LDAP for Agents and compilation aborted

[gibit]

Hi all
i'm trying to setup a new installation of OTRS 6 (6.0.7-01) on centos 7 , and i'm stuck at the LDAP configuration.
I need to set up only agents authentication
I'm tryin to follow all the advices from manuals and forums , but no way to have it working.
My config is basically the same i used to run with no problems on a previous OTRS 5 installation

When i try to start OTRS is complains about all the lines of code i have added for LDAP authentication

Global symbol "$Self" requires explicit package name at /opt/otrs/Kernel/Config.pm line 123.
Global symbol "$Self" requires explicit package name at /opt/otrs/Kernel/Config.pm line 124.
Global symbol "$Self" requires explicit package name at /opt/otrs/Kernel/Config.pm line 126.
Global symbol "$Self" requires explicit package name at /opt/otrs/Kernel/Config.pm line 127
BEGIN not safe after errors--compilation aborted at /opt/otrs/Kernel/Config.pm line 141
Compilation failed in require at /opt/otrs/Kernel/System/ObjectManager.pm line 24.
BEGIN failed--compilation aborted at /opt/otrs/Kernel/System/ObjectManager.pm line 24.
Compilation failed in require at /opt/otrs/bin/otrs.Daemon.pl line 35.
BEGIN failed--compilation aborted at /opt/otrs/bin/otrs.Daemon.pl line 35

This is what i have added to the config.pm


# AUTH LDAP AGENTS


$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'dc.dom.priv';
$Self->{'AuthModule::LDAP::BaseDN'} = 'ou=staff,dc=domain,dc=priv';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';

$Self->{'AuthModule::LDAP::SearchUserDN'} = 'cn=support_otrs,ou=ServiceAccounts,dc=domain,dc=priv';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'password';

$Self->{'AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};

$Self->{'AuthModule::LDAP::AlwaysFilter'} = '';


# SYNC LDAP AGENTS


$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = 'dc.dom.priv';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'ou=staff,dc=domain,dc=priv';
$Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'cn=support_otrs,ou=ServiceAccounts,dc=domain,dc=priv';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'password';

$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};

$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
'users',
];

What is wrong with this? Values are correct, and formatting seems ok to me
Maybe this part has to be added in a specific point inside config.pm ?
Any help will be really really appreciated!

gb

[gibit]

I have added a single parameter (sscope = 'sub' ) , and nothing else.
This time i have edited the config.pm file using vi , instead of the Winscp graphical editor
And i have placed the code right after this lines

# ---------------------------------------------------- #
# data inserted by installer #
# ---------------------------------------------------- #
# $DIBI$

Actually i dont know what of the above fixed , if anybody can explain i would be grateful

Code: Select all

$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'dc.dom.priv';
$Self->{'AuthModule::LDAP::BaseDN'} = 'ou=staff,dc=domain,dc=priv';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';

$Self->{'AuthModule::LDAP::SearchUserDN'} = 'cn=support_otrs,ou=ServiceAccounts,dc=domain,dc=priv';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'password';

$Self->{'AuthModule::LDAP::Params'} = {
    port => 389,
    timeout => 120,
    async => 0,
    version => 3,
   sscope => 'sub'  ## ADDED THIS
};

$Self->{'AuthModule::LDAP::AlwaysFilter'} = '';

$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = 'dc.dom.priv';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'ou=staff,dc=domain,dc=priv';
$Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'cn=support_otrs,ou=ServiceAccounts,dc=domain,dc=priv';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'password';


$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
    # DB -> LDAP
    UserFirstname => 'givenName',
    UserLastname  => 'sn',
    UserEmail     => 'mail',
};

$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
'users',
];

[wurzel]

Hi,

Did you migrate? Did you use a old Config.pm from previous installations?
can you share your full Config.pm please?


Flo

[gibit]

No i did not migrate, this is a fresh install, but i tried to add to config.pm the same code which was previously working on another OTRS 5s install

This is the full config.pm running now.
I don't have a copy of the config.pm with the non working version

Code: Select all

package Kernel::Config;

use strict;
use warnings;
use utf8;

sub Load {
    my $Self = shift;

    # ---------------------------------------------------- #
    # database settings                                    #
    # ---------------------------------------------------- #

    # The database host
    $Self->{'DatabaseHost'} = '127.0.0.1';

    # The database name
    $Self->{'Database'} = "otrs";

    # The database user
    $Self->{'DatabaseUser'} = "otrs";

    # The password of database user. You also can use bin/otrs.Console.pl Maint::Database::PasswordCrypt
    # for crypted passwords
    $Self->{'DatabasePw'} = 'uFdRnbwx117VYczG';

    # The database DSN for MySQL ==> more: "perldoc DBD::mysql"
    $Self->{'DatabaseDSN'} = "DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost}";

    # The database DSN for PostgreSQL ==> more: "perldoc DBD::Pg"
    # if you want to use a local socket connection
#    $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};";
    # if you want to use a TCP/IP connection
#    $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};host=$Self->{DatabaseHost};";

    # The database DSN for Microsoft SQL Server - only supported if OTRS is
    # installed on Windows as well
#    $Self->{DatabaseDSN} = "DBI:ODBC:driver={SQL Server};Database=$Self->{Database};Server=$Self->{DatabaseHost},1433";

    # The database DSN for Oracle ==> more: "perldoc DBD::oracle"
#    $Self->{DatabaseDSN} = "DBI:Oracle://$Self->{DatabaseHost}:1521/$Self->{Database}";
#
#    $ENV{ORACLE_HOME}     = '/path/to/your/oracle';
#    $ENV{NLS_DATE_FORMAT} = 'YYYY-MM-DD HH24:MI:SS';
#    $ENV{NLS_LANG}        = 'AMERICAN_AMERICA.AL32UTF8';

    # ---------------------------------------------------- #
    # fs root directory
    # ---------------------------------------------------- #
    $Self->{Home} = '/opt/otrs';

    # ---------------------------------------------------- #
    # insert your own config settings "here"               #
    # config settings taken from Kernel/Config/Defaults.pm #
    # ---------------------------------------------------- #
    # $Self->{SessionUseCookie} = 0;
    # $Self->{CheckMXRecord} = 0;

    # ---------------------------------------------------- #

    # ---------------------------------------------------- #
    # data inserted by installer                           #
    # ---------------------------------------------------- #
    # $DIBI$

#
# Configuration for agent ldap backend auth
#
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'ddd.ddd.ddd';
$Self->{'AuthModule::LDAP::BaseDN'} = 'ou=ddddd,dc=dddddd,dc=dddddd';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group OTRS_Agents to use otrs)
#$Self->{'AuthModule::LDAP::GroupDN'} = 'cn=Agents,ou=Groups,dc=domain,dc=tld';
#$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
#$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
# Bind credentials to log into AD
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'cn=dddd,ou=dddd,dc=ddd,dc=ddd';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'dddddd';
$Self->{'AuthModule::LDAP::AlwaysFilter'} = '';
# in case you want to add a suffix to each login name,  then
# you can use this option. e. g. user just want to use user but
# in your ldap directory exists user@domain.
#$Self->{'AuthModule::LDAP::UserSuffix'} = '';
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'AuthModule::LDAP::Params'} = {
    port => 389,
    timeout => 120,
    async => 0,
    version => 3,
    sscope => 'sub'
};
# Now sync data with OTRS DB
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = 'ddddd.dddd.ddd';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'ou=dddd,dc=ddddd,dc=ddd';
$Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'cn=dddddddd,ou=dddddddd,dc=ddddd,dc=dddd';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'ddddddd';
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
    # DB -> LDAP
    UserFirstname => 'givenName',
    UserLastname  => 'sn',
    UserEmail     => 'mail',
};
# AuthSyncModule::LDAP::UserSyncInitialGroups
# (sync following group with rw permission after initial create of first agent
# login)
$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
    'users',
];

    # ---------------------------------------------------- #
    # ---------------------------------------------------- #
    #                                                      #
    # end of your own config options!!!                    #
    #                                                      #
    # ---------------------------------------------------- #
    # ---------------------------------------------------- #

    return 1;
}

# ---------------------------------------------------- #
# needed system stuff (don't edit this)                #
# ---------------------------------------------------- #

use Kernel::Config::Defaults; # import Translatable()
use parent qw(Kernel::Config::Defaults);

# -----------------------------------------------------#

1;

[wurzel]

Hi,

if you don't have the non-running version, no one can find the error.

You should not have published your database password.


regards
Florian

[gibit]

thanks anyway for your help
i'll change the password..