[otrs] OTRS and LDAP integration

Raphaël 'SurcouF' Bordet surcouf at debianfr.net
Fri Oct 15 10:03:50 CEST 2004


Robin Mordasiewicz wrote:

> On Thu, 14 Oct 2004, Raphaël 'SurcouF' Bordet wrote:
>
>> Robin Mordasiewicz wrote:
>>
>>> On Thu, 14 Oct 2004, [ISO-8859-15] Raphaël 'SurcouF' Bordet wrote:
>>
>
>>>>   I've finally installed otrs without mod_perl support and I've 
>>>> can't log into after set LDAP parameters in Kernel/Config.pm like 
>>>> this:
>>>>
>>>>       $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
>>>>       $Self->{'AuthModule::LDAP::Host'} = 'localhost';
>>>>       $Self->{'AuthModule::LDAP::BaseDN'} = 
>>>> 'dc=exploitation,dc=sopragroup';
>>>>       $Self->{'AuthModule::LDAP::UID'} = 'uid';
>>>>
>>> Try increasing the log level of the ldap server
>>> place the following line in your slapd.conf,
>>> loglevel 256
>>>
>>> and the following in /etc/syslog.conf
>>>
>>> local4.*       -/var/log/ldap.log
>>>
>>> then restart ldap and syslog
>>>
>>> try logging in again and watch the logs.
>>
>>
>>
>> It's working. I was using GOsa to create user account and this 
>> interface doesn't use posixAccount or shadowAccount objectclass.
>> An user created with phpLDAPadmin, with both posixAccount and 
>> shadowAccount, work.
>> Does this mean we need shadowAccount objectclass to see LDAP auth 
>> working in OTRS ?
>>
>> LDIF GOsa account:
>> # Raphael SurcouF, users, exploitation, sopragroup
>> dn: cn=Raphael SurcouF,ou=users,dc=exploitation,dc=sopragroup
>> uid: surcouf
>> cn: Raphael SurcouF
>>
>> LDIF pLa account:
>> # rbordet, users, exploitation, sopragroup
>> dn: uid=rbordet,ou=users, dc=exploitation, dc=sopragroup
>> uid: rbordet
>> cn: Raphael
>
>
> I do not use shadowAccount, but I notice there is a discrepency with 
> the dn: that is created. Mebbe you did not notice the dn record, mebbe 
> you did.


We don't need shadowAccount but posixAccount _and_ inetOrgPerson. GOsa 
accounts have both, for now.
I've configure GOsa (using /etc/gosa/gosa.conf and directive 'dnmode') 
to use 'uid' attribut rather than 'cn' to set 'dn' and it' work for 
another application,
but OTRS "can't activate user"...

Any idea ?

-- 
Raphaël 'SurcouF' Bordet
http://debianfr.net/ | surcouf at debianfr dot net



More information about the otrs mailing list