I have setup otrs v3.3.0 on cento6 without any issues, everything is working fine.
Now i am trying to use OpenLDAP for user/agent/customer authentication. I have setup LDAP server on cento6.4 and its working fine , tested from ldap client. but i m having issues in integrating ldap with OTRS.
Here is my LDAP Config:
Code: Select all
# This is an example configuration for an LDAP auth. backend.
# (Make sure Net::LDAP is installed!)
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = '10.0.1.2';
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=example,dc=com';
$Self->{'AuthModule::LDAP::UID'} = 'uid';
# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group xyz to use otrs)
$Self->{'AuthModule::LDAP::GroupDN'} = 'cn=Manager,ou=Groups,dc=example,dc=com';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'memberUid';
# for ldap posixGroups objectclass (just uid)
# $Self->{'AuthModule::LDAP::UserAttr'} = 'UID';
# for non ldap posixGroups objectclass (with full user dn)
# $Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
# The following is valid but would only be necessary if the
# anonymous user do NOT have permission to read from the LDAP tree
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'dc=example,dc=com';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'example#1';
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
$Self->{'AuthModule::LDAP::AlwaysFilter'} = '';
# in case you want to add a suffix to each login name, then
# you can use this option. e. g. user just want to use user but
# in your ldap directory exists user@domain.
# $Self->{'AuthModule::LDAP::UserSuffix'} = '@domain.com';
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
# agent data sync against ldap
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = 'ldap://10.0.1.2/';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=example, dc=com';
$Self->{'AuthSyncModule::LDAP::UID'} = 'uid';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'cn=john,ou=Groups,dc=example,dc=com';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'john';
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
# DB -> LDAP
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
# AuthSyncModule::LDAP::UserSyncInitialGroups
# (sync following group with rw permission after initial create of first agent
# login)
$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
'users', ];
}
Errors i received:
Nov 15 14:38:01 otrs OTRS-CGI-10[1593]: [Notice][Kernel::System::CustomerAuth::DB::Auth] CustomerUser: No auth record in 'customer_user' for 'sam' (REMOTE_ADDR: 10.0.1.10)
Nov 15 14:38:06 otrs OTRS-CGI-10[1599]: [Notice][Kernel::System::CustomerAuth::DB::Auth] CustomerUser: john doesn't exist or is invalid!!! (REMOTE_ADDR: 10.0.1.10)
Thanks
Sagar