[otrs] LDAP auth problem - Changed
Sándor Fehér
sfeher at bluesystem.hu
Thu Jul 12 14:36:04 GMT 2007
Greg Horne írta:
Greg,
Thank you for the response. I double checked everything but I can't
figure out what's the problem.
I reinstalled a new 2.2.1 with the default settings (mysql, utf8 and so
one).
I followed the 2.2 documentation and pasted the required section into my
Config.pm
Changed it as needed but the result is the same. Here is the relevant part.
# This is an example configuration for an LDAP auth. backend.
# (take care that Net::LDAP is installed!)
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'localhost';
$Self->{'AuthModule::LDAP::BaseDN'} =
'ou=Staff,dc=office,dc=bluesystem,dc=hu';
$Self->{'AuthModule::LDAP::UID'} = 'uid';
$Self->{'AuthModule::LDAP::SearchUserDN'} = '';
$Self->{'AuthModule::LDAP::SearchUserPw'} = '';
$Self->{'AuthModule::LDAP::AlwaysFilter'} = '';
$Self->{'AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
$Self->{UserSyncLDAPMap} = {
# DB -> LDAP
Firstname => 'givenName',
Lastname => 'sn',
Email => 'mail',
};
$Self->{UserSyncLDAPGroups} = [
'users',
];
# UserTable
$Self->{DatabaseUserTable} = 'system_user';
$Self->{DatabaseUserTableUserID} = 'id';
$Self->{DatabaseUserTableUserPW} = 'pw';
$Self->{DatabaseUserTableUser} = 'login';
And the log.
[Thu Jul 12 14:10:42 2007][Notice][Kernel::System::Auth::LDAP::Auth]
User: sfeher (uid=sfeher,ou=Staff,dc=office,dc=bluesystem,dc=hu)
authentication ok (REMOTE_ADDR: 192.168.1.11).
[Thu Jul 12 14:10:42 2007][Notice][Kernel::System::User::GetUserData]
Panic! No UserData for user: 'sfeher'!!!
[Thu Jul 12 14:10:42 2007][Error][Kernel::System::User::UserAdd][229]
Need UserFirstname!
[Thu Jul 12 14:10:42 2007][Error][Kernel::System::Auth::LDAP::Auth][385]
Can't create user 'sfeher'
(uid=sfeher,ou=Staff,dc=office,dc=bluesystem,dc=hu) in RDBMS!
[Thu Jul 12 14:10:42 2007][Notice][Kernel::System::User::GetUserData]
Panic! No UserData for user: 'sfeher'!!!
And the LDAP entry:
dn: uid=sfeher,ou=Staff,dc=office,dc=bluesystem,dc=hu
objectClass: posixAccount
objectClass: top
objectClass: inetOrgPerson
objectClass: shadowAccount
gidNumber: 65534
givenName: Sandor
sn: Feher
displayName: Sandor Feher
uid: sfeher
homeDirectory: /home/sfeher
loginShell: /bin/bash
shadowFlag: 0
shadowMin: 0
shadowMax: 99999
shadowWarning: 0
shadowInactive: 99999
shadowLastChange: 12011
shadowExpire: 99999
mail: sfeher at bluesystem.hu
cn: Sandor Feher
uidNumber: 17261
structuralObjectClass: inetOrgPerson
entryUUID: 2f008b44-c3da-102b-93cc-b53af2a69bad
creatorsName: cn=admin,dc=office,dc=bluesystem,dc=hu
createTimestamp: 20070711090933Z
userPassword:: e1NIQX03MnErRUswSUxBSVZsSUdjVVdKcmsxVEtQL2M9
entryCSN: 20070711091036Z#000000#00#000000
modifiersName: cn=admin,dc=office,dc=bluesystem,dc=hu
modifyTimestamp: 20070711091036Z
Regards., Sandor
> Sándor,
>
> Sorry its still early here (US), searched the web for UserSyncLDAPMap and
> found that The DB line is normally commented out. So would not think that
> is you issue. I searched my 2.2 config and found that I do not have a
> UserSyncLDAPMap in it. When I did my 2.2 LDAP, I started from the default
> Config.pm and worked my way through using the 2.2 HTML manual from the
> website.
>
> Again, in the past when I have seen the Panic statement I have found the
> problem to be in the Map command. Following is a cut and paste from mine.
> Map => [
> # note: Login, Email and CustomerID needed!
> # var, frontend, storage, shown (1=always,2=lite), required,
> storage-type, http-link, readonly
> [ 'UserSalutation', 'Title', 'title', 1, 0,
> 'var', '', 0 ],
> [ 'UserFirstname', 'Firstname', 'givenname', 1, 1,
> 'var', '', 0 ],
> [ 'UserLastname', 'Lastname', 'sn', 1, 1,
> 'var', '', 0 ],
> [ 'UserLogin', 'Username', 'uid', 1, 1,
> 'var', '', 0 ],
> [ 'UserEmail', 'Email', 'mail', 1, 1,
> 'var', '', 0 ],
> [ 'UserCustomerID', 'CustomerID', 'confirm', 0, 1,
> 'var', '', 0 ],
> # [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1,
> 0, 'var', '', 0 ],
> [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0,
> 'var', '', 0 ],
> [ 'UserAddress', 'Address', 'postaladdress', 1, 0,
> 'var', '', 0 ],
> [ 'UserComment', 'Comment', 'description', 1, 0,
> 'var', '', 0 ],
> ],
> };
>
> If I recieved the message I would verify that in my example, givenname was
> actually in LDAP and contained the first name of the user. You may want to
> post the entire LDAP section from your Config.pm with any usernames/password
> changed.
>
> Sorry everyone for the poor prior post, again its early here :)
>
>
> Have Fun.
>
> Greg Horne
> geh
> gehorne
>
> -----Original Message-----
> From: otrs-bounces at otrs.org [mailto:otrs-bounces at otrs.org]On Behalf Of
> Sándor Fehér
> Sent: Thursday, July 12, 2007 2:00 AM
> To: User questions and discussions about OTRS.org
> Subject: Re: [otrs] LDAP auth problem
>
>
> Sándor Fehér írta:
>
> Some additional info. I downgraded to 2.1.6 and it works fine with that.
> Here is the relevant part of my Config.pm
>
> # $DIBI$
> $Self->{'SystemID'} = 10;
> $Self->{'SecureMode'} = 1;
> $Self->{'Organization'} = 'Blue System ';
> $Self->{'LogModule::LogFile'} = '/opt/otrs/var/otrs.log';
> $Self->{'LogModule'} = 'Kernel::System::Log::SysLog';
> $Self->{'FQDN'} = 'mail.office.bluesystem.hu';
> $Self->{'DefaultLanguage'} = 'hu';
> $Self->{'DefaultCharset'} = 'iso-8859-2';
> $Self->{'AdminEmail'} = 'sfeher at bluesystem.hu';
> $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
> $Self->{'AuthModule::LDAP::Host'} = '192.168.1.9';
> $Self->{'AuthModule::LDAP::BaseDN'} =
> 'ou=Staff,dc=office,dc=bluesystem,dc=hu';
> $Self->{'AuthModule::LDAP::UID'} = 'uid';
> $Self->{'AuthModule::LDAP::UserAttr'} = 'uid';
> $Self->{'AuthModule::LDAP::Params'} = {
> port => 389,
> timeout => 120,
> async => 0,
> version => 3,
> };
>
> $Self->{UserSyncLDAPMap} = {
> # DB -> LDAP
> Firstname => 'givenName',
> Lastname => 'sn',
> Email => 'mail',
> };
>
> $Self->{UserSyncLDAPGroups} = [
> 'users',
> ];
>
> $Self->{DatabaseUserTable} = 'system_user';
> $Self->{DatabaseUserTableUserID} = 'id';
> $Self->{DatabaseUserTableUserPW} = 'pw';
> $Self->{DatabaseUserTableUser} = 'login';
>
>
>
>
> And the log I get.
>
> [Thu Jul 12 07:55:28 2007][Notice][Kernel::System::Auth::LDAP::Auth]
> User: sfeher (uid=sfeher,ou=St
> [Thu Jul 12 07:55:28 2007][Notice][Kernel::System::User::GetUserData]
> Panic! No UserData for user:
> [Thu Jul 12 07:55:28 2007][Error][Kernel::System::User::UserAdd][229]
> Need UserFirstname!
> [Thu Jul 12 07:55:28 2007][Error][Kernel::System::Auth::LDAP::Auth][385]
> Can't create user 'sfeher'
> [Thu Jul 12 07:55:28 2007][Notice][Kernel::System::User::GetUserData]
> Panic! No UserData for user:
>
> Regards., Sandor
>
>
>> Hi,
>>
>>
>> I had a well working otrs config so far with the following parts:
>>
>> - Apache 2.2.3 with mod_perl
>> - OTRS 2.1.6
>> - Oracle 10.2.0.1
>> - Openldap 2.3.35
>>
>> The authetication worked perfectly from LDAP. Today I decided to build
>> a new config with otrs 2.2.1.
>> I backed up my Config.pm and installed a new otrs 2.2.1. Ran the
>> oracle database scripts as well.
>> Everything is fine except the authentication (I can log in with
>> root at localhost).
>> The result is the same either I use mysql backend.
>> Thank you in advance.
>>
>> Regards., Sandor
>>
>>
>> ERROR: OTRS-CGI-10 Perl: 5.8.8 OS: linux Time: Wed Jul 11 11:10:39 2007
>>
>> Message: Can't create user 'sfeher'
>> (uid=sfeher,ou=Staff,dc=office,dc=bluesystem,dc=hu) in RDBMS!
>>
>> Traceback (8276):
>> Module: Kernel::System::Auth::LDAP::Auth (v1.37) Line: 385
>> Module: Kernel::System::Auth::Auth (v1.23) Line: 120
>> Module: Kernel::System::Web::InterfaceAgent::Run (v1.22) Line: 192
>> Module:
>>
>>
> ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_index_2epl::handler
>
>> (v) Line: 4
>> Module: (eval) (v1.81) Line: 203
>> Module: ModPerl::RegistryCooker::run (v1.81) Line: 203
>> Module: ModPerl::RegistryCooker::default_handler (v1.81) Line: 169
>> Module: ModPerl::Registry::handler (v1.99) Line: 30
>>
>>
>
>
> --
> Üdvözlettel, Fehér Sándor
>
>
> ...Fehér Sándor... --- ....Sandor Feher....
> fejlesztési vezető --- development manager
> Blue System Kft. --- Blue System Ltd.
>
> mailto:sfeher at bluesystem.hu http://www.bluesystem.hu
> [ - real men don't click - ]
>
> _______________________________________________
> OTRS mailing list: otrs - Webpage: http://otrs.org/
> Archive: http://lists.otrs.org/pipermail/otrs
> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
> Support or consulting for your OTRS system?
> => http://www.otrs.com/
>
> _______________________________________________
> OTRS mailing list: otrs - Webpage: http://otrs.org/
> Archive: http://lists.otrs.org/pipermail/otrs
> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
> Support or consulting for your OTRS system?
> => http://www.otrs.com/
>
> _______________________________________________
> OTRS mailing list: otrs - Webpage: http://otrs.org/
> Archive: http://lists.otrs.org/pipermail/otrs
> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
> Support or consulting for your OTRS system?
> => http://www.otrs.com/
>
--
Üdvözlettel, Fehér Sándor
...Fehér Sándor... --- ....Sandor Feher....
fejlesztési vezető --- development manager
Blue System Kft. --- Blue System Ltd.
mailto:sfeher at bluesystem.hu http://www.bluesystem.hu
[ - real men don't click - ]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.otrs.org/pipermail/otrs/attachments/20070712/f4639905/attachment-0001.html
More information about the otrs
mailing list