LDAP configuration with uniqueMember?

Moderator: crythias

Locked
AlexG
Znuny newbie
Posts: 48
Joined: 11 Mar 2011, 08:34
Znuny Version: 3.2.10

LDAP configuration with uniqueMember?

Post by AlexG »

Hello People,

I got a LDAP/AD configuration and need to authenticate the agents with the uniqueMember attribute.

Does this generally work? If yes, how should I configure OTRS?

The Log:
[Kernel::System::Auth::LDAP::Auth] User: otrs1 authentication failed, no LDAP entry found!BaseDN='ou=group,dc=com', Filter='(cn=otrs1)'
The same error with BaseDN: ou=otrsgroup,ou=group,dc=com
[Kernel::System::Auth::LDAP::Auth] User: otrs1 authentication failed, no LDAP entry found!BaseDN='ou=otrsgroup,ou=group,dc=com', Filter='(cn=otrs1)'

This is my latest configuration:

$Self->{AuthModule} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'ldap.domain.com';
$Self->{'AuthModule::LDAP::BaseDN'} = 'ou=group,dc=com';
$Self->{'AuthModule::LDAP::UID'} = 'cn';
$Self->{'AuthModule::LDAP::GroupDN'} = 'cn=otrsgroup,ou=group,dc=de';
$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'uniqueMember';

The ldap search looks like this:

dn: ou=otrsgroup,ou=group,dc=com
ou: otrsgroup
objectClass: groupOfUniqueNames
objectClass: top
uniqueMember: cn=Name One,ou=A,ou=CD,ou=INTERNAL,ou=ABC,dc=other-domain,dc=com
uniqueMember: cn=Name Two,ou=A,ou=CD,ou=INTERNAL,ou=ABC,dc=other-domain,dc=com
uniqueMember: cn=Name Three,ou=A,ou=CD,ou=INTERNAL,ou=ABC,dc=other-domain,dc=com
uniqueMember: cn=otrs2,ou=Users,dc=com
uniqueMember: uid=otrs1,ou=Users,dc=com
uniqueMember: cn=Name Four,ou=B,ou=CD,ou=INTERNAL,ou=ABC,dc=other-domain,dc=com


Do you have any ideas how to configure to authenticate any of this uniqueMembers?


AlexG
OTRS 3.2.10
ITSM 3.2.9
Top
crythias
Moderator
Posts: 10170
Joined: 04 May 2010, 18:38
Znuny Version: 5.0.x
Location: SouthWest Florida, USA
Contact:
Contact crythias

Re: LDAP configuration with uniqueMember?

Post by crythias »

AccessAttr is the attribute assigned to the user, not the group's members.

In active directory, the ldapsearch will be on the user, and the user's ldap attributes indicating member or memberOf
OTRS 6.0.x (private/testing/public) on Linux with MySQL database.
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
Top
AlexG
Znuny newbie
Posts: 48
Joined: 11 Mar 2011, 08:34
Znuny Version: 3.2.10

Re: LDAP configuration with uniqueMember?

Post by AlexG »

If I get that right, you say I should remove AccessAttr and try something like this?

$Self->{'AuthModule::LDAP::UserAttr'} = 'member';
$Self->{'AuthModule::LDAP::UserAttr'} = 'memberof';
$Self->{'AuthModule::LDAP::UserAttr'} = 'uniqueMember';
OTRS 3.2.10
ITSM 3.2.9
Top
crythias
Moderator
Posts: 10170
Joined: 04 May 2010, 18:38
Znuny Version: 5.0.x
Location: SouthWest Florida, USA
Contact:
Contact crythias

Re: LDAP configuration with uniqueMember?

Post by crythias »

No, I'm saying to do an ldap search on the user and determine the ldap attribute that is used to indicate membership of a group. This is not the same as the group's members. This is the member's (user's) groups.

Whatever ldap attribute is displayed is the value attached on the right hand to the key:
$Self->{'AuthModule::LDAP::AccessAttr'} = 'whateverldapattribute';
OTRS 6.0.x (private/testing/public) on Linux with MySQL database.
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
Top
Locked

Return to “Help”