[otrs] Customer authentication against LDAP (AD)

Fri Feb 16 09:07:20 GMT 2007

Hi everybody,

I've been searching through the messages of this mailing list and tried
several configurations before posting this.
I'm test-running OTRS V2.1.5 on a windows server 2003 R2 in an AD
environment
Here's my problem:

Whenever a customer tries to logon via the customer.pl it won't
work (username or password error)

In the logfile I get the following error:

[Fri Feb 16 08:44:11
2007][Error][Kernel::System::CustomerAuth::LDAP::Auth][148] Search failed!
Bad filter

When I log in as an administrator and do a (customer) search it returns the
expected result

Below you'll find my config pm

Thanks in advance for all help!
Jurgen
----

# insert your own config settings "here" #

# config settings taken from Kernel/Config/Defaults.pm #

# ---------------------------------------------------- #

# $Self->{SessionUseCookie} = 0;

# $Self->{CheckMXRecord} = 0;

#------------------------------------------------------------------------

$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';

$Self->{'AuthModule::LDAP::Host'} = 'srv-02.mydomain.be';

$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=mydomain, dc=be';

$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';

# Check if the user is allowed to auth in a posixGroup

# (e. g. user needs to be in a group xyz to use otrs)

#$Self->{'AuthModule::LDAP::GroupDN'} =
'cn=otrsallow,ou=posixGroups,dc=mydomain,dc=be';

#$Self->{'AuthModule::LDAP: :AccessAttr'} = 'memberUid';

$Self->{'AuthModule::LDAP::SearchUserDN'} = 'cn=OTRS, cn=Users, dc=mydomain,
dc=be';

$Self->{'AuthModule::LDAP::SearchUserPw'} = '********';

# in case you want to add a suffix to each login name, then

# you can use this option. e. g. user just want to use user but

# in your ldap directory exists user at domain.

#$Self->{'AuthModule::LDAP::UserSuffix'} = '@mydomain.be';

# CustomerUser

# (customer user ldap backend and settings)

$Self->{CustomerUser} = {

Name => 'LDAP',

Module => 'Kernel::System::CustomerUser::LDAP',

Params => {

# ldap host

Host => 'srv-02.mydomain.be',

# ldap base dn

BaseDN => 'dc=mydomain, dc=be',

# search scope (one|sub)

SSCOPE => 'sub',

# The following is valid but would only be necessary if the

# anonymous user does NOT have permission to read from the LDAP tree

UserDN => 'cn=OTRS, cn=Users, dc=mydomain, dc=be',

UserPw => '********',

AlwaysFilter => '',

SourceCharset => 'utf-8',

DestCharset => 'iso-8859-1',

},

# customer uniq id

CustomerKey => 'sAMAccountName',

# customer #

CustomerID => 'mail',

CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],

CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],

CustomerUserSearchPrefix => '',

CustomerUserSearchSuffix => '*',

CustomerUserSearchListLimit => 250,

CustomerUserPostMasterSearchFields => ['mail'],

CustomerUserNameFields => ['givenname', 'sn'],

Map => [

# note: Login, Email and CustomerID needed!

# var, frontend, storage, shown, required, storage-type

#[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],

[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],

[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],

[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],

[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],

[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],

[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],

#[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],

#[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],

],

};
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.otrs.org/pipermail/otrs/attachments/20070216/403a13fd/attachment.html