Hi, I am new with OTRS but it looks great!
I tried to make an ldap authentication so I had copied and example and made some changes.
unfourtunatly it does not work. Can somebody assist? Thank you!
## Set up LDAP for Customer authentication to the Frontend for customers.
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = '10.90.1.5';
# The ou= is your NT Domain name. The dc= (there may be more than one) is your AD domain name.
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'OU=Lan Users,DC=medcon,DC=com';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
# admin user.
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'CN=Ilan Gresserman,OU=IT,OU=Lan Users,DC=medcon,DC=com';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'Thai1234';
# We only need to see users.
$Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} ='(objectClass=user)';
## Set up LDAP for finding Customers when creating tickets in the Agent Frontend.
$Self->{CustomerUser} = {
Name => '10.90.1.5',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
# Parameters are basically the same as above.
Host => '10.90.1.5',
BaseDN => 'OU=Lan Users,DC=medcon,DC=com',
SSCOPE => 'sub',
UserDN => 'CN=Ilan Gresserman,OU=IT,OU=Lan Users,DC=medcon,DC=com',
UserPw => 'Thai1234',
# if your frontend is e. g. iso-8859-1 and the charset of your
# ldap server is utf-8, use this options (if not, ignore it)
### IMPORTANT FOR NON-ENGLISH USERS WITH SPECIAL CHARACTERS ###
# You *have* to specify the SourceCharset below, else OTRS will default to
# iso8859-1 (I think), and special characters will be garbled. This took me
# half a day to figure out.
SourceCharset => 'utf-8',
DestCharset => 'utf-8',
# We only need to see users. Not computers and no disabled users.
AlwaysFilter => '(objectClass=user)',
},
CustomerKey => 'sAMAccountName',
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
## Set-up the fields you want to import from LDAP.
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
# [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
# [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
# [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
made apache restart.
log:
[Tue Jun 26 00:34:07 2012][Notice][Kernel::System::Auth::DB::Auth] User: ilang doesn't exist or is invalid!!! (REMOTE_ADDR: 10.90.3.20)
[Tue Jun 26 00:34:07 2012][Error][Kernel::System::User::UserLookup][797] No UserID found for 'ilang'!
ldap authentication fails
Moderator: crythias
Re: ldap authentication fails
OK, after another research I changed the configuration to:
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = '10.90.1.5';
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=medcon, dc=com';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=Ilan Gresserman,OU=IT,OU=Lan Users,DC=medcon,DC=com';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'T';
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = '10.90.1.5';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'OU=Lan Users,DC=medcon,DC=com';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'CN=Ilan Gresserman,OU=IT,OU=Lan Users,DC=medcon,DC=com';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = '';
# CustomerUser
# (customer ldap backend and settings)
$Self->{CustomerUser} = {
Name => 'LDAP Data Source',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
# ldap host
Host => '10.90.1.5',
# ldap base dn
BaseDN => 'OU=Lan Users,DC=medcon,DC=com',
# search scope (one|sub)
SSCOPE => 'sub',
# The following is valid but would only be necessary if the
# anonymous user does NOT have permission to read from the LDAP tree
UserDN => 'CN=Ilan Gresserman,OU=IT,OU=Lan Users,DC=medcon,DC=com',
UserPw => '',
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
AlwaysFilter => '(objectclass=user)',
# if both your frontend and your LDAP are unicode, use this:
SourceCharset => 'utf-8',
DestCharset => 'utf-8',
# if your frontend is unicode and the charset of your
# ldap server is iso-8859-1, use these options.
# SourceCharset => 'iso-8859-1',
# DestCharset => 'utf-8',
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
Params => {
port => 389,
timeout => 120,
async => 0,
version => 3,
},
},
# customer unique id
CustomerKey => 'uid',
# customer #
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
# show not own tickets in customer panel, CompanyTickets
CustomerUserExcludePrimaryCustomerID => 0,
# add an ldap filter for valid users (expert setting)
# CustomerUserValidFilter => '(!(description=locked))',
# administrator can't change customer preferences
AdminSetPreferences => 0,
# # cache time to live in sec. - cache any database queries
# CacheTTL => 0,
Map => [
# note: Login, Email and CustomerID are mandatory!
# var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly
[ 'UserTitle', 'Title', 'title', 1, 0, 'var', '', 0 ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var', '', 0 ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var', '', 0 ],
[ 'UserLogin', 'Username', 'uid', 1, 1, 'var', '', 0 ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var', '', 0 ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var', '', 0 ],
# [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1, 0, 'var', '', 0 ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var', '', 0 ],
[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var', '', 0 ],
[ 'UserComment', 'Comment', 'description', 1, 0, 'var', '', 0 ],
],
};
now i get : Panic, user authenticated but no user data can be found in OTRS DB!! Perhaps the user is invalid.
Can somebody help with this?
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = '10.90.1.5';
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=medcon, dc=com';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=Ilan Gresserman,OU=IT,OU=Lan Users,DC=medcon,DC=com';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'T';
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = '10.90.1.5';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'OU=Lan Users,DC=medcon,DC=com';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'CN=Ilan Gresserman,OU=IT,OU=Lan Users,DC=medcon,DC=com';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = '';
# CustomerUser
# (customer ldap backend and settings)
$Self->{CustomerUser} = {
Name => 'LDAP Data Source',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
# ldap host
Host => '10.90.1.5',
# ldap base dn
BaseDN => 'OU=Lan Users,DC=medcon,DC=com',
# search scope (one|sub)
SSCOPE => 'sub',
# The following is valid but would only be necessary if the
# anonymous user does NOT have permission to read from the LDAP tree
UserDN => 'CN=Ilan Gresserman,OU=IT,OU=Lan Users,DC=medcon,DC=com',
UserPw => '',
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
AlwaysFilter => '(objectclass=user)',
# if both your frontend and your LDAP are unicode, use this:
SourceCharset => 'utf-8',
DestCharset => 'utf-8',
# if your frontend is unicode and the charset of your
# ldap server is iso-8859-1, use these options.
# SourceCharset => 'iso-8859-1',
# DestCharset => 'utf-8',
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
Params => {
port => 389,
timeout => 120,
async => 0,
version => 3,
},
},
# customer unique id
CustomerKey => 'uid',
# customer #
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
# show not own tickets in customer panel, CompanyTickets
CustomerUserExcludePrimaryCustomerID => 0,
# add an ldap filter for valid users (expert setting)
# CustomerUserValidFilter => '(!(description=locked))',
# administrator can't change customer preferences
AdminSetPreferences => 0,
# # cache time to live in sec. - cache any database queries
# CacheTTL => 0,
Map => [
# note: Login, Email and CustomerID are mandatory!
# var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly
[ 'UserTitle', 'Title', 'title', 1, 0, 'var', '', 0 ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var', '', 0 ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var', '', 0 ],
[ 'UserLogin', 'Username', 'uid', 1, 1, 'var', '', 0 ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var', '', 0 ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var', '', 0 ],
# [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1, 0, 'var', '', 0 ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var', '', 0 ],
[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var', '', 0 ],
[ 'UserComment', 'Comment', 'description', 1, 0, 'var', '', 0 ],
],
};
now i get : Panic, user authenticated but no user data can be found in OTRS DB!! Perhaps the user is invalid.
Can somebody help with this?
-
crythias
- Moderator
- Posts: 10170
- Joined: 04 May 2010, 18:38
- Znuny Version: 5.0.x
- Location: SouthWest Florida, USA
- Contact:
Re: ldap authentication fails
Agents need to be added manually to the database or members of the OTRS_Agents group in LDAP/Active Directory.
OTRS 6.0.x (private/testing/public) on Linux with MySQL database.
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask