Debian Squeeze, ZZZAuth.pm fehlt, kein Agent Auth

cornelinux · Post by **cornelinux** » 10 Mar 2010, 17:53

Hallo,

ich habe zwar gesehen, dass es schon einige Probleme mit debian Squeeze hier gab, aber ich habe ein neues!

Ich betreibe hier eine AD-Anbindung. Die Authentisierung der internen Kunden funktioniert wunderbar. Lediglich die Auth von Agents klappt nicht. Das ist das otrs 2.4.7-2 das mit squeeze mitkommt. Eine vergleichbare Konfig hatte ich schon mit 2.2er Versionen am Laufen.

Der Agent, der sich anmelden will, produziert eine Panic, er wird zwar authentisiert (gegens AD) aber nicht im OTRS DB gefunden.
Außerdem habe ich dieses Problem in den Logfiles:

Code: Select all

ERROR: No such file or directory: /usr/share/otrs/Kernel/Config/Files/ZZZAuto.pm

Meine Config.pm sieht wie folgt aus:

Code: Select all


        $Self->{'DefaultUsedLanguages'} = { 'de' => 'Deutsch', 'en' => 'English' };
        $Self->{'DefaultLanguage'} = 'de';
        $Self->{'AdminEmail'} = 'administrator@domain';
        $Self->{'Organization'} = 'Kunde';

        $Self->{'CheckMXRecord'} = '0';
        $Self->{'CheckEmailAddresses'} = '1';

        $Self->{'HttpType'} = 'http';
        $Self->{'FQDN'} = 'firma19.firma.local';
        $Self->{'NotificationSenderEmail'} = 'otrs@domain';
        $Self->{'NotificationSenderName'} = 'OTRS Notification Master';

        $Self->{'TimeWorkingHours'} = {
        Mon => [ 8,9,10,11,12,13,14,15,16 ],
        Tue => [ 8,9,10,11,12,13,14,15,16 ],
        Wed => [ 8,9,10,11,12,13,14,15,16 ],
        Thu => [ 8,9,10,11,12,13,14,15,16 ],
        Fri => [ 8,9,10,11,12,13,14,15,16 ],
        Sat => [ ],
        Sun => [ ],
        };

        $Self->{'TimeVacationDays'} = {
        1  => {
                1 => "Neujahr",
        },
        10 => {
                3 => "Tag der deutschen Einheit",
        },
        12 => {
                24 => "Heilig Abend",
                25 => "Erster Weihnachtsfeiertag",
                26 => "Zweiter Weihnachtsfeiertag",
                31 => "Silvester",
        },
        };

        $Self->{'CustomerGroupSupport'} = '0';

#        $Self->{'DefaultCharset'} = 'utf-8';

        #Enable LDAP authentication for Customers / Users
        $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
        $Self->{'Customer::AuthModule::LDAP::Host'} = '10.0.0.1';
        $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=software_konfiguration,ou=users,ou=firmaOU,dc=firma,dc=local';
        $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';

        #The following is valid but would only be necessary if the
        #anonymous user do NOT have permission to read from the LDAP tree
        $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'CN=otrs serviceaccount,ou=service_users,ou=users,ou=firmaOU,dc=firma,dc=local';
        $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'abcdefg';


        $Self->{CustomerUser} = {
             Name => 'firma LDAP source',
             Module => 'Kernel::System::CustomerUser::LDAP',
             Params => {
                     Host => '10.0.0.1',
                     BaseDN => 'ou=software_konfiguration,ou=users,ou=firmaOU,dc=firma,dc=local',
                     SSCOPE => 'sub',
                     UserDN =>'CN=otrs serviceaccount,ou=service_users,ou=users,ou=firmaOU,dc=firma,dc=local',
                     UserPw => 'eenae4baiJie',
#                     SourceCharset => 'utf-8',
#                     DestCharset => 'utf-8',
            },
            CustomerKey => 'sAMAccountName',
            CustomerID => 'mail',
            CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
            CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
            CustomerUserSearchPrefix => '',
            CustomerUserSearchSuffix => '*',
            CustomerUserSearchListLimit => 250,
            CustomerUserPostMasterSearchFields => ['mail'],
            CustomerUserNameFields => ['givenname', 'sn'],
            Map => [
              [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
              [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
              [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
              [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
              [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
              [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
            ],
        };


        #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        #
        # AD LDAP authentication CKO, agents
        #
        #Enable LDAP authentication for Customers / Users
        $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
        $Self->{'AuthModule::LDAP::Host'} = '10.0.0.1';
        $Self->{'AuthModule::LDAP::BaseDN'} = 'ou=software_konfiguration,ou=users,ou=firmaOU,dc=firma,dc=local';
        $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
        #The following is valid but would only be necessary if the
        #anonymous user do NOT have permission to read from the LDAP tree
        $Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=otrs serviceaccount,ou=service_users,ou=users,ou=firmaOU,dc=firma,dc=local';
        $Self->{'AuthModule::LDAP::SearchUserPw'} = 'abcdefg';

        $Self->{'AuthModule::LDAP::Params'} = {
                port => 389,
                timeout => 120,
                async => 0,
                version => 3,
        };
        # UserSyncLDAPMap (map if agent should create/synced from LDAP to DB after login)
        $Self->{UserSyncLDAPMap} = {
           # DB -> LDAP
           UserFirstname => 'givenName',
           UserLastname => 'sn',
           UserEmail => 'mail',
        };

        #$Self->{UserSyncLDAPGroups} = [
        #   'users',
        #];

        # UserTable
        $Self->{DatabaseUserTable} = 'users';
        $Self->{DatabaseUserTableUserID} = 'id';
        $Self->{DatabaseUserTableUserPW} = 'pw';
        $Self->{DatabaseUserTableUser} = 'login';
        #Add the following lines when only users are allowed to login if they reside in the spicified security group
        #Remove these lines if you want to provide login to all users specified in the User Base DN
        $Self->{'AuthModule::LDAP::GroupDN'} ='CN=otrsAgents,OU=Sgroups,OU=firmaOU,DC=firma,DC=local';
        $Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
        $Self->{'AuthModule::LDAP::UserAttr'} = 'DN';

Any hint is welcome.

...und demnächst downgrade ich auf Lenny

Vielen Dank und schönen Gruß
Cornelius