OTRS & LDAP Help!! :)

jamartinezu · Post by **jamartinezu** » 01 Jul 2013, 21:52

good Afternoon

I need help!

I've been days trying to configure OTRS with Active Directory.
Honestly I see many post where all say different configurations but none works.
I need to know if you could step by step to connect with my OTRS AD.
Enclosed is my config.pm, I hope you can help me.

Code: Select all

# Kernel/Config.pm - Config file for OTRS kernel
# Copyright (C) 2001-2013 xxx, http://otrs.org/
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (AGPL). If you
# did not receive this file, see http://www.gnu.org/licenses/agpl.txt.
# --
#  Note:
#
#  -->> Most OTRS configuration should be done via the OTRS web interface
#       and the SysConfig. Only for some configuration, such as database
#       credentials and customer data source changes, you should edit this
#       file. For changes do customer data sources you can copy the definitions
#       from Kernel/Config/Defaults.pm and paste them in this file.
#       Config.pm will not be overwritten when updating OTRS.
# --

package Kernel::Config;

use strict;
use warnings;
use utf8;

sub Load {
    my $Self = shift;

    # ---------------------------------------------------- #
    # database settings                                    #
    # ---------------------------------------------------- #

    # The database host
    $Self->{'DatabaseHost'} = 'localhost';

    # The database name
    $Self->{'Database'} = 'otrs';

    # The database user
    $Self->{'DatabaseUser'} = 'otrs';

    # The password of database user. You also can use bin/otrs.CryptPassword.pl
    # for crypted passwords
    $Self->{'DatabasePw'} = 'hot';

    # The database DSN for MySQL ==> more: "perldoc DBD::mysql"
    $Self->{DatabaseDSN} = "DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost};";

    # The database DSN for PostgreSQL ==> more: "perldoc DBD::Pg"
    # if you want to use a local socket connection
#    $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};";
    # if you want to use a TCP/IP connection
#    $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};host=$Self->{DatabaseHost};";
    # if you have PostgresSQL 8.1 or earlier, activate the legacy driver with this line:
#    $Self->{DatabasePostgresqlBefore82} = 1;

    # The database DSN for Microsoft SQL Server - only supported if OTRS is
    # installed on Windows as well
#    $Self->{DatabaseDSN} = "DBI:ODBC:driver={SQL Server};Database=$Self->{Database};Server=$Self->{DatabaseHost},1433";

    # The database DSN for Oracle ==> more: "perldoc DBD::oracle"
#    $ENV{ORACLE_HOME} = '/u01/app/oracle/product/10.2.0/client_1';
#    $ENV{NLS_DATE_FORMAT} = 'YYYY-MM-DD HH24:MI:SS';
#    $ENV{NLS_LANG} = "american_america.utf8";

#    $Self->{DatabaseDSN} = "DBI:Oracle:sid=OTRS;host=$Self->{DatabaseHost};port=1522;";

    # ---------------------------------------------------- #
    # fs root directory
    # ---------------------------------------------------- #
    $Self->{Home} = 'C:/PURDY-~1/OTRS';

    # ---------------------------------------------------- #
    # insert your own config settings "here"               #
    # config settings taken from Kernel/Config/Defaults.pm #
    # ---------------------------------------------------- #
    # $Self->{SessionUseCookie} = 0;
    # $Self->{CheckMXRecord} = 0;

    # ---------------------------------------------------- #

    # ---------------------------------------------------- #
    # data inserted by installer                           #
    # ---------------------------------------------------- #

    $Self->{'LogModule'}          = 'Kernel::System::Log::File';
    $Self->{'LogModule::LogFile'} = 'C:/PURDY-~1/OTRS/var/log/otrs.log';
    # $DIBI$


# This is an example configuration for using an MS AD backend
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'rec01.domain.com';
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=domain,dc=Com';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';

# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group OTRS_Agents to use otrs)
$Self->{'AuthModule::LDAP::GroupDN'} = 'CN=,CN=Users,DC=domain,DC=Com';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';

# Bind credentials to log into AD
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=OTRS SEARCH,CN=Users,DC=domain,DC=Com';
$Self->{'AuthModule::LDAP::SearchUserPw'} = '"#$QWLl2013';

# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
$Self->{'AuthModule::LDAP::AlwaysFilter'} = '';

# in case you want to add a suffix to each login name, then
# you can use this option. e. g. user just want to use user but
# in your ldap directory exists user@domain.
$Self->{'AuthModule::LDAP::UserSuffix'} = '';

# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};

    # ---------------------------------------------------- #
    # ---------------------------------------------------- #
    #                                                      #
    # end of your own config options!!!                    #
    #                                                      #
    # ---------------------------------------------------- #
    # ---------------------------------------------------- #
}

# ---------------------------------------------------- #
# needed system stuff (don't edit this)                #
# ---------------------------------------------------- #
use strict;
use warnings;

use vars qw(@ISA);

use Kernel::Config::Defaults;
push (@ISA, 'Kernel::Config::Defaults');

# -----------------------------------------------------#

1;

Post by **crythias** » 02 Jul 2013, 00:48

What do the logs say?
What works?
What doesn't?
Are you attempting to log in as an agent (/index.pl) or a customer (/customer.pl)?

Are you receiving an error that the agent doesn't exist?

Did you take a look at AuthSync?

jamartinezu · Post by **jamartinezu** » 02 Jul 2013, 16:15

Good Morning

Thank you very much for your attention.
I worked the connection with Active.
But giving me a new error since I do not charge all customers.
indicates that you have exceeded the limit

log

[Error] [Kernel :: System :: CustomerUser :: LDAP :: CustomerSearch] [381] exceeded sizeLimit

Post by **crythias** » 02 Jul 2013, 16:26

OK, is that preventing login?

jamartinezu · Post by **jamartinezu** » 02 Jul 2013, 16:55

Changed the parameter
$ CustomerUserSearchListLimit => 1500, and I can see all users.
But I always get the error

[Error][Kernel::System::CustomerUser::LDAP::CustomerSearch][381] Sizelimit exceeded

adicionalmente comento que no puedo ingresar al customer.pl.
No reconoce la contraseña de AD de ningun usuario

[Notice][Kernel::System::CustomerAuth::DB::Auth] CustomerUser: No auth record in 'customer_user' for 'jamartinezu' (REMOTE_ADDR: 127.0.0.1)

Post by **crythias** » 02 Jul 2013, 21:07

Without any context, I am unable to help you.
As I tend to ask, if someone approached you asking the questions in the manner you are posting here, what questions would you be asking that person to get more information to troubleshoot?

I follow that you don't speak English natively. That's not the point. The point is this: I can't replicate your issue with the information you've provided.

jamartinezu · Post by **jamartinezu** » 02 Jul 2013, 21:51

I'm from Costa Rica
I appreciate all your time.
I could connect the AD to OTRS, there is no problem with the user input ..
Only we have the problem that the log has the following error:

[Error] [Kernel :: System :: CustomerUser :: LDAP :: CustomerSearch] [381] exceeded sizeLimit

Thank you very much and good Evenings

Post by **crythias** » 02 Jul 2013, 22:39

jamartinezu wrote:Only we have the problem that the log has the following error:

[Error] [Kernel :: System :: CustomerUser :: LDAP :: CustomerSearch] [381] exceeded sizeLimit

I realize this is an "error" but aside from it being logged, is it causing you problems? (Because it's generally a cosmetic error.)

jamartinezu · Post by **jamartinezu** » 03 Jul 2013, 00:41

OTRS is working fine.
I worried that this mistake hurt at some point the connection.
But knowing that this error is stop worrying cosmetic

Thank you very much for all your atension and prompt response.

Pura Vida!

Post by **crythias** » 03 Jul 2013, 01:21

the error, by the way, is related to attempting to look at "all" your customers at once in the customer list ... you're looking at more than your ldap connection can provide *at one time*, therefore it throws an "error" (You're asking for too many results).

There are different ways to approach this:
1) Ignore it.
2) ask for smaller subsets of customers
3) adjust the hard-coded size params

jamartinezu · Post by **jamartinezu** » 08 Jul 2013, 16:50

I think I have to make the group active to OTRS (otrs_customer) since this loading me many things that are not necessary.
For that reason I is falling Apache service every time I consult clients.

ZZZAAuto.pm: Load Subroutine redefined at C :/ PURDY-~ 1/OTRS/Kernel/Config/Files/ZZZAAuto.pm line 7.
[Mon July 8 8:49:03 2013] ZZZAuto.pm: Load Subroutine redefined at C :/ PURDY-~ 1/OTRS/Kernel/Config/Files/ZZZAuto.pm line 7.
ERROR: OTRS-CGI-10 Perl: 5.12.3 OS: MSWin32 Time: Mon July 8 8:49:04 2013

Message: sizeLimit exceeded

Znuny Open Source Ticketsystem

OTRS & LDAP Help!! :)

OTRS & LDAP Help!! :)

Re: OTRS & LDAP Help!! :)

Re: OTRS & LDAP Help!! :)

Re: OTRS & LDAP Help!! :)

Re: OTRS & LDAP Help!! :)

Re: OTRS & LDAP Help!! :)

Re: OTRS & LDAP Help!! :)

Re: OTRS & LDAP Help!! :)

Re: OTRS & LDAP Help!! :)

Re: OTRS & LDAP Help!! :)

Re: OTRS & LDAP Help!! :)