Integration with AD (impossible is possible)

Zorn · Post by **Zorn** » 16 Feb 2012, 18:32

Hello, dear colleagues!
I try different configs of agent autorization (from official manuals, working configs from this (and other) forum) in Active Directory on Win SRV 2003 - 2008 R2, MS SQL 2005, 2008, but have the same error in logs

Code: Select all

[Thu Feb 16 12:16:23 2012][Notice][Kernel::System::User::GetUserData] Panic! No UserData for user: 'Student1'!!!
[Thu Feb 16 12:47:17 2012][Notice][Kernel::System::Auth::LDAP::Auth] User: Student1 (CN=Student1,OU=ForStuding,OU=Directum Users,DC=demo,DC=local) authentication ok (REMOTE_ADDR: 192.168.27.43).
[Thu Feb 16 12:47:17 2012][Error][Kernel::System::User::UserLookup][746] No UserID found for 'Student1'!
[Thu Feb 16 12:47:17 2012][Error][Kernel::System::User::UserLookup][746] No UserID found for 'Student1'!
[Thu Feb 16 12:47:17 2012][Notice][Kernel::System::User::GetUserData] Panic! No UserData for user: 'Student1'!!!

and user properties givenName, sn, mail is not empty in AD...

Here one of config, whith im trying:

Code: Select all

$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'demodc1.demo.local';
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=demo,dc=local';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::GroupDN'} = 'CN=OTRS Agents,OU=Testing OTRS,OU=Directum Users,DC=demo,DC=local';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';

$Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=OTRS System User,OU=Testing OTRS,OU=Directum Users,DC=demo,DC=local';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'pw';

$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = 'demodc1.demo.local';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=demo,dc=local';
$Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'CN=OTRS System User,OU=Testing OTRS,OU=Directum Users,DC=demo,DC=local';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'pw';
$Self->{'AuthSyncModule::LDAP::Charset'} = 'utf-8';
    
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
        'users',
];

but if i create agent in otrs by hand - all is working... help

Post by **crythias** » 20 Feb 2012, 14:59

This is what I've found, too. You must create an agent by hand and assign permissions, then the link works.
I busted many a headdesk hour trying to figure this out, and no matter how I tried to just sync, it wouldn't until the agent was defined with permissions.

Zorn · Post by **Zorn** » 03 Mar 2012, 21:44

crythias wrote:This is what I've found, too. You must create an agent by hand and assign permissions, then the link works.
I busted many a headdesk hour trying to figure this out, and no matter how I tried to just sync, it wouldn't until the agent was defined with permissions.

it is very sad... so, all otrs 3.1 administrator's create agents by their hands?

jojo · Post by **jojo** » 03 Mar 2012, 22:46

in 3.1 you'll need to declare which sync backend should be used (have a look in Defaults.pm and search for:

# $Self->{'AuthModule::UseSyncBackend'} = '';

You can Sync membership of LDAP Groups to OTRS Groups or OTRS Roles (preferred)

Znuny Open Source Ticketsystem

Integration with AD (impossible is possible)

Integration with AD (impossible is possible)

Re: Integration with AD (impossible is possible)

Re: Integration with AD (impossible is possible)

Re: Integration with AD (impossible is possible)