vielleicht kann mir jemand mit der LDAP Konfig helfen?
Ich will eigentlich Agents sowie Customer aus meiner ADS 2008 nutzen. Angefangen habe ich mit den Agents. Aber es klappt nicht.
Da es wirklich viele Blogs dazu gibt und ich schon so einige ohne Erfolg getestet habe, habe ich mich nun am Otterhub Wiki orientiert: http://wiki.otterhub.org/index.php?titl ... for_agents.
Ein
Code: Select all
ldapsearch -x -h 10.4.1.20 -b dc=tclsg,dc=local -D otrs@tclsg.local -WDie Gruppe OTRSA liegt unter "Users" in der ADS. Dort habe ich einen User drin. Wenn ich mich mit vorname.nachname anmelde, kommt dieser Fehler:
Login failed! Your username or password was entered incorrectly.
Code: Select all
# This is an example configuration for using an MS AD backend
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = '10.4.1.20';
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=tclsg,dc=local';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::SSCOPE'} = 'sub';
# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group OTRS_Agents to use otrs)
$Self->{'AuthModule::LDAP::GroupDN'} = 'cn=OTRSA,cn=Users,dc=tclsg,dc=local';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
# Bind credentials to log into AD
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'otrs@tclsg.local';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'password;
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
$Self->{'AuthModule::LDAP::AlwaysFilter'} = '';
# in case you want to add a suffix to each login name, then
# you can use this option. e. g. user just want to use user but
# in your ldap directory exists user@domain.
#$Self->{'AuthModule::LDAP::UserSuffix'} = '';
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
# Now sync data with OTRS DB
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = '10.4.1.20';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=tclsg, dc=local';
$Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'otrs@tclsg.local';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'password';
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
# DB -> LDAP
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
UserLogin => 'sAMAccountName',
};
# AuthSyncModule::LDAP::UserSyncInitialGroups
# (sync following group with rw permission after initial create of first agent
# login)
$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
'users',
];Vielen Dank schon mal.
[edit]
Ich habe mich nun
an die Vorlage von Boris gehalten. Damit hat es funktioniert.http://lists.otrs.org/pipermail/otrs-de ... 13350.html
Code: Select all
$Self->{'AuthModule1'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host1'} = 'IP';
$Self->{'AuthModule::LDAP::BaseDN1'} = 'dc=domain,dc=local';
$Self->{'AuthModule::LDAP::UID1'} = 'samaccountname';
$Self->{'AuthModule::LDAP::GroupDN1'} = 'CN=OTRSA,CN=Users,DC=domain,DC=local';
$Self->{'AuthModule::LDAP::AccessAttr1'} = 'member';
$Self->{'AuthModule::LDAP::UserAttr1'} = 'DN';
$Self->{'AuthModule::LDAP::SearchUserDN1'} = 'otrs@domain.local';
$Self->{'AuthModule::LDAP::SearchUserPw1'} = 'passwort';
$Self->{'UserSyncLDAPMap1'} = {
'UserEmail' => 'mail',
'UserFirstname' => 'givenName',
'UserLastname' => 'sn',
'UserLogin' => 'sAMAccountName',
};
# agent data sync against ldap
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = 'IP;
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=domain, dc=local';
$Self->{'AuthSyncModule::LDAP::UID'} = 'samaccountname';
$Self->{'AuthSyncModule::LDAP::GroupDN'} = 'CN=OTRSA,CN=Users,DC=domain,DC=local';
$Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthSyncModule::LDAP::UserAttr'} = 'DN';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'otrs@domain.local';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'passwort;
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
# # DB -> LDAP
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
UserLogin => 'sAMAccountName',
};
################################################################################################################################
#------------------------------------------------------------------------------------------------------------------------------#
# Customer #
#------------------------------------------------------------------------------------------------------------------------------#
$Self->{'Customer::AuthModule1'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host1'} = 'IP';
$Self->{'Customer::AuthModule::LDAP::BaseDN1'} ='DC=domain,DC=local';
$Self->{'Customer::AuthModule::LDAP::UID1'} = 'sAMAccountName';
$Self->{'Customer::AuthModule::LDAP::GroupDN1'} = 'CN=OTRSC,CN=Users,DC=domain,DC=local';
$Self->{'Customer::AuthModule::LDAP::AccessAttr1'} = 'member';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN1'} = 'otrs@domain.local';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw1'} = 'passwort';
$Self->{'Customer::AuthModule::LDAP::Params1'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
#------------------------------------------------------------------------------------------------------------------------------#
# LDAP System Users #
#------------------------------------------------------------------------------------------------------------------------------#
$Self->{'AuthModule1'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host1'} = 'IP';
$Self->{'AuthModule::LDAP::BaseDN1'} = 'DC=domain,DC=local';
$Self->{'AuthModule::LDAP::UID1'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::SearchUserDN1'} = 'otrs@domain.local';
$Self->{'AuthModule::LDAP::SearchUserPw1'} = 'passwort';
$Self->{'AuthModule::LDAP::Params1'} = {
'async' => '0',
'timeout' => '120',
'version' => '3',
'port' => '389'
};
$Self->{'AuthModule::LDAP::Die1'} = 1;
#------------------------------------------------------------------------------------------------------------------------------#
# UserSyncLDAPMap #
#------------------------------------------------------------------------------------------------------------------------------#
$Self->{'UserSyncLDAPMap1'} = {
'UserEmail' => 'mail',
'UserFirstname' => 'givenName',
'UserLastname' => 'sn',
'UserLogin' => 'sAMAccountName'
};
$Self->{CustomerUser1} = {
Name => 'Firma Customer',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'IP',
BaseDN => 'DC=domain,DC=local',
SSCOPE => 'sub',
UserDN => 'otrs@domain.local',
UserPw => 'passwort',
AlwaysFilter => '(&(objectclass=user)(mail=*.*@domain.domain))',
},
CustomerKey => 'sAMAccountName',
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
CustomerUserSearchListLimit => 1000,
Map => [
[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
],
};
#------------------------------------------------------------------------------------------------------------------------------#
# Firma Ende #
#------------------------------------------------------------------------------------------------------------------------------#
################################################################################################################################