COnfiguration LDAP Customer Authentication

[Anshley]

Current System : Powered by OTRS 3.3.5 on Windows Server 2008 R2 Standard.

I have configured LDAP throught Admin - Sysconfig.

I want use my LDAP users to be able to login as Customer.

i have tried looking though other topics.

Please help if i have miss out any step.

[crythias]

viewtopic.php?f=60&t=16543

[Anshley]

When trying to add a new customer user i encounter below error(as per log)

[Fri Mar 28 14:56:04 2014][Error][Kernel::System::CustomerUser::LDAP::CustomerUserAdd][821] Not supported for this module!

[jojo]

you have to add the customers in the existing LDAP

[Anshley]

The users(Customers) are already present in my LDAP.
but they are not able to login with their current username & passwords..

[crythias]

Error messages would be helpful...

[Anshley]

Error messages would be helpful...

When trying to add a new customer user i encounter below error(as per log)

[Fri Mar 28 14:56:04 2014][Error][Kernel::System::CustomerUser::LDAP::CustomerUserAdd][821] Not supported for this module!

Additional error from log.

[Fri Mar 28 14:54:09 2014][Notice][main::_AutoRestart] Scheduler service is stopping due a restart.
[Fri Mar 28 14:54:11 2014][Error][main::_AutoRestart][678] Could not start-up new Scheduler instance.
[Fri Mar 28 14:54:12 2014][Notice][main::_Start] Scheduler Service is starting...!
[Fri Mar 28 14:54:13 2014][Notice][main::_Start] Scheduler Service start! PID 1772
[Fri Mar 28 14:56:04 2014][Error][Kernel::System::CustomerUser::LDAP::CustomerUserAdd][821] Not supported for this module!
[Fri Mar 28 15:00:04 2014][Notice][Kernel::System::GenericAgent::JobRun] Run GenericAgent Job 'send escalation notifications' from config file.
[Fri Mar 28 15:00:04 2014][Notice][Kernel::System::GenericAgent::_JobRunTicket] Use module (Kernel::System::GenericAgent::NotifyAgentGroupOfCustomQueue) for Ticket (2014030310000015/7).
[Fri Mar 28 15:00:04 2014][Notice][Kernel::System::GenericAgent::JobRun] Run GenericAgent Job 'trigger escalation events' from config file.
[Fri Mar 28 15:00:04 2014][Notice][Kernel::System::PID::PIDCreate] Can't create PID PostMasterMailbox, because it's already running (mycompany.com/5360)!
[Fri Mar 28 15:00:04 2014][Notice][Kernel::System::GenericAgent::_JobRunTicket] Use module (Kernel::System::GenericAgent::TriggerEscalationStartEvents) for Ticket (2014030310000015/7).
[Fri Mar 28 15:07:56 2014][Error][Kernel::System::CustomerAuth::LDAP::Auth][188] First bind failed! 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 57, v1771

[crythias]

they are not able to login with their current username & passwords..

Error messages would be helpful...

add a new customer user i encounter below error(as per log)

[Fri Mar 28 14:56:04 2014][Error][Kernel::System::CustomerUser::LDAP::CustomerUserAdd][821] Not supported for this module!

I'm reasonably certain this error does not occur on login.

First bind failed! 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 57, v1771

This is a more relevant error and discussed at the beginning of the link in my first post.

Can't create PID PostMasterMailbox, because it's already running (mycompany.com/5360)!

is a different thing to address, but means what it says: You're running PostMasterMailbox twice. I realize it's not relevant to this discussion, but it probably should be addressed.

[Anshley]

I would like to confirm if below is the proper way to add a customer who will be authenticated through LDAP

*User must be present on LDAP
*ADD customer through OTRS Customer addition.

but i am encountering issue Not supported for this module!.

So how should i proceed?

[jojo]

*User must be present on LDAP

yes

*ADD customer through OTRS Customer addition.

No, as he is already present in LDAP.

As the Error "First bind failed" states the bind users credentials
are wrong.

[Anshley]

Please find below a copy of my cofig.pm.
Password is correct.

Code: Select all

# --
# Kernel/Config.pm - Config file for OTRS kernel
# Copyright (C) 2001-2013 xxx, http://otrs.org/
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (AGPL). If you
# did not receive this file, see http://www.gnu.org/licenses/agpl.txt.
# --
#  Note:
#
#  -->> Most OTRS configuration should be done via the OTRS web interface
#       and the SysConfig. Only for some configuration, such as database
#       credentials and customer data source changes, you should edit this
#       file. For changes do customer data sources you can copy the definitions
#       from Kernel/Config/Defaults.pm and paste them in this file.
#       Config.pm will not be overwritten when updating OTRS.
# --

package Kernel::Config;

use strict;
use warnings;
use utf8;

sub Load {
    my $Self = shift;

    # ---------------------------------------------------- #
    # database settings                                    #
    # ---------------------------------------------------- #

    # The database host
    $Self->{'DatabaseHost'} = 'localhost';

    # The database name
    $Self->{'Database'} = 'otrs';

    # The database user
    $Self->{'DatabaseUser'} = 'otrs';

    # The password of database user. You also can use bin/otrs.CryptPassword.pl
    # for crypted passwords
    $Self->{'DatabasePw'} = 'otrs';

    # The database DSN for MySQL ==> more: "perldoc DBD::mysql"
    $Self->{DatabaseDSN} = "DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost};";

    # The database DSN for PostgreSQL ==> more: "perldoc DBD::Pg"
    # if you want to use a local socket connection
#    $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};";
    # if you want to use a TCP/IP connection
#    $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};host=$Self->{DatabaseHost};";
    # if you have PostgresSQL 8.1 or earlier, activate the legacy driver with this line:
#    $Self->{DatabasePostgresqlBefore82} = 1;

    # The database DSN for Microsoft SQL Server - only supported if OTRS is
    # installed on Windows as well
#    $Self->{DatabaseDSN} = "DBI:ODBC:driver={SQL Server};Database=$Self->{Database};Server=$Self->{DatabaseHost},1433";

    # The database DSN for Oracle ==> more: "perldoc DBD::oracle"
#    $ENV{ORACLE_HOME} = '/u01/app/oracle/product/10.2.0/client_1';
#    $ENV{NLS_DATE_FORMAT} = 'YYYY-MM-DD HH24:MI:SS';
#    $ENV{NLS_LANG} = "american_america.utf8";

#    $Self->{DatabaseDSN} = "DBI:Oracle:sid=OTRS;host=$Self->{DatabaseHost};port=1522;";

    # ---------------------------------------------------- #
    # fs root directory
    # ---------------------------------------------------- #
    $Self->{Home} = 'C:/PROGRA~2/OTRS/OTRS';

    # ---------------------------------------------------- #
    # insert your own config settings "here"               #
    # config settings taken from Kernel/Config/Defaults.pm #
    # ---------------------------------------------------- #
    # $Self->{SessionUseCookie} = 0;
    # $Self->{CheckMXRecord} = 0;

    # ---------------------------------------------------- #

    # ---------------------------------------------------- #
    # data inserted by installer                           #
    # ---------------------------------------------------- #

    $Self->{'LogModule'}          = 'Kernel::System::Log::File';
    $Self->{'LogModule::LogFile'} = 'C:/PROGRA~2/OTRS/OTRS/var/log/otrs.log';

    $Self->{'LogModule'}          = 'Kernel::System::Log::File';
    $Self->{'LogModule::LogFile'} = 'C:/PROGRA~2/OTRS/OTRS/var/log/otrs.log';
    # $DIBI$



    # ---------------------------------------------------- #
    # ---------------------------------------------------- #
    #                                                      #
    # end of your own config options!!!                    #
    #                                                      #
    # ---------------------------------------------------- #
    # ---------------------------------------------------- #
	#Enable LDAP authentication for Customers / Users

	  $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
  $Self->{'Customer::AuthModule::LDAP::Host'} = 'srvbbankdc2.bbankcorp.mu';
  $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=bbankcorp,dc=mu';
  $Self->{'Customer::AuthModule::LDAP::UID'} = 'uid';

#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
#  $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'mycompany';
 # $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'PASSWORD';

#CustomerUser
#(customer user database backend and settings)
    $Self->{CustomerUser} = {
      Module => 'Kernel::System::CustomerUser::LDAP',
      Params => {
      Host => 'srvbbankdc2.mycompany.mu',
      BaseDN => 'dc=mycompany,dc=mu',
      SSCOPE => 'sub',
      UserDN =>'CN=otrs,OU=my company Staffs,DC=mycompany,DC=mu',
      UserPw => 'password',
	  
    },
# customer unique id
    CustomerKey => 'uid',
    # customer #
    CustomerID => 'mail',
    CustomerUserListFields => ['uid', 'cn', 'mail'],
    CustomerUserSearchFields => ['uid', 'cn', 'mail'],
    CustomerUserSearchPrefix => '',
    CustomerUserSearchSuffix => '*',
    CustomerUserSearchListLimit => 450,
    CustomerUserPostMasterSearchFields => ['mail'],
    CustomerUserNameFields => ['givenname', 'sn'],
    Map => [
      # note: Login, Email and CustomerID needed!
      # var, frontend, storage, shown, required, storage-type
      #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
      [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
      [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
      [ 'UserLogin', 'Login', 'uid', 1, 1, 'var' ],
      [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
      [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
      [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
      #[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
      #[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
    ],
  };

}

# ---------------------------------------------------- #
# needed system stuff (don't edit this)                #
# ---------------------------------------------------- #
use strict;
use warnings;

use vars qw(@ISA);

use Kernel::Config::Defaults;
push (@ISA, 'Kernel::Config::Defaults');

# -----------------------------------------------------#

1;

[crythias]

Code: Select all

    $Self->{'LogModule'}          = 'Kernel::System::Log::File';
    $Self->{'LogModule::LogFile'} = 'C:/PROGRA~2/OTRS/OTRS/var/log/otrs.log';

    $Self->{'LogModule'}          = 'Kernel::System::Log::File';
    $Self->{'LogModule::LogFile'} = 'C:/PROGRA~2/OTRS/OTRS/var/log/otrs.log';

doesn't need to be defined twice.

Code: Select all

$Self->{'Customer::AuthModule::LDAP::UID'} = 'uid';

try (as mentioned in the first link I posted)

Code: Select all

$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';

Code: Select all

#  $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'mycompany';
 # $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'PASSWORD';

# is a comment and therefore unused. (This means that the bind credentials will fail)

Code: Select all

    CustomerKey => 'uid',

might try sAMAccountName again...