ich habe mir jetzt schon die Augen Wund gelesen und komme an einem Punkt nicht weiter.
Ich sehe im Dashboard unter Kunden sämtliche Kunden die ich vom LDAP des Kolabs ziehe. Mail, Name - Vorname, Customer ID usw.
Wenn ich mich nun mit der Mailadresse und dem auf dem Kolab hinterlegten Kennwort in der Customer.pl anmelden will, erscheint folgende Fehlermeldung:
[Tue Feb 22 10:52:53 2011][Notice][Kernel::System::CustomerAuth::LDAP::Auth] CustomerUser: test@xxx.ag authentication failed, no LDAP group entry foundGroupDN='dc=xxx,dc=ag', Filter='(mail=cn=test ,dc=xx,dc=ag)'! (REMOTE_ADDR: 192.168.x.112).
In meiner Default.pm steht folgendes zum Thema Customer:
Code: Select all
# LDAP KUNDEN ANFANG#
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = '192.168.2.22';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=xx,dc=ag';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'mail';
$Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'dc=xxx,dc=ag';
#$Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'memberUid';
$Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'mail';
#$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=nobody,cn=internal,dc=xxx,dc=ag';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'pw';
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
$Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '(mail=*@xxx.ag)';
# in case you want to add a suffix to each customer login name, then
# you can use this option. e. g. user just want to use user but
# in your ldap directory exists user@domain.
#$Self->{'Customer::AuthModule::LDAP::UserSuffix'} = '@domain.com';
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'Customer::AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
# CustomerUser
# (customer user ldap backend and settings)
$Self->{CustomerUser} = {
Name => 'LDAP Data Source',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
# ldap host
Host => '192.168.2.22',
# ldap base dn
BaseDN => 'dc=xxx,dc=ag',
# search scope (one|sub)
SSCOPE => 'sub',
# # The following is valid but would only be necessary if the
# # anonymous user does NOT have permission to read from the LDAP tree
UserDN => 'cn=nobody,cn=internal,dc=xxx,dc=ag',
UserPw => 'pw',
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
#AlwaysFilter => '(objectclass=user)',
# if your frontend is e. g. iso-8859-1 and the charset of your
# ldap server is utf-8, use these options.
# SourceCharset => 'utf-8',
# DestCharset => 'iso-8859-1',
# if both your frontend and your LDAP are unicode, use this:
SourceCharset => 'utf-8',
DestCharset => 'utf-8',
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
Params => {
# port => 389,
port => 389,
timeout => 120,
async => 0,
version => 3,
},
},
ReadOnly => 1,
# customer unique id
CustomerKey => 'mail',
# customer #
CustomerID => 'uid',
CustomerUserListFields => ['sn', 'mail'],
CustomerUserSearchFields => ['sn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 1000,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
# show not own tickets in customer panel, CompanyTickets
CustomerUserExcludePrimaryCustomerID => 0,
# add an ldap filter for valid users (expert setting)
# CustomerUserValidFilter => '(!(description=locked))',
# administrator can't change customer preferences
AdminSetPreferences => 0,
# # cache time to live in sec. - cache any database queries
CacheTTL => 120,
Map => [
# note: Login, Email and CustomerID are mandatory!
# if you need additional attributes from AD, just map them here.
# var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly
# [ 'UserSalutation', 'Title', 'title', 1, 0, 'var', '', 0 ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var', '', 0 ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var', '', 0 ],
[ 'UserLogin', 'Username', 'mail', 1, 1, 'var', '', 0 ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var', '', 0 ],
[ 'UserCustomerID', 'CustomerID', 'uid', 0, 1, 'var', '', 0 ],
# [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1, 0, 'var', '', 0 ],
# [ 'UserPhone', 'Phone', 'telephoneNumber', 1, 0, 'var', '', 0 ],
# [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var', '', 0 ],
# [ 'UserComment', 'Comment', 'description', 1, 0, 'var', '', 0 ],
# [ 'UserMobile', 'Mobile', 'mobile', 1, 0, 'var', '', 0 ],
# [ 'UserRoom', 'Room', 'physicalDeliveryOfficeName', 1, 0, 'var', '', 0 ],
],
};
# LDAP KUNDEN ENDE #
Gruß
Sebastian
OTRS System: 3.0.5
Windows 2k3 R2
Mysql