[RESOLVED]LDAP DB (AD) fails search.

NTSOLO · Post by **NTSOLO** » 18 May 2012, 23:21

I've ran into an error I cannot get myself out of while trying to integrate LDAP ( AD ) authentication. Please note my configuration is still incomplete ( it still doesn't sync the user once its been authenticated, Im still working on the user + group membership validation).

If I use:
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=company,dc=local';

Then the following error is generated:
OTRS-CGI-10[24293]: [Error][Kernel::System::Auth::LDAP::Auth][Line:216]: Search failed! Referral:#012ldap://DomainDnsZones.company.local/DC=DomainDnsZones,DC=company,DC=local#012ldap://ForestDnsZones.company.local/DC=ForestDnsZones,DC=company,DC=local#012ldap://company.local/CN=Configuration,DC=company,DC=local
May 18 13:49:10 NTH-WebServer01 OTRS-CGI-10[24293]: [Error][Kernel::System::User::UserLookup][Line:797]: No UserID found for 'test'!

If I use
$Self->{'AuthModule::LDAP::BaseDN'} = 'cn=users,dc=company,dc=local';

The Search works and the user isn't authenticated because I haven't completed the sync part of the config. But its OK.

Wiresharks shows the following when I use "dc=company,dc=local':

Code: Select all

LDAP	searchRequest(17) "DC=nt,DC=core" wholeSubtree 
LDAP	searchResEntry(17) "CN=Testing UserAcc,CN=Users,DC=nt,DC=core" | searchResDone(17) Unknown result(9) (Referral:
ldap://ForestDnsZones.nt.core/DC=ForestDnsZones,DC=nt,DC=core
ldap://DomainDnsZones.nt.core/DC=DomainDnsZones,DC=nt,DC=core
ldap://nt.core/CN=Configuration,DC=nt,DC=core)  [1 result]

Could anyone point me out as to why this is happening ?

Here is the details of my setup:

Running OTRS 3.1.5

Installed modules:

Code: Select all

./otrs.CheckModules.pl
   o CGI..............................ok (v3.59)
   o Crypt::PasswdMD5.................ok (v1.3)
   o Crypt::SSLeay....................ok (v0.57)
   o CSS::Minifier....................ok (v0.01)
   o Date::Format.....................ok (v2.24)
   o Date::Pcalc......................ok (v1.2)
   o DBI..............................ok (v1.616)
   o DBD::mysql.......................ok (v4.020)
   o DBD::ODBC........................Not installed! (Optional - Required to connect to a MS-SQL database.)
   o DBD::Oracle......................Not installed! (Optional - Required to connect to a Oracle database.)
   o DBD::Pg..........................Not installed! (Optional - Required to connect to a PostgreSQL database.)
   o Digest::MD5......................ok (v2.51)
   o Digest::SHA::PurePerl............ok (v5.70)
   o Digest::SHA......................ok (v5.61)
   o Encode::HanExtra.................Not installed! (Optional - Required to handle mails with several Chinese character sets.)
   o Encode::Locale...................ok (v1.02)
   o GD...............................ok (v2.46)
      o GD::Text......................ok (v0.86)
      o GD::Graph.....................ok (v1.44)
      o GD::Graph::lines..............ok (v1.15)
      o GD::Text::Align...............ok (v1.18)
   o IO::Scalar.......................ok (v2.110)
   o IO::Wrap.........................ok (v2.110)
   o JavaScript::Minifier.............ok (v1.05)
   o JSON.............................ok (v2.53)
      o JSON::PP......................ok (v2.27200)
      o JSON::XS......................ok (v2.32)
   o Locale::Codes....................ok (v3.18)
   o LWP::UserAgent...................ok (v6.03)
   o Mail::Internet...................ok (v2.08)
   o Mail::POP3Client.................ok (v2.18 )
      o IO::Socket::SSL...............ok (v1.53)
   o Mail::IMAPClient.................Not installed! (Optional - Required for IMAP TLS connections.)
      o IO::Socket::SSL...............ok (v1.53)
   o MIME::Base64.....................ok (v3.13)
   o MIME::Tools......................ok (v5.428)
   o ModPerl::Util....................ok (v2.000005)
      o Apache::DBI...................ok (v1.11)
      o Apache2::Reload...............ok (v0.11)
   o Net::DNS.........................ok (v0.66)
   o Net::POP3........................ok (v2.29)
   o Net::IMAP::Simple................ok (v1.2030)
      o Net::IMAP::Simple::SSL........ok (v1.3)
   o Net::SMTP........................ok (v2.31)
      o Authen::SASL..................ok (v2.15)
      o Net::SMTP::SSL................ok (v1.01)
      o Net::SMTP::TLS::ButMaintained.ok (v0.18)
   o Net::LDAP........................ok (v0.43)
   o Net::SSL.........................ok (v2.84)
   o PDF::API2........................ok (v2.019)
      o Compress::Zlib................ok (v2.033)
   o SOAP::Lite.......................ok (v0.714)
      o version.......................ok (v0.88)
      o Class::Inspector..............ok (v1.25)
   o Text::CSV........................ok (v1.21)
      o Text::CSV_PP..................ok (v1.29)
      o Text::CSV_XS..................ok (v0.85)
   o XML::Parser......................ok (v2.41)
   o HTTP::Message....................ok (v6.02)
      o HTTP::Headers.................ok (v6.00)
   o URI..............................ok (v1.59)
      o URI::Escape...................ok (v3.31)
   o Scalar::Util.....................ok (v1.23)

Config.pm:

Code: Select all

package Kernel::Config;

use utf8;

sub Load {
    my $Self = shift;

    $Self->{DatabaseHost} = 'localhost';
    $Self->{Database} = 'otrs';
    $Self->{DatabaseUser} = 'otrs';
    $Self->{DatabasePw} = '123455939393'
    $Self->{DatabaseDSN} = "DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost};";


    $Self->{Home} = '/opt/otrs';





$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 2,
sscope => 'sub',
};
$Self->{'AuthModule::LDAP::Host'} = 'company.local';
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=company,dc=local';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccoucompanyName';
$Self->{'AuthModule::LDAP::AlwaysFilter'} = '(objectclass=user)';

$Self->{'AuthModule::LDAP::SearchUserDN'} = 'cn=OTRS,ou=OTRS,dc=company,dc=local';
$Self->{'AuthModule::LDAP::SearchUserPw'} = '123';

$Self->{'AuthModule::LDAP::GroupDN'} = 'CN=OTRS-Agent,OU=OTRS,DC=company,DC=local';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';

$Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'CN=OTRS-Customers,OU=OTRS,DC=company,DC=local';
$Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN';

$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = '1.1.1.1';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=company,dc=local';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccoucompanyName';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=OTRS,ou=OTRS,dc=company,dc=local';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = '123';
$Self->{CustomerUser} = {
  Module => 'Kernel::System::CustomerUser::LDAP',
  Params => {
    Host => '1.1.1.1',
    BaseDN => 'dc=company,dc=local',
    SSCOPE => 'sub',
    UserDN => 'cn=OTRS,ou=OTRS,dc=company,dc=local',
    UserPw => '123',
  },
  CustomerKey => 'sAMAccoucompanyName',
  CustomerID => '001',
  CustomerUserListFields => ['sAMAccoucompanyName', 'cn', 'mail'],
  CustomerUserSearchFields => ['sAMAccoucompanyName', 'cn', 'mail'],
  CustomerUserPostMasterSearchFields => ['mail'],
  CustomerUserNameFields => ['givenname', 'sn'],
  Map => [
    [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
    [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
    [ 'UserLogin', 'Login', 'sAMAccoucompanyName', 1, 1, 'var' ],
    [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
    [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
  ],
};




}

use strict;
use warnings;

use vars qw(@ISA $VERSION);
$VERSION = qw($Revision: 1.25 $)[1];

use Kernel::Config::Defaults;
push (@ISA, 'Kernel::Config::Defaults');


1;

----------------------------

Fixed! I'm an idiot.. I googled to see which LDAP version Active Directory ran and found it was version 2. Well for which ever reason stating version 2 as LDAP PARAM in Config.pm generates the error above under the conditions I stated. Hope this helps anyone that stumbles on this....