[SOLVED] HELP !! AD auth give panic?

[Rippie]

Hi everyone,

I would very much like to know if this http://www.youtube.com/watch?v=ZwODnB5L5lM is still the way to integrate AD for your agents?

Ronnie

[crythias]

Probably. My howto has links to all the appropriate documentation which itself has examples, and the wiki does, too.
viewtopic.php?f=60&t=16543

[Rippie]

Perfect!!

This will get me going

[Rippie]

Can someone help me with what I am doing wrong? I keep getting Panic that my user is authenticated but not in the DB. Followed a very good youtube video step by step and it works for him but not for me.

Youtube video: http://www.youtube.com/watch?v=ZwODnB5L5lM

Code: Select all

# --
# Kernel/Config.pm - Config file for OTRS kernel
# Copyright (C) 2001-2011 xxx, http://otrs.org/
# --
# $Id: Config.pm.dist,v 1.25 2011/09/16 10:58:28 mg Exp $
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (AGPL). If you
# did not receive this file, see http://www.gnu.org/licenses/agpl.txt.
# --
#  Note:
#
#  -->> OTRS does have a lot of config settings. For more settings
#       (Notifications, Ticket::ViewAccelerator, Ticket::NumberGenerator,
#       LDAP, PostMaster, Session, Preferences, ...) see
#       Kernel/Config/Defaults.pm and copy your wanted lines into "this"
#       config file. This file will not be changed on update!
#
# --

package Kernel::Config;

use utf8;

sub Load {
    my $Self = shift;
    # ---------------------------------------------------- #
    # ---------------------------------------------------- #
    #                                                      #
    #         Start of your own config options!!!          #
    #                                                      #
    # ---------------------------------------------------- #
    # ---------------------------------------------------- #

    # ---------------------------------------------------- #
    # database settings                                    #
    # ---------------------------------------------------- #
    # DatabaseHost
    # (The database host.)
    $Self->{'DatabaseHost'} = 'localhost';
    # Database
    # (The database name.)
    $Self->{'Database'} = 'otrs';
    # DatabaseUser
    # (The database user.)
    $Self->{'DatabaseUser'} = 'otrs';
    # DatabasePw
    # (The password of database user. You also can use bin/otrs.CryptPassword.pl
    # for crypted passwords.)
    $Self->{'DatabasePw'} = 'hot';
    # DatabaseDSN
    # (The database DSN for MySQL ==> more: "man DBD::mysql")
    $Self->{DatabaseDSN} = "DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost};";

    # (The database DSN for PostgreSQL ==> more: "man DBD::Pg")
    # if you want to use a local socket connection
#    $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};";
    # if you want to use a tcpip connection
#    $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};host=$Self->{DatabaseHost};";
    # if you have PostgresSQL 8.1 or earlier, activate the legacy driver with this line:
#    $Self->{DatabasePostgresqlBefore82} = 1;

    # ---------------------------------------------------- #
    # fs root directory
    # ---------------------------------------------------- #
    $Self->{Home} = '/opt/otrs';

    # ---------------------------------------------------- #
    # insert your own config settings "here"               #
    # config settings taken from Kernel/Config/Defaults.pm #
    # ---------------------------------------------------- #
    # $Self->{SessionUseCookie} = 0;
    # $Self->{CheckMXRecord} = 0;

    # ---------------------------------------------------- #

    # ---------------------------------------------------- #
    # data inserted by installer                           #
    # ---------------------------------------------------- #
    # $DIBI$

    # This is an example configuration for an LDAP auth. backend.
    # (take care that Net::LDAP is installed!)
   $Self->{'AuthModule1'} = 'Kernel::System::Auth::LDAP';
   $Self->{'AuthModule::LDAP::Host1'} = '10.237.100.32';
   $Self->{'AuthModule::LDAP::BaseDN1'} = 'DC=ad,DC=DNSArrow,DC=co,DC=uk';
   $Self->{'AuthModule::LDAP::UID1'} = 'sAMAccountName';

    # The following is valid but would only be necessary if the
    # anonymous user do NOT have permission to read from the LDAP tree
    $Self->{'AuthModule::LDAP::SearchUserDN1'} = 'CN=Ronnie Jorgensen,OU=Technical Users,OU=Campus Nottingham,DC=ad,DC=DNSArrow,DC=co,DC=uk';
    $Self->{'AuthModule::LDAP::SearchUserPw1'} = 'password';

    # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
   $Self->{'AuthModule::LDAP::Params1'} = {
       port    => 389,
       timeout => 120,
       async   => 0,
       version => 3,
   };

    # --------------------------------------------------- #
    # authentication sync settings                        #
    # (enable agent data sync. after succsessful          #
    # authentication)                                     #
    # --------------------------------------------------- #
    # This is an example configuration for an LDAP auth sync. backend.
    # (take care that Net::LDAP is installed!)
   $Self->{'AuthSyncModule1'} = 'Kernel::System::Auth::Sync::LDAP';
   $Self->{'AuthSyncModule::LDAP::Host1'} = '10.237.100.32';
   $Self->{'AuthSyncModule::LDAP::BaseDN1'} = 'DC=ad,DC=DNSArrow,DC=co,DC=uk';
   $Self->{'AuthSyncModule::LDAP::UID1'} = 'sAMAccountName';

    # The following is valid but would only be necessary if the
    # anonymous user do NOT have permission to read from the LDAP tree
   $Self->{'AuthSyncModule::LDAP::SearchUserDN1'} = 'CN=Ronnie Jorgensen,OU=Technical Users,OU=Campus Nottingham,DC=ad,DC=DNSArrow,DC=co,DC=uk';
   $Self->{'AuthSyncModule::LDAP::SearchUserPw1'} = 'password';

    # AuthSyncModule::LDAP::UserSyncMap
    # (map if agent should create/synced from LDAP to DB after successful login)
   $Self->{'AuthSyncModule::LDAP::UserSyncMap1'} = {
       # DB -> LDAP
       UserFirstname => 'givenName',
       UserLastname  => 'sn',
       UserEmail     => 'mail',
   };

    # In case you need to use OTRS in iso-charset, you can define this
    # by using this option (converts utf-8 data from LDAP to iso).
#    $Self->{'AuthSyncModule::LDAP::Charset'} = 'iso-8859-1';

    # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
#    $Self->{'AuthSyncModule::LDAP::Params'} = {
#        port    => 389,
#        timeout => 120,
#        async   => 0,
#        version => 3,
#    };

    # Die if backend can't work, e. g. can't connect to server.
#    $Self->{'AuthSyncModule::LDAP::Die'} = 1;   
   
    # Die if backend can't work, e. g. can't connect to server.
#    $Self->{'AuthModule::LDAP::Die'} = 1;	
	
	
	
    # ---------------------------------------------------- #
    # ---------------------------------------------------- #
    #                                                      #
    #           End of your own config options!!!          #
    #                                                      #
    # ---------------------------------------------------- #
    # ---------------------------------------------------- #
}

# ---------------------------------------------------- #
# needed system stuff (don't edit this)                #
# ---------------------------------------------------- #
use strict;
use warnings;

use vars qw(@ISA $VERSION);
$VERSION = qw($Revision: 1.25 $)[1];

use Kernel::Config::Defaults;
push (@ISA, 'Kernel::Config::Defaults');

# -----------------------------------------------------#

1;

[crythias]

Code: Select all

$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
    'users',
];

[Rippie]

I did not spot that in the defaults.pm. however i added that bit in. I take it i need the number 1 adding to it as i have with all the other stuff about ldap auth and sync?

Code: Select all

$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups1'} = [
    'users',
];

And placed it below this code

Code: Select all

    # AuthSyncModule::LDAP::UserSyncMap
    # (map if agent should create/synced from LDAP to DB after successful login)
   $Self->{'AuthSyncModule::LDAP::UserSyncMap1'} = {
       # DB -> LDAP
       UserFirstname => 'givenName',
       UserLastname  => 'sn',
       UserEmail     => 'mail',
   };

But i still get the error

[crythias]

Please post the exact error you're getting. (From the logs)

[Rippie]

This is a bit embarrising. but i dont actually know where the log files are.. thought they should be under /opt/otrs/var/log .... there is only a ticket.pm or something similar.

Any help please?

[crythias]

if you're in linux, the error messages are going to be in Admin, System Log and or /var/log/syslog or /var/log/messages. In windows it would be otrs/var/log/otrs.log

[Rippie]

Below is what appears in the system log. 10.237.100.51 is my desktop IP. It is not referenced in the config.pm file.

Code: Select all

Aug 24 09:42:17 otrs OTRS-CGI-10[1077]: [Notice][Kernel::System::AuthSession::DB::CheckSessionID] SessionID: '10a46568b8a5e0898519e4ff89f0e4f9d0' is invalid!!!
Aug 24 09:42:20 otrs OTRS-CGI-10[1077]: [Notice][Kernel::System::AuthSession::DB::CheckSessionID] SessionID: '10a46568b8a5e0898519e4ff89f0e4f9d0' is invalid!!!
Aug 24 09:42:37 otrs OTRS-CGI-10[1077]: [Notice][Kernel::System::Auth::DB::Auth] User: r_jorgensen doesn't exist or is invalid!!! (REMOTE_ADDR: 10.237.100.51)
Aug 24 09:42:38 otrs OTRS-CGI-10[1077]: [Notice][Kernel::System::Auth::LDAP::Auth] User: r_jorgensen (CN=Ronnie Jorgensen,OU=Technical Users,OU=Campus Nottingham,DC=ad,DC=DNSArrow,DC=co,DC=uk) authentication ok (REMOTE_ADDR: 10.237.100.51).
Aug 24 09:42:38 otrs OTRS-CGI-10[1077]: [Notice][Kernel::System::User::GetUserData] Panic! No UserData for user: 'r_jorgensen'!!!
Aug 24 09:43:01 otrs CRON[15106]: (otrs) CMD ($HOME/bin/otrs.PostMasterMailbox.pl >> /dev/null)
Aug 24 09:44:01 otrs CRON[15110]: (otrs) CMD ($HOME/bin/otrs.PostMasterMailbox.pl >> /dev/null)
Aug 24 09:45:01 otrs CRON[15114]: (otrs) CMD ($HOME/bin/otrs.PostMasterMailbox.pl >> /dev/null)
Aug 24 09:45:08 otrs OTRS-CGI-10[1077]: [Error][Kernel::System::CheckItem::CheckEmail][Line:205]: DNS problem: query timed out
Aug 24 09:45:08 otrs OTRS-CGI-10[1077]: [Error][Kernel::System::User::UserAdd][Line:356]: Email address (ronnie.jorgensen@arrowecs.co.uk) not valid (invalid ronnie.jorgensen@arrowecs.co.uk (DNS problem: query timed out)! )!
Aug 24 09:45:08 otrs OTRS-CGI-10[1077]: [Error][Kernel::System::Auth::Sync::LDAP::Sync][Line:262]: Can't create user 'r_jorgensen' (CN=Ronnie Jorgensen,OU=Technical Users,OU=Campus Nottingham,DC=ad,DC=DNSArrow,DC=co,DC=uk) in RDBMS!
Aug 24 09:45:08 otrs OTRS-CGI-10[1077]: [Error][Kernel::System::User::UserLookup][Line:797]: No UserID found for 'r_jorgensen'!
Aug 24 09:45:08 otrs OTRS-CGI-10[1077]: [Error][Kernel::System::User::UserLookup][Line:797]: No UserID found for 'r_jorgensen'!
Aug 24 09:45:08 otrs OTRS-CGI-10[1077]: [Notice][Kernel::System::User::GetUserData] Panic! No UserData for user: 'r_jorgensen'!!!

[jojo]

your DNS is not working:

Aug 24 09:45:08 otrs OTRS-CGI-10[1077]: [Error][Kernel::System::CheckItem::CheckEmail][Line:205]: DNS problem: query timed out
Aug 24 09:45:08 otrs OTRS-CGI-10[1077]: [Error][Kernel::System::User::UserAdd][Line:356]: Email address (ronnie.jorgensen@arrowecs.co.uk) not valid (invalid ronnie.jorgensen@arrowecs.co.uk (DNS problem: query timed out)! )!

[Rippie]

Changed to a windows server and did a re-install - AD auth is now working fine

Cheers everyone

[crythias]

Changed to a windows server

I've never had to do that....

[jojo]

DNS was not resolving on his Linux box....