LDAP Anbindung 2008 Domäne

[boris]

Hi,
ich weiss es ist schon x-mal durchgekaut aber ich finde keine Lösung:
Aktuell sieht unsere Config so aus:

Code: Select all

 # ---------------------------------------------------- #
        # Customer Authentifizirung via LDAP                   #
        # ---------------------------------------------------- #
        $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
        $Self->{'Customer::AuthModule::LDAP::Host'} = 'ServerIP';
        $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=domäne,dc=local';
        $Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'cn=username,cn=users,dc=domäne,dc=local';
        $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'username@domäne.local';
        $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'Passwort';
        $Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '(&(mail=*)(objectClass=Person)(!(objectClass=Computer))(!(objectClass=publicFolder)))';
        $Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
        $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
        $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN';
        $Self->{'Customer::AuthModule::LDAP::Params'} = {
                SourceCharset => 'utf-8',
                DestCharset => 'utf-8',
        };

        # ---------------------------------------------------- #
        # customer Auth                                        #
        # ---------------------------------------------------- #
        # CustomerUser
        # (customer user ldap backend and settings)
        $Self->{CustomerUser} = {
        Module => 'Kernel::System::CustomerUser::LDAP',
        Name => 'Active Directory',
        Params => {
                # ldap host
                Host => 'ServerIP',
                # ldap base dn
                BaseDN => 'dc=domäne,dc=local',
                # search scope (one|sub)
                SSCOPE => 'sub',
                UserDN => 'username@domäne.local',
                UserPw => 'Passwort',
                AlwaysFilter => '(&(mail=*)(objectClass=Person)(!(objectClass=Computer))(!(objectClass=publicFolder)))',
                SourceCharset => 'utf-8',
                DestCharset => 'utf-8',
                },
        # customer uniq id
        CustomerKey => 'sAMAccountName',
        # customer #
        CustomerID => 'mail',
        CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
        CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
        CustomerUserSearchPrefix => '',
        CustomerUserSearchSuffix => '*',
        CustomerUserExcludePrimaryCustomerID => 0,
        CustomerUserSearchListLimit => 2500,
        CustomerUserPostMasterSearchFields => ['mail'],
        CustomerUserNameFields => ['givenname', 'sn'],
        ReadOnly => 1,
        Map => [
        # note: Login, Email and CustomerID needed!
        # var, frontend, storage, shown, required, storage-type
                #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
                [ 'UserFirstname',   'Firstname',   'givenname', 1, 1, 'var', '', 0 ],
                [ 'UserLastname',    'Lastname',    'sn',        1, 1, 'var', '', 0 ],
                [ 'UserLogin',       'Login',       'sAMAccountName',      1, 1, 'var', '', 0 ],
                [ 'UserEmail',       'Email',       'mail',      1, 1, 'var', '', 0 ],
                #[ 'UserEmail',       'Email',       'extensionAttribute1',      0, 1, 'var', '', 0 ],
                [ 'UserCustomerID',  'CustomerID',  'company',      0, 1, 'var', '', 0 ],
                #[ 'UserCustomerIDs', 'CustomerIDs', 'company',   1, 0, 'var', '', 0 ],
                #[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var', '', 0 ],
                #[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var', '', 0 ],
                #[ 'UserComment', 'Comment', 'description', 1, 0, 'var', '', 0 ],
                ],
        };

Fehlermeldung ist dann:

...OTRS-CGI-10[26225]: [Notice][Kernel::System::Auth::DB::Auth] User: username doesn't exist or is invalid!!!

den user gibt es aber.
Ist ein normaler Domänenbenutzer.

Weiss einer wo der Fehler ist?


#Update:

wir haben schon verschiedene Konfigurationen durchprobiert.
Bis jetzt alle ohne Erfolg.
LDAP benutzer haben wir mit einem LDAP- Browser getestst, und das funktioniert.

Hat jemand eine funktionierende Konfiguration für Version 2.4.7?

[garwen]

Code: Select all

$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'username@domäne.local';

Bin mir nicht sicher, ob OTRS mit der Userstruktur umgehen kann.
Versuch es mit dem "distinguishedName", der bei Eurem LDAP User im Browser agezeigt wird.

[boris]

Wir sind schon wieder etwas weiter...hoffe ich

so soeht die Config.pm im moment aus:

Code: Select all

 ##ldaptest
    ##agent

    #Enable LDAP authentication for Customers / Users
    $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
    $Self->{'AuthModule::LDAP::Host'} = 'ADServerIP';
    $Self->{'AuthModule::LDAP::BaseDN'} = 'ou=Users,dc=domäne,dc=local';
    $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName@domäne.local';

    #The following is valid but would only be necessary if the
    #anonymous user do NOT have permission to read from the LDAP tree
    $Self->{'AuthModule::LDAP::SearchUserDN'} = 'uid=otrsldap,ou=Users,dc=domäne,dc=local';
    $Self->{'AuthModule::LDAP::SearchUserPw'} = 'Passwort123';

    # UserSyncLDAPMap
    # (map if agent should create/synced from LDAP to DB after login)
    $Self->{UserSyncLDAPMap} = {
    # DB -> LDAP
    UserFirstname => 'givenName',
    UserLastname => 'sn',
    UserEmail => 'mail',
    };

    # UserSyncLDAPGroups
    # (If "LDAP" was selected="selected" for AuthModule, you can specify
    # initial user groups for first login.)
    $Self->{UserSyncLDAPGroups} = [
    'users',
    ];

    # UserTable
    $Self->{DatabaseUserTable} = 'users';
    $Self->{DatabaseUserTableUserID} = 'id';
    $Self->{DatabaseUserTableUserPW} = 'pw';
    $Self->{DatabaseUserTableUser} = 'login';

    ##ende agent
    ##customer
    #Enable LDAP authentication for Customers / Users
    $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
    $Self->{'Customer::AuthModule::LDAP::Host'} = 'ADServerIP';
    $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=Users,dc=domäne,dc=local';
    $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName@domäne.local';
 #The following is valid but would only be necessary if the
    #anonymous user do NOT have permission to read from the LDAP tree
    $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'uid=otrsldap,ou=Users,dc=domäne,dc=local';
    $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'Passwort123';

    #CustomerUser
    #(customer user database backend and settings)
    $Self->{CustomerUser} = {
    Module => 'Kernel::System::CustomerUser::LDAP',
    Params => {
    Host => 'ADServerIP',
    BaseDN => 'OU=Users,DC=domäne,DC=local',
    SSCOPE => 'sub',
    UserDN =>'uid=otrsldap,ou=Users,dc=domäne,dc=local',
    UserPw => 'Passwort123',
    },
    # customer unique id
    CustomerKey => 'sAMAccountName@domäne.local',
    # customer #
    CustomerID => 'mail',
    CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserSearchPrefix => '',
    CustomerUserSearchSuffix => '*',
    CustomerUserSearchListLimit => 250,
    CustomerUserPostMasterSearchFields => ['mail'],
    CustomerUserNameFields => ['givenname', 'sn'],
    Map => [
    # note: Login, Email and CustomerID needed!
    # var, frontend, storage, shown, required, storage-type
    #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
    [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
    [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
    [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
    [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
    [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
    [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
    #[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
    #[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
    ],
    };
    ##ende customer

    ##ende

Wenn ich aber jetzt meine customer.pl oder index.pl aufrufe bekomme ich:
Software error:

Can't locate object method "new" via package "Kernel::Config" at /usr/share/otrs//Kernel/System/Web/InterfaceCustomer.pm line 73.

For help, please send mail to the webmaster (webmaster@localhost), giving this error message and the time and date of the error.

[boris]

So nochmal ein Update bis jetzt sieht dieser Versuch am Vielversprechensten aus:

Code: Select all

# LDAP Customer #

    $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';

    $Self->{'Customer::AuthModule::LDAP::Host'} = 'Server.domäne.local';

    $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'CN=otrsldap,CN=Users,DC=Domäne,DC=local';

    $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';

    $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'CN=otrsldap,CN=Users,DC=Domäne,DC=local';

    $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'Passwort123';

    $Self->{'Customer::AuthModule::LDAP::Params'} = {

        port => 389,

        timeout => 120,

        async => 0,

        version => 3,

};

#LDAP System Users#

    $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';

    $Self->{'AuthModule::LDAP::Host'} =  'Server.domäne.local';

    $Self->{'AuthModule::LDAP::BaseDN'} =  'CN=otrsldap,CN=Users,DC=Domäne,DC=local';

    $Self->{'AuthModule::LDAP::UID'} =  'sAMAccountName';

    $Self->{'AuthModule::LDAP::SearchUserDN'} =  'CN=otrsldap,CN=Users,DC=Domäne,DC=local';

    $Self->{'AuthModule::LDAP::SearchUserPw'} =  'Passwort123';

    $Self->{'AuthModule::LDAP::Params'} =  {

          'async' => '0',

          'timeout' => '120',

          'version' => '3',

          'port' => '389'


# UserSyncLDAPMap



  $Self->{'UserSyncLDAPMap'} =  {

  'UserEmail' => 'mail',

  'UserFirstname' => 'givenName',

  'UserLastname' => 'sn',

  'UserLogin' => 'sAMAccountName'

};

Im Syslog bekomme ich diesen Fehler:

Fri Jul 30 16:29:36 2010 error OTRS-CGI-10 Search failed! Bad filter


bzw.

Jul 30 16:29:36 Servername OTRS-CGI-10[3269]: [Error][Kernel::System::CustomerAuth::LDAP::Auth][Line:220]: Search failed! Bad filter


Kann mir jertzt bitte einer sagen dass das nur eine Kleinigkeit ist?