=com';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'memberUid';
$Self->{'AuthModule::LDAP::UserAttr'} = 'UID';

# Enable LDAP lookups of Agent account informations and default roles.
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = 'dc01.cn.contoso.com';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'DC=cn,DC=contoso,DC=com';
$Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'CN=IT Monitor,OU=Service Accounts,OU=I.T.,OU=contoso,DC=cn,DC=contoso,DC=com';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'xxxxxxx';
$Self->{'AuthSyncModule::LDAP::AlwaysFilter'} = '(objectclass=user)';
$Self->{'AuthSyncModule::LDAP::GroupDN'} = 'OU=OTRS Agents,DC=cn,DC=contoso,DC=com';
$Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'memberUid';
$Self->{'AuthSyncModule::LDAP::UserAttr'} = 'UID';
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
$Self->{'AuthSyncModule::LDAP::UserSyncRolesDefinition'} = {
'cn=OTRS Agents,cn=Users,dc=mydomain,dc=local' => {
'Company Agents' => 1,
},
'cn=Domain Admins,cn=Users,dc=mydomain,dc=local' => {
'Tech Support Agents' => 1,
}
};


# Enable LDAP lookups for Customer logins.
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'dc01.cn.contoso.com';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'DC=cn,DC=contoso,DC=com';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'CN=IT Monitor,OU=Service Accounts,OU=I.T.,OU=contoso,DC=cn,DC=contoso,DC=com';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'xxxxxxx';
$Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '(objectclass=user)';
$Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'OU=contoso,DC=cn,DC=contoso,DC=com';
$Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'memberUid';
$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID';

# Enable LDAP lookups for Customer account information.
$Self->{CustomerUser} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'dc01.cn.contoso.com',
BaseDN => 'DC=cn,DC=contoso,DC=com',
SSCOPE => 'sub',
UserDN => 'CN=IT Monitor,OU=Service Accounts,OU=I.T.,OU=contoso,DC=cn,DC=contoso,DC=com',
UserPw => 'xxxxxxx',
AlwaysFilter => '(objectclass=user)',
GroupDN => 'OU=contoso,DC=cn,DC=contoso,DC=com',
AccessAttr => 'memberUid',
UserAttr => 'UID',
},
CustomerKey => 'sAMAccountName',
CustomerID => '[customer_id]',
CustomerUserListFields => ['sAMAccountName', 'sn', 'givenname', 'company', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'sn', 'givenname', 'company', 'mail'],
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
CustomerUserValidFilter => '(company=*)',
Map => [
[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'company', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
Top
jojo
Znuny guru
Posts: 15020
Joined: 26 Jan 2007, 14:50
Znuny Version: Git Master
Contact:
Contact jojo

Re: Please help on AD integration issue

Post by jojo »

check:

$Self->{'AuthSyncModule::LDAP::GroupDN'} = 'OU=OTRS Agents,DC=cn,DC=contoso,DC=com';
$Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'memberUid';
$Self->{'AuthSyncModule::LDAP::UserAttr'} = 'UID';

This wont work with AD, as the AccessAttr and UserAttr are wrong
"Production": OTRS™ 8, OTRS™ 7, STORM powered by OTRS
"Testing": ((OTRS Community Edition)) and git Master

Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
Top
freedomsun
Znuny newbie
Posts: 2
Joined: 18 Dec 2012, 09:58
Znuny Version: 3.1.11

Re: Please help on AD integration issue

Post by freedomsun »

Thanks Jojo.

I've changed configuration as you metioned but it seems also failed.

$Self->{'AuthModule::LDAP::GroupDN'} = 'OU=OTRS Agents,DC=cn,DC=contoso,DC=com';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';

one more question, could you let me know where could I find the document about this?
I've checked OTRS admin book but it seems no information about these information. Just list some attribute and no more helpful infomraion.

Thanks
Top
jojo
Znuny guru
Posts: 15020
Joined: 26 Jan 2007, 14:50
Znuny Version: Git Master
Contact:
Contact jojo

Re: Please help on AD integration issue

Post by jojo »

this is not really a topic which should be documented by OTRS as the different LDAP implementations differ in their schemes. So a LDIF of the user should help.
"Production": OTRS™ 8, OTRS™ 7, STORM powered by OTRS
"Testing": ((OTRS Community Edition)) and git Master

Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
Top
crythias
Moderator
Posts: 10170
Joined: 04 May 2010, 18:38
Znuny Version: 5.0.x
Location: SouthWest Florida, USA
Contact:
Contact crythias

Re: Please help on AD integration issue

Post by crythias »

viewtopic.php?f=60&t=16543
OTRS 6.0.x (private/testing/public) on Linux with MySQL database.
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
Top
Locked

Return to “Help”