Nach erstem Login LDAP -> DB

Hilfe zu Znuny Problemen aller Art
Forum rules
Locked
CrazyER
Znuny newbie
Posts: 2
Joined: 08 Apr 2008, 15:11

Nach erstem Login LDAP -> DB

Post by CrazyER »

Hallo zusammen,

ich möchte folgendes erreichen, wenn sich ein Benutzer das erstemal anmeldet, sollen die Daten von der LDAP Quelle in die lokale datenbank syncronisiert werden.

Ich bin der Meinung, das ich es auch fast haben, nur ich bekommen beim anmelden als Benutzer folgendes Logfile:

Code: Select all

Unknown column 'givenname' in 'field list', SQL: 'SELECT title, givenname, sn, sAMAccountName, mail, sAMAccountName, telephonenumber, description, sAMAccountName FROM customer_user WHERE LOWER(sAMAccountName) = LOWER('zzuser3')'
Meine Config.pm sieht folgendermassen aus:

Code: Select all


    # DatabaseHost
    # (The database host.)
    $Self->{'DatabaseHost'} = 'localhost';
    # Database
    # (The database name.)
    $Self->{'Database'} = 'otrs';
    # DatabaseUser
    # (The database user.)
    $Self->{'DatabaseUser'} = 'admin';
    # DatabasePw
    # (The password of database user. You also can use bin/CryptPassword.pl
    # for crypted passwords.)
    $Self->{'DatabasePw'} = 'XXX';
    # DatabaseDSN
    # (The database DSN for MySQL ==> more: "man DBD::mysql")
    $Self->{DatabaseDSN} = "DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost};";

    # (The database DSN for PostgreSQL ==> more: "man DBD::Pg")
    # if you want to use a local socket connection
#    $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};";
    # if you want to use a tcpip connection
#    $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};host=$Self->{DatabaseHost};";


$Self->{CustomerUser1} = {
    Name => 'Datenbank',
    Module => 'Kernel::System::CustomerUser::DB',
    Params => {
        DSN => 'DBI:mysql:database=otrs;host=localhost',
        User => 'admin',
        Password => 'XXX',
        Table => 'customer_user',
    },

 # customer uniq id
        CustomerKey => 'sAMAccountName',
        # customer #
        CustomerID => 'mail',
        CustomerUserListFields => ['cn', 'mail'],
        CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
        CustomerUserSearchPrefix => '',
        CustomerUserSearchSuffix => '*',
        CustomerUserSearchListLimit => 999,
        CustomerUserPostMasterSearchFields => ['mail'],
        CustomerUserNameFields => ['givenname', 'sn'],
        # show now own tickets in customer panel, CompanyTickets
        CustomerUserExcludePrimaryCustomerID => 0,
        # add a ldap filter for valid users (expert setting)
#       CustomerUserValidFilter => '(!(description=gesperrt))',
        # admin can't change customer preferences
        AdminSetPreferences => 1,
        Map => [
            # note: Login, Email and CustomerID needed!
            # var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly
            [ 'UserSalutation', 'Title',                'title',                1, 0, 'var', '', 0 ],
            [ 'UserFirstname',  'Firstname',            'givenname',            1, 1, 'var', '', 0 ],
            [ 'UserLastname',   'Lastname',             'sn',                   1, 1, 'var', '', 0 ],
            [ 'UserLogin',      'Login',                'sAMAccountName',       1, 1, 'var', '', 0 ],
            [ 'UserEmail',      'Email',                'mail',                 1, 1, 'var', '', 0 ],
            [ 'UserCustomerID', 'CustomerID',           'sAMAccountName',       0, 1, 'var', '', 0 ],
            [ 'UserPhone',      'Phone',                'telephonenumber',      1, 0, 'var', '', 0 ],
            [ 'UserComment',    'Comments',             'description',          1, 0, 'var', '', 0 ],
        ],
    };


# ---------------------------------------------------------------------------------------------------------------
#                 LDAP settings
# ---------------------------------------------------------------------------------------------------------------

    # CustomerUser
    # (customer user ldap backend and settings)
    $Self->{CustomerUser2} = {
        Name => 'LDAP Datenquelle',
        Module => 'Kernel::System::CustomerUser::LDAP',
        Params => {
            # ldap host
            Host => 'XXXdc2.XXX.XXX.de',
            # ldap base dn
            BaseDN => 'ou=XXX_Benutzer,dc=XXX,dc=XXX,dc=de',
            # search scope (one|sub)
            SSCOPE => 'sub',
#            # The following is valid but would only be necessary if the
#            # anonymous user does NOT have permission to read from the LDAP tree
            UserDN => 'OTRS',
            UserPw => 'XXX',
            # in case you want to add always one filter to each ldap query, use
            # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
            AlwaysFilter => '',
            # if your frontend is e. g. iso-8859-1 and the charset of your
            # ldap server is utf-8, use this options (if not, ignore it)
#            SourceCharset => 'utf-8',
#            DestCharset => 'iso-8859-1',
            # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
            Params => {
                port => 389,
                timeout => 120,
                async => 0,
                version => 3,
            },
        },

        # customer uniq id
        CustomerKey => 'sAMAccountName',
        # customer #
        CustomerID => 'mail',
        CustomerUserListFields => ['cn', 'mail'],
        CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
        CustomerUserSearchPrefix => '',
        CustomerUserSearchSuffix => '*',
        CustomerUserSearchListLimit => 999,
        CustomerUserPostMasterSearchFields => ['mail'],
        CustomerUserNameFields => ['givenname', 'sn'],
        # show now own tickets in customer panel, CompanyTickets
        CustomerUserExcludePrimaryCustomerID => 0,
        # add a ldap filter for valid users (expert setting)
#       CustomerUserValidFilter => '(!(description=gesperrt))',
        # admin can't change customer preferences
        AdminSetPreferences => 1,

        Map => [
            # note: Login, Email and CustomerID needed!
            # var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly
            [ 'UserSalutation', 'Title',               'title',                1, 0, 'var', '', 0 ],
            [ 'UserFirstname',  'Firstname',           'givenname',            1, 1, 'var', '', 0 ],
            [ 'UserLastname',   'Lastname',            'sn',                   1, 1, 'var', '', 0 ],
            [ 'UserLogin',      'Login',               'sAMAccountName',       1, 1, 'var', '', 0 ],
            [ 'UserEmail',      'Email',               'mail',                 1, 1, 'var', '', 0 ],
            [ 'UserCustomerID', 'CustomerID',          'sAMAccountName',       0, 1, 'var', '', 0 ],
            [ 'UserPhone',      'Phone',               'telephonenumber',      1, 0, 'var', '', 0 ],
            [ 'UserComment',    'Comments',            'description',          1, 0, 'var', '', 0 ],
        ],
            };



    # This is an example configuration for an LDAP auth. backend.
    # (take care that Net::LDAP is installed!)
    $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
    $Self->{'Customer::AuthModule::LDAP::Host'} = 'XXXdc2.XXX.XXX.de';
    $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=XXX,dc=XXX,dc=de';
    $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
    $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN';

    # The following is valid but would only be necessary if the
    # anonymous user do NOT have permission to read from the LDAP tree
    $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'CN=OTRS,OU=Dienstbenutzer,OU=XXX_Administration,DC=XXX,DC=XXX,DC=de';

    $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'XXXXX';

    # In case you want to convert all given usernames to lower letters you
    # should activate this option. It might be helpfull if databases are
    # in use that do not distinguish selects for upper and lower case letters
    # (Oracle, postgresql). User might be synched twice, if this option
    # is not in use.
#    $Self->{'AuthModule::LDAP::UserLowerCase'} = 0;


    # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
    $Self->{'AuthModule::LDAP::Params'} = {
        port => 389,
        timeout => 120,
        async => 0,
        version => 3,
                                          };


    # UserSyncLDAPMap
    # (map if agent should create/synced from LDAP to DB after login)
    $Self->{UserSyncLDAPMap} = {
#        # DB -> LDAP
        UserFirstname => 'givenname',
        UserLastname => 'sn',
        UserEmail => 'mail',
#       UserCustomerID => 'sAMAccountName',
#       UserLogin => 'sAMAccountName',
    };
Also irgendwie weiß er noch nicht, wohin er die Daten schreiben soll, steh aber irgendwie aufm schlauch.

Bin für jede Anregung Dankbar.
Grüße
CrazyER
Top
Simste
Znuny newbie
Posts: 53
Joined: 04 Jul 2012, 13:50
Znuny Version: 3.1.9
Real Name: Stefan Simmerstatter

Re: Nach erstem Login LDAP -> DB

Post by Simste »

Hallo

ist zwar schon ne weile her, aber hast du dazu schon ne Lösung gefunden?

Hab derzeit das selbe Problem.

Greez

Stefan
Produktiv:
OTRS 4.0.3@ Ubuntu Server 14.04.1
ITSM 4.0.3 @ Ubuntu Server 14.04.1
MySQL
Top
Locked

Return to “Hilfe”