Note:
- I can login without single sign on. (so when I type manually login + pwd in the customer userportal) -> LDAP authentication is working perfect (-> when I disable the single sign on -> place single sign on lines in comment)
- After every edit I've done I did a restart of all services.
I've followed instructions of the following links:
http://doc.otrs.org/3.1/en/html/auth-ba ... h-backends
http://wiki.otterhub.org/index.php?titl ... ith_Apache
but they give me the same error in the otrs.log:
[Notice][Kernel::System::CustomerAuth::HTTPBasicAuth::Auth] User: No $ENV{REMOTE_USER} or $ENV{HTTP_REMOTE_USER} !(REMOTE_ADDR: 10.10.10.190).
[Error][Kernel::System::CustomerUser::LDAP::CustomerUserDataGet][576] Need User!
I've searched alot on forums, google, ... But found no answer on this one. Is there another file I need to edit? Or are my config settings wrong?
The files I've edited (as suggested in the help links) are:
- apache\conf\httpd.conf
- otrs\kernel\config.pm
The code I've inserted in httpd.conf (note that "Require valid-user" is in comment otherwise the webpage will not load):
Code: Select all
Line 61:
LoadModule sspi_auth_module modules/mod_auth_sspi.so
Line 343-360:
# "C:/PROGRA~2/OTRS/Apache/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
<Directory "C:/PROGRA~2/OTRS/OTRS/bin/cgi-bin/">
SSPIAuth On
SSPIAuthoritative On
SSPIDomain mycompany.com
SSPIUsernameCase lower
SSPIOfferBasic On
# Require valid-user
Options +ExecCGI -Includes
AllowOverride None
Order allow,deny
Allow from all
</Directory>
Code: Select all
# LDAP auth. backend.
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'DC.mycompany.com';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'OU=xxx,OU=xxx,OU=xxx,OU=xxx,DC=mycompany,DC=com';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'CN=xxx,OU=xxx,OU=xxx,OU=xxx,OU=xxx,DC=mycompany,DC=com';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = '<pwd>';
$Self->{'Customer::AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
# This is an example configuration for an apache ($ENV{REMOTE_USER})
# auth. backend. Use it if you want to have a singe login through
# apache http-basic-auth
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::HTTPBasicAuth';
$Self->{'Customer::AuthModule::HTTPBasicAuth::Replace'} = 'mycompany\\';
$Self->{CustomerPanelLoginURL} = 'http://www.google.co.uk';
$Self->{CustomerPanelLogoutURL} = 'http://www.google.com';
# (customer user ldap backend and settings)
$Self->{CustomerUser} = {
Name => 'LDAP Backend',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'DC.mycompany.com',
BaseDN => 'OU=xxx,OU=xxx,OU=xxx,OU=xxx,DC=mycompany,DC=com',
SSCOPE => 'sub',
UserDN => 'CN=xxx,OU=xxx,OU=xxx,OU=xxx,OU=xxx,DC=mycompany,DC=com',
UserPw => '<pwd>',
AlwaysFilter => '',
},
CustomerKey => 'sAMAccountName',
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName','cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
[ 'UserTitle', 'Title', 'title', 1, 0, 'var', '', 0 ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var', '', 0 ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var', '', 0 ],
[ 'UserLogin', 'Username', 'sAMAccountName', 1, 1, 'var', '', 0 ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var', '', 0 ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var', '', 0 ],
[ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1, 0, 'var', '', 0 ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var', '', 0 ],
[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var', '', 0 ],
[ 'UserComment', 'Comment', 'description', 1, 0, 'var', '', 0 ],
],
};