[otrs] LDAP authentication: Agents OK - Customers NOK

Paulo Kappke Paulo.Kappke at cyclades.com
Thu Sep 1 09:29:44 CEST 2005





Hello All,

I am configuring OTRS to use LDAP authentication against Lotus Domino.

I have created 2 groups in Domino called otrsAgent (agents only) and
otrsCustomer (everybody else).

So, all the agents can autheticate and if it is the first time, their
account is being created as well. Works great.

But if a Customer tries to authenticate, it says "Login failed! Your
username or password was entered incorrectly." The OTRS log file says:

[Tue Aug 30 15:57:37 2005][Notice][Kernel::System::Auth::LDAP::Auth] User:
admindomino.cyclades authentication failed, no LDAP group entry
foundGroupDN='cn=otrsAgent', Filter='(member=CN=Admindomino
Cyclades,O=Cyclades)'! (REMOTE_ADDR: 192.168.44.203).

If you noticed, it tried the Agent group instead of the Customer group. I
have also checked the TCP packets using tcpdump and I noticed that if the
user is valid and it is not in the Agent group, OTRS is not checking the
Customer group.

Here is my configuration at Kernel/Config.pm:

    # Agent Authentication
    $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';

    $Self->{'AuthModule::LDAP::Host'} = 'usldap.cyclades.com';
    $Self->{'AuthModule::LDAP::BaseDN'} = 'o=cyclades';
    $Self->{'AuthModule::LDAP::UID'} = 'uid';

    $Self->{'AuthModule::LDAP::SearchUserDN'} = '';
    $Self->{'AuthModule::LDAP::SearchUserPw'} = '';

    $Self->{'AuthModule::LDAP::GroupDN'} = 'cn=otrsAgent';
    $Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
    $Self->{'AuthModule::LDAP::UserAttr'} = 'DN';

    # Customer Authentication
    $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
    $Self->{'Customer::AuthModule::LDAP::Host'} = 'usldap.cyclades.com';
    $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'o=cyclades';
    $Self->{'Customer::AuthModule::LDAP::UID'} = 'uid';

    $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = '';
    $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = '';

    $Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'cn=otrsCustomer';
    $Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
    $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN';

    $Self->{CustomerUser} = {
        Module => 'Kernel::System::CustomerUser::LDAP',
        Params => {
            Host => 'usldap.cyclades.com',
            BaseDN => 'cn=otrsCustomer',
            SSCOPE => 'sub',
            UserDN => '',
            UserPw => '',
        },
        CustomerKey => 'uid',
        CustomerID => 'uid',
        CustomerUserListFields => ['uid', 'cn', 'mail'],
        CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
        CustomerUserPostMasterSearchFields => ['mail'],
        CustomerUserNameFields => ['givenname', 'sn'],
        Map => [
            # note: Login, Email and CustomerID needed!
            # var, frontend, storage, shown, required, storage-type
            [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
            [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
            [ 'UserLogin', 'Login', 'uid', 1, 1, 'var' ],
            [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
            [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
        ],
    };


Thanks in advance for any help.

Paulo K
_____________________________________________
Paulo Roberto Kappke
Systems/Network Administrator, Sr.
Cyclades Corporation
Phone: +1 (510) 771-6241
Fax:   +1 (510) 771-6200
E-mail: paulo.kappke at cyclades.com

http://www.cyclades.com
_____________________________________________



More information about the otrs mailing list