I’m facing a specific issue with the customer interface (customer.pl) in Znuny 7.1.3 running on Debian 12, with integration to Active Directory via LDAP.
Environment:
Znuny 7.1.3 (manually installed in /opt/znuny)
Debian 12
Apache 2.4.62 + mod_perl
MySQL/MariaDB as the backend
Fully functional Active Directory, tested via ldapsearch
What is working:
The agent interface (index.pl) authenticates normally via LDAP.
The customer interface (customer.pl) loads and allows login for local database users (customer_user) when configured to use only the DB.
Testing with LDAP + DB fallback also worked at one point after some adjustments to the Config.pm structure.
In summary:
When I access index.pl, it authenticates the users and creates them in the MySQL database as expected.
However, when I try to authenticate via customer.pl, it authenticates the users, but somehow it doesn't recognize the user in the backend.
Question:
Has anyone managed to make customer.pl work with Active Directory authentication + local fallback, in a stable way on Znuny 7.x? Or does anyone know how to properly configure this authentication?
I’ll post my
Config.pm below.
package Kernel::Config;
use strict;
use warnings;
use utf8;
sub Load {
my $Self = shift;
# ---------------------------------------------------- #
# Database settings #
# ---------------------------------------------------- #
$Self->{'DatabaseHost'} = '127.0.0.1';
$Self->{'Database'} = 'znuny';
$Self->{'DatabaseUser'} = 'znuny';
$Self->{'DatabasePw'} = 'L4v0r02014';
$Self->{'DatabaseDSN'} = "DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost}";
$Self->{'Database::ShellOutput'} = 0;
# ---------------------------------------------------- #
# Znuny Home #
# ---------------------------------------------------- #
$Self->{Home} = '/opt/znuny';
# ---------------------------------------------------- #
# Agent Auth via LDAP #
# ---------------------------------------------------- #
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'ldap://setrab.gdfnet.df:389';
$Self->{'AuthModule::LDAP::BaseDN'} = 'DC=setrab,DC=gdfnet,DC=df';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=svc_setrab_otrs,OU=serviço,DC=setrab,DC=gdfnet,DC=df';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'L4v0r02014';
$Self->{'AuthModule::LDAP::AlwaysFilter'} = '(&(objectClass=user)(!(objectClass=computer))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))';
$Self->{'AuthModule::LDAP::Params'} = {
timeout => 120,
version => 3,
};
$Self->{'AuthModule::LDAP::Die'} = 1;
# Agent Sync
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = 'ldap://setrab.gdfnet.df:389';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'DC=setrab,DC=gdfnet,DC=df';
$Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'CN=svc_setrab_otrs,OU=serviço,DC=setrab,DC=gdfnet,DC=df';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'L4v0r02014';
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [ 'admin' ];
$Self->{'AuthSyncModule::LDAP::UserSyncAdd'} = 1;
$Self->{'Auth::LDAP::AutoCreateUser'} = 1;
# ---------------------------------------------------- #
# Customer Auth via LDAP #
# ---------------------------------------------------- #
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'ldap://setrab.gdfnet.df:389';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'DC=setrab,DC=gdfnet,DC=df';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'CN=svc_setrab_otrs,OU=serviço,DC=setrab,DC=gdfnet,DC=df';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'L4v0r02014';
$Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '(&(objectClass=user)(!(objectClass=computer))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))';
$Self->{'Customer::AuthModule::LDAP::Params'} = {
timeout => 120,
version => 3,
};
$Self->{'Customer::AuthModule::LDAP::Die'} = 1;
# ---------------------------------------------------- #
# CustomerUser Backend via LDAP #
# ---------------------------------------------------- #
$Self->{CustomerUser} = {
Name => 'LDAP Backend',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'ldap://setrab.gdfnet.df:389',
BaseDN => 'DC=setrab,DC=gdfnet,DC=df',
SSCOPE => 'sub',
UserDN => 'CN=svc_setrab_otrs,OU=serviço,DC=setrab,DC=gdfnet,DC=df',
UserPw => 'L4v0r02014',
AlwaysFilter => '(&(objectClass=user)(!(objectClass=computer))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))',
Params => {
timeout => 120,
version => 3,
},
},
CustomerKey => 'sAMAccountName',
CustomerID => 'sAMAccountName',
CustomerUserListFields => ['givenName', 'sn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'givenName', 'sn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenName', 'sn'],
CustomerUserValidFilter => '(!(userAccountControl:1.2.840.113556.1.4.803:=2))',
CacheTTL => 0,
};
$Self->{'CustomerUser::CreateAfterAuth'} = 1;
$Self->{'CustomerUser1'} = $Self->{CustomerUser};
# ---------------------------------------------------- #
# Logging #
# ---------------------------------------------------- #
$Self->{'LogModule'} = 'Kernel::System::Log::File';
$Self->{'LogModule::LogFile'} = '/var/log/znuny/znuny.log';
$Self->{'LogModule::LogLevel'} = 'debug';
return 1;
}
use Kernel::Config::Defaults;
use parent qw(Kernel::Config::Defaults);
1;
Active Directory via LDAP.
Moderator: crythias
-
root
- Administrator
- Posts: 4232
- Joined: 18 Dec 2007, 12:23
- Znuny Version: Znuny and Znuny LTS
- Real Name: Roy Kaldung
- Company: Znuny
- Contact:
Re: Active Directory via LDAP.
Hello,
Your Config.pm has different issues; I have no idea where some entries are coming from.
Here a short summary:
- $Self->{'AuthSyncModule::LDAP::UserSyncAdd'} = 1; - this setting does not exist
- $Self->{'Auth::LDAP::AutoCreateUser'} = 1; - this setting does not exist
- The CustomerUser configuration has no mapping, this is required.
- $Self->{'CustomerUser::CreateAfterAuth'} = 1; - this setting does not exist, LDAP users are not synchronized into the database by default
- $Self->{'CustomerUser1'} = $Self->{CustomerUser}; - Why? Is there still a working CustomerUser backend?
- $Self->{'LogModule::LogLevel'} = 'debug'; - This setting does not exists, it's probably $Self->{'MinimumLogLevel'} = 'debug'; you want
Please use the search to find a working example.
- Roy
Your Config.pm has different issues; I have no idea where some entries are coming from.
Here a short summary:
- $Self->{'AuthSyncModule::LDAP::UserSyncAdd'} = 1; - this setting does not exist
- $Self->{'Auth::LDAP::AutoCreateUser'} = 1; - this setting does not exist
- The CustomerUser configuration has no mapping, this is required.
- $Self->{'CustomerUser::CreateAfterAuth'} = 1; - this setting does not exist, LDAP users are not synchronized into the database by default
- $Self->{'CustomerUser1'} = $Self->{CustomerUser}; - Why? Is there still a working CustomerUser backend?
- $Self->{'LogModule::LogLevel'} = 'debug'; - This setting does not exists, it's probably $Self->{'MinimumLogLevel'} = 'debug'; you want
Please use the search to find a working example.
- Roy
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?