I can login with my previously created Admin account of the same name as my network login, all users inside the specified DN are displayed under the Customers page in the administration panel.
However, when trying to log in as one of these users I get "Panic, user authenticated but no user data can be found in OTRS DB!! Perhaps the user is invalid."
My config looks like this (Also highlighted nicely on pastebin: http://pastebin.com/gNFamFXM).
Code: Select all
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'adcluster.sbsp.local';
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=sbsp, dc=local';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=otrs,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=sbsp,DC=local';
$Self->{'AuthModule::LDAP::SearchUserPw'} = '*****;
# This is an example configuration for an LDAP auth. backend.
# (take care that Net::LDAP is installed!)
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'adcluster.sbsp.local';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'OU=SBSUsers,OU=Users,OU=MyBusiness,DC=sbsp,DC=local';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
# The following is valid but would only be necessary if the
# anonymous user do NOT have permission to read from the LDAP tree
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'CN=otrs,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=sbsp,DC=local';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = '****';
# CustomerUser
# (customer user database backend and settings)
$Self->{CustomerUser} = {
Name => 'Datenbank',
Module => 'Kernel::System::CustomerUser::DB',
Params => { Table => 'customer_user',
# to use an external database
# DSN => 'DBI:odbc:yourdsn',
# DSN => 'DBI:mysql:database=customerdb;host=customerdbhost',
# User => '', Password => '',
},
# customer uniq id
CustomerKey => 'login',
CustomerID => 'customer_id',
CustomerValid => 'valid_id',
CustomerUserListFields => ['first_name', 'last_name', 'email'],
# CustomerUserListFields => ['login', 'first_name', 'last_name', 'customer_id', 'email'],
CustomerUserSearchFields => ['login', 'last_name', 'customer_id'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['email'],
CustomerUserNameFields => ['salutation', 'first_name', 'last_name'],
# ReadOnly => 1,
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type, http-link
[ 'UserSalutation', 'Salutation', 'salutation', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'first_name', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'last_name', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'login', 1, 1, 'var' ],
[ 'UserPassword', 'Password', 'pw', 0, 1, 'var' ],
[ 'UserEmail', 'Email', 'email', 0, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'customer_id', 0, 1, 'var' ],
[ 'UserComment', 'Comment', 'comments', 1, 0, 'var' ],
[ 'ValidID', 'Valid', 'valid_id', 0, 1, 'int' ],
],
};
# CustomerUser1
# (customer user ldap backend and settings)
$Self->{CustomerUser1} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
# ldap host
Host => 'adcluster.sbsp.local',
# ldap base dn
BaseDN => 'OU=SBSUsers,OU=Users,OU=MyBusiness,DC=sbsp,DC=local',
# search scope (one|sub)
SSCOPE => 'sub',
# The following is valid but would only be necessary if the
# anonymous user does NOT have permission to read from the LDAP tree
UserDN => 'CN=otrs,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=sbsp,DC=local',
UserPw => '****',
AlwaysFilter => '',
SourceCharset => 'utf-8',
DestCharset => 'iso-8859-1',
},
# customer uniq id
CustomerKey => 'sAMAccountName',
# customer #
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
#[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
#[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
#[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
Code: Select all
$Self->{'AuthModule::LDAP::Host'} = '192.168.16.100';
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=sbsp,dc=local';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=otrs,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=sbsp,DC=local';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'w3gUDew7';
#Allow group only
$Self->{'AuthModule::LDAP::GroupDN'} = 'CN=OTRS_Agents,OU=Security Groups,OU=MyBusiness,DC=sbsp,DC=local';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = '192.168.16.100';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=sbsp,dc=local';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'CN=otrs,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=sbsp,DC=local';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'w3gUDew7';
#Allow group only
$Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'CN=OTRS_Customers,OU=Security Groups,OU=MyBusiness,DC=sbsp,DC=local';
$Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN';
$Self->{CustomerUser} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'adcluster.sbsp.local',
BaseDN => 'dc=sbsp,dc=local',
SSCOPE => 'sub',
UserDN => 'CN=otrs,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=sbsp,DC=local',
UserPw => '[password]',
},
CustomerKey => 'sAMAccountName',
CustomerID => '[customer_id]',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
# [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
# [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
# [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
# [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};