habe jetzt das LDAP eingerichtet nur es funktioniert die Anmeldung nicht mehr. Die Agent und Customer können sich nicht anmelden.
Fehler LOG:
Code: Select all
[Thu Apr 19 10:58:43 2007][Notice][Kernel::System::Auth::LDAP::Auth] User: ANHE authentication failed, no LDAP entry found!BaseDN='ou=HEYCO-TI, ou=EDV, dc=ti, dc=heyco, dc=ads', Filter='(sAMAccountName=ANHE)', (REMOTE_ADDR: xxxx).
Code: Select all
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'sv2.ti.heyco.ads';
$Self->{'AuthModule::LDAP::BaseDN'} = 'ou=HEYCO-TI, ou=EDV, dc=ti, dc=heyco, dc=ads';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=OTRS User ,ou=Users, DC=ti, DC=heyco, DC=ads';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'otrs';
# This is an example configuration for an LDAP auth. backend.
# (take care that Net::LDAP is installed!)
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = '10.155.10.1';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=HEYCO-TI, dc=ti, dc=heyco, dc=ads';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
# The following is valid but would only be necessary if the
# anonymous user do NOT have permission to read from the LDAP tree
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=OTRS User, ou=Users, dc=ti, dc=heyco, dc=ads';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'otrs';
# CustomerUser
# (customer user ldap backend and settings)
$Self->{CustomerUser} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
# ldap host
Host => '10.155.10.1',
# ldap base dn
BaseDN => 'ou=Heyco-TI, dc=ti, dc=heyco, dc=ads',
# search scope (one|sub)
SSCOPE => 'sub',
# The following is valid but would only be necessary if the
# anonymous user does NOT have permission to read from the LDAP tree
UserDN => 'cn=OTRS User, ou=Users, dc=ti, dc=heyco, dc=ads',
UserPw => 'otrs',
AlwaysFilter => '',
SourceCharset => 'utf-8',
DestCharset => 'iso-8859-1',
},
# customer uniq id
CustomerKey => 'sAMAccountName',
# customer #
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
#[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
#[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
#[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
Ausgabe der ldapsearch mit dem OTRS User anmeldung
Code: Select all
dn: CN=OTRS User,CN=Users,DC=ti,DC=heyco,DC=ads
changetype: add
accountExpires: 9223372036854775807
cn: OTRS User
codePage: 0
countryCode: 0
displayName: OTRS User
distinguishedName: CN=OTRS User,CN=Users,DC=ti,DC=heyco,DC=ads
givenName: OTRS
instanceType: 4
name: OTRS User
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=ti,DC=heyco,DC=ads
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
sAMAccountName: otrs
sn: User
userAccountControl: 66048
userPrincipalName: otrs@ti.heyco.ads
uSNChanged: 7930080
uSNCreated: 7930074
whenChanged: 20070418131533.0Z
whenCreated: 20070418131531.0Z
Der AD Baum sieht wie folgt aus.
- ti.heyco.ads
----- Builtin
----- Computers
----- Domain Controllers
----- ForeignSecurityPrincipals
----- HEYCO-TI
---------- EDV (EDV Users) (Agents)
---------- Abteilung 1 (Hier die Customer Users)
---------- Abteilung 2 (Hier die Customer Users)
---------- =" "=
---------- =" "=
---------- =" "=
---------- =" "=
---------- =" "=
---------- =" "=
---------- usw.....
----- Users (Hier drunter ist der OTRS User)
Ich hoffe es sieht einer den Fehler.
CheckModules sagt auch das das LDAP Modul OK ist.
Danke schon mal.