[otrs] LDAP auth problem
Sándor Fehér
sfeher at bluesystem.hu
Thu Jul 12 15:29:10 GMT 2007
Greg Horne írta:
> Do you have a MAP Array configured in Config.pm?
No. But I need not for that because I want to authenticate agents only
in this way.
Anyway I applied the section above but nothing has changed. (It worked
perfectly in 2.1.6 with the same settings)
Regards., Sandor
>
> Looking at
> http://doc.otrs.org/2.2/en/html/x1572.html#customer-backend-ldap
>
> They have a sample config section as shown below in part, the part of
> this that I would look at is the map array : ",
> Map => [
> # note: Login, Email and CustomerID needed!
> # var, frontend, storage, shown (1=always,2=lite),
> required, storage-type, http-link, readonly
> [ 'UserSalutation', 'Title', 'title', 1, 0,
> 'var', '', 0 ],
> [ 'UserFirstname', 'Firstname', 'givenname', 1, 1,
> 'var', '', 0 ],
> [ 'UserLastname', 'Lastname', 'sn', 1, 1,
> 'var', '', 0 ],
> [ 'UserLogin', 'Username', 'uid', 1, 1,
> 'var', '', 0 ],
> [ 'UserEmail', 'Email', 'mail', 1, 1,
> 'var', '', 0 ],
> [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1,
> 'var', '', 0 ],
> # [ 'UserCustomerIDs', 'CustomerIDs',
> 'second_customer_ids', 1, 0, 'var', '', 0 ],
> [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0,
> 'var', '', 0 ],
> [ 'UserAddress', 'Address', 'postaladdress', 1, 0,
> 'var', '', 0 ],
> [ 'UserComment', 'Comment', 'description', 1, 0,
> 'var', '', 0 ],
> ],
> };
>
> " ##### End of Map Array
>
> Have Fun
>
> Greg Horne
> geh
> gehorne
>
>
>
> ################# Full cut and paste of the sample code from
> http://doc.otrs.org/2.2/en/html/x1572.html#customer-backend-ldap
>
> # CustomerUser
> # (customer user ldap backend and settings)
> $Self->{CustomerUser} = {
> Name => 'LDAP Datenquelle',
> Module => 'Kernel::System::CustomerUser::LDAP',
> Params => {
> # ldap host
> Host => 'bay.csuhayward.edu',
> # ldap base dn
> BaseDN => 'ou=seas,o=csuh',
> # search scope (one|sub)
> SSCOPE => 'sub',
> # # The following is valid but would only be necessary if the
> # # anonymous user does NOT have permission to read from
> the LDAP tree
> UserDN => '',
> UserPw => '',
> # in case you want to add always one filter to each ldap
> query, use
> # this option. e. g. AlwaysFilter => '(mail=*)' or
> AlwaysFilter => '(objectclass=user)'
> AlwaysFilter => '',
> # if your frontend is e. g. iso-8859-1 and the charset of your
> # ldap server is utf-8, use this options (if not, ignore it)
> # SourceCharset => 'utf-8',
> # DestCharset => 'iso-8859-1',
> # Net::LDAP new params (if needed - for more info see
> perldoc Net::LDAP)
> Params => {
> port => 389,
> timeout => 120,
> async => 0,
> version => 3,
> },
> },
> # customer uniq id
> CustomerKey => 'uid',
> # customer #
> CustomerID => 'mail',
> CustomerUserListFields => ['cn', 'mail'],
> CustomerUserSearchFields => ['uid', 'cn', 'mail'],
> CustomerUserSearchPrefix => '',
> CustomerUserSearchSuffix => '*',
> CustomerUserSearchListLimit => 250,
> CustomerUserPostMasterSearchFields => ['mail'],
> CustomerUserNameFields => ['givenname', 'sn'],
> # show now own tickets in customer panel, CompanyTickets
> CustomerUserExcludePrimaryCustomerID => 0,
> # add a ldap filter for valid users (expert setting)
> # CustomerUserValidFilter => '(!(description=gesperrt))',
> # admin can't change customer preferences
> AdminSetPreferences => 0,
> Map => [
> # note: Login, Email and CustomerID needed!
> # var, frontend, storage, shown (1=always,2=lite),
> required, storage-type, http-link, readonly
> [ 'UserSalutation', 'Title', 'title', 1, 0,
> 'var', '', 0 ],
> [ 'UserFirstname', 'Firstname', 'givenname', 1, 1,
> 'var', '', 0 ],
> [ 'UserLastname', 'Lastname', 'sn', 1, 1,
> 'var', '', 0 ],
> [ 'UserLogin', 'Username', 'uid', 1, 1,
> 'var', '', 0 ],
> [ 'UserEmail', 'Email', 'mail', 1, 1,
> 'var', '', 0 ],
> [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1,
> 'var', '', 0 ],
> # [ 'UserCustomerIDs', 'CustomerIDs',
> 'second_customer_ids', 1, 0, 'var', '', 0 ],
> [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0,
> 'var', '', 0 ],
> [ 'UserAddress', 'Address', 'postaladdress', 1, 0,
> 'var', '', 0 ],
> [ 'UserComment', 'Comment', 'description', 1, 0,
> 'var', '', 0 ],
> ],
> };
>
> -----Original Message-----
> *From:* otrs-bounces at otrs.org [mailto:otrs-bounces at otrs.org]*On
> Behalf Of *Sándor Fehér
> *Sent:* Thursday, July 12, 2007 8:36 AM
> *To:* User questions and discussions about OTRS.org
> *Subject:* Re: [otrs] LDAP auth problem - Changed
>
> Greg Horne írta:
>
> Greg,
>
> Thank you for the response. I double checked everything but I
> can't figure out what's the problem.
> I reinstalled a new 2.2.1 with the default settings (mysql, utf8
> and so one).
> I followed the 2.2 documentation and pasted the required section
> into my Config.pm
> Changed it as needed but the result is the same. Here is the
> relevant part.
>
> # This is an example configuration for an LDAP auth. backend.
> # (take care that Net::LDAP is installed!)
>
> $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
> $Self->{'AuthModule::LDAP::Host'} = 'localhost';
> $Self->{'AuthModule::LDAP::BaseDN'} =
> 'ou=Staff,dc=office,dc=bluesystem,dc=hu';
> $Self->{'AuthModule::LDAP::UID'} = 'uid';
> $Self->{'AuthModule::LDAP::SearchUserDN'} = '';
> $Self->{'AuthModule::LDAP::SearchUserPw'} = '';
> $Self->{'AuthModule::LDAP::AlwaysFilter'} = '';
> $Self->{'AuthModule::LDAP::Params'} = {
> port => 389,
> timeout => 120,
> async => 0,
> version => 3,
> };
> $Self->{UserSyncLDAPMap} = {
> # DB -> LDAP
> Firstname => 'givenName',
> Lastname => 'sn',
> Email => 'mail',
> };
> $Self->{UserSyncLDAPGroups} = [
> 'users',
> ];
>
> # UserTable
> $Self->{DatabaseUserTable} = 'system_user';
> $Self->{DatabaseUserTableUserID} = 'id';
> $Self->{DatabaseUserTableUserPW} = 'pw';
> $Self->{DatabaseUserTableUser} = 'login';
>
>
> And the log.
>
> [Thu Jul 12 14:10:42
> 2007][Notice][Kernel::System::Auth::LDAP::Auth] User: sfeher
> (uid=sfeher,ou=Staff,dc=office,dc=bluesystem,dc=hu) authentication
> ok (REMOTE_ADDR: 192.168.1.11).
> [Thu Jul 12 14:10:42
> 2007][Notice][Kernel::System::User::GetUserData] Panic! No
> UserData for user: 'sfeher'!!!
> [Thu Jul 12 14:10:42
> 2007][Error][Kernel::System::User::UserAdd][229] Need UserFirstname!
> [Thu Jul 12 14:10:42
> 2007][Error][Kernel::System::Auth::LDAP::Auth][385] Can't create
> user 'sfeher' (uid=sfeher,ou=Staff,dc=office,dc=bluesystem,dc=hu)
> in RDBMS!
> [Thu Jul 12 14:10:42
> 2007][Notice][Kernel::System::User::GetUserData] Panic! No
> UserData for user: 'sfeher'!!!
>
> And the LDAP entry:
>
> dn: uid=sfeher,ou=Staff,dc=office,dc=bluesystem,dc=hu
> objectClass: posixAccount
> objectClass: top
> objectClass: inetOrgPerson
> objectClass: shadowAccount
> gidNumber: 65534
> givenName: Sandor
> sn: Feher
> displayName: Sandor Feher
> uid: sfeher
> homeDirectory: /home/sfeher
> loginShell: /bin/bash
> shadowFlag: 0
> shadowMin: 0
> shadowMax: 99999
> shadowWarning: 0
> shadowInactive: 99999
> shadowLastChange: 12011
> shadowExpire: 99999
> mail: sfeher at bluesystem.hu
> cn: Sandor Feher
> uidNumber: 17261
> structuralObjectClass: inetOrgPerson
> entryUUID: 2f008b44-c3da-102b-93cc-b53af2a69bad
> creatorsName: cn=admin,dc=office,dc=bluesystem,dc=hu
> createTimestamp: 20070711090933Z
> userPassword:: e1NIQX03MnErRUswSUxBSVZsSUdjVVdKcmsxVEtQL2M9
> entryCSN: 20070711091036Z#000000#00#000000
> modifiersName: cn=admin,dc=office,dc=bluesystem,dc=hu
> modifyTimestamp: 20070711091036Z
>
>
> Regards., Sandor
>
>
>> Sándor,
>>
>> Sorry its still early here (US), searched the web for UserSyncLDAPMap and
>> found that The DB line is normally commented out. So would not think that
>> is you issue. I searched my 2.2 config and found that I do not have a
>> UserSyncLDAPMap in it. When I did my 2.2 LDAP, I started from the default
>> Config.pm and worked my way through using the 2.2 HTML manual from the
>> website.
>>
>> Again, in the past when I have seen the Panic statement I have found the
>> problem to be in the Map command. Following is a cut and paste from mine.
>> Map => [
>> # note: Login, Email and CustomerID needed!
>> # var, frontend, storage, shown (1=always,2=lite), required,
>> storage-type, http-link, readonly
>> [ 'UserSalutation', 'Title', 'title', 1, 0,
>> 'var', '', 0 ],
>> [ 'UserFirstname', 'Firstname', 'givenname', 1, 1,
>> 'var', '', 0 ],
>> [ 'UserLastname', 'Lastname', 'sn', 1, 1,
>> 'var', '', 0 ],
>> [ 'UserLogin', 'Username', 'uid', 1, 1,
>> 'var', '', 0 ],
>> [ 'UserEmail', 'Email', 'mail', 1, 1,
>> 'var', '', 0 ],
>> [ 'UserCustomerID', 'CustomerID', 'confirm', 0, 1,
>> 'var', '', 0 ],
>> # [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1,
>> 0, 'var', '', 0 ],
>> [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0,
>> 'var', '', 0 ],
>> [ 'UserAddress', 'Address', 'postaladdress', 1, 0,
>> 'var', '', 0 ],
>> [ 'UserComment', 'Comment', 'description', 1, 0,
>> 'var', '', 0 ],
>> ],
>> };
>>
>> If I recieved the message I would verify that in my example, givenname was
>> actually in LDAP and contained the first name of the user. You may want to
>> post the entire LDAP section from your Config.pm with any usernames/password
>> changed.
>>
>> Sorry everyone for the poor prior post, again its early here :)
>>
>>
>> Have Fun.
>>
>> Greg Horne
>> geh
>> gehorne
>>
>> -----Original Message-----
>> From: otrs-bounces at otrs.org [mailto:otrs-bounces at otrs.org]On Behalf Of
>> Sándor Fehér
>> Sent: Thursday, July 12, 2007 2:00 AM
>> To: User questions and discussions about OTRS.org
>> Subject: Re: [otrs] LDAP auth problem
>>
>>
>> Sándor Fehér írta:
>>
>> Some additional info. I downgraded to 2.1.6 and it works fine with that.
>> Here is the relevant part of my Config.pm
>>
>> # $DIBI$
>> $Self->{'SystemID'} = 10;
>> $Self->{'SecureMode'} = 1;
>> $Self->{'Organization'} = 'Blue System ';
>> $Self->{'LogModule::LogFile'} = '/opt/otrs/var/otrs.log';
>> $Self->{'LogModule'} = 'Kernel::System::Log::SysLog';
>> $Self->{'FQDN'} = 'mail.office.bluesystem.hu';
>> $Self->{'DefaultLanguage'} = 'hu';
>> $Self->{'DefaultCharset'} = 'iso-8859-2';
>> $Self->{'AdminEmail'} = 'sfeher at bluesystem.hu';
>> $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
>> $Self->{'AuthModule::LDAP::Host'} = '192.168.1.9';
>> $Self->{'AuthModule::LDAP::BaseDN'} =
>> 'ou=Staff,dc=office,dc=bluesystem,dc=hu';
>> $Self->{'AuthModule::LDAP::UID'} = 'uid';
>> $Self->{'AuthModule::LDAP::UserAttr'} = 'uid';
>> $Self->{'AuthModule::LDAP::Params'} = {
>> port => 389,
>> timeout => 120,
>> async => 0,
>> version => 3,
>> };
>>
>> $Self->{UserSyncLDAPMap} = {
>> # DB -> LDAP
>> Firstname => 'givenName',
>> Lastname => 'sn',
>> Email => 'mail',
>> };
>>
>> $Self->{UserSyncLDAPGroups} = [
>> 'users',
>> ];
>>
>> $Self->{DatabaseUserTable} = 'system_user';
>> $Self->{DatabaseUserTableUserID} = 'id';
>> $Self->{DatabaseUserTableUserPW} = 'pw';
>> $Self->{DatabaseUserTableUser} = 'login';
>>
>>
>>
>>
>> And the log I get.
>>
>> [Thu Jul 12 07:55:28 2007][Notice][Kernel::System::Auth::LDAP::Auth]
>> User: sfeher (uid=sfeher,ou=St
>> [Thu Jul 12 07:55:28 2007][Notice][Kernel::System::User::GetUserData]
>> Panic! No UserData for user:
>> [Thu Jul 12 07:55:28 2007][Error][Kernel::System::User::UserAdd][229]
>> Need UserFirstname!
>> [Thu Jul 12 07:55:28 2007][Error][Kernel::System::Auth::LDAP::Auth][385]
>> Can't create user 'sfeher'
>> [Thu Jul 12 07:55:28 2007][Notice][Kernel::System::User::GetUserData]
>> Panic! No UserData for user:
>>
>> Regards., Sandor
>>
>>
>>> Hi,
>>>
>>>
>>> I had a well working otrs config so far with the following parts:
>>>
>>> - Apache 2.2.3 with mod_perl
>>> - OTRS 2.1.6
>>> - Oracle 10.2.0.1
>>> - Openldap 2.3.35
>>>
>>> The authetication worked perfectly from LDAP. Today I decided to build
>>> a new config with otrs 2.2.1.
>>> I backed up my Config.pm and installed a new otrs 2.2.1. Ran the
>>> oracle database scripts as well.
>>> Everything is fine except the authentication (I can log in with
>>> root at localhost).
>>> The result is the same either I use mysql backend.
>>> Thank you in advance.
>>>
>>> Regards., Sandor
>>>
>>>
>>> ERROR: OTRS-CGI-10 Perl: 5.8.8 OS: linux Time: Wed Jul 11 11:10:39 2007
>>>
>>> Message: Can't create user 'sfeher'
>>> (uid=sfeher,ou=Staff,dc=office,dc=bluesystem,dc=hu) in RDBMS!
>>>
>>> Traceback (8276):
>>> Module: Kernel::System::Auth::LDAP::Auth (v1.37) Line: 385
>>> Module: Kernel::System::Auth::Auth (v1.23) Line: 120
>>> Module: Kernel::System::Web::InterfaceAgent::Run (v1.22) Line: 192
>>> Module:
>>>
>>>
>> ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_index_2epl::handler
>>
>>> (v) Line: 4
>>> Module: (eval) (v1.81) Line: 203
>>> Module: ModPerl::RegistryCooker::run (v1.81) Line: 203
>>> Module: ModPerl::RegistryCooker::default_handler (v1.81) Line: 169
>>> Module: ModPerl::Registry::handler (v1.99) Line: 30
>>>
>>>
>>
>>
>> --
>> Üdvözlettel, Fehér Sándor
>>
>>
>> ...Fehér Sándor... --- ....Sandor Feher....
>> fejlesztési vezető --- development manager
>> Blue System Kft. --- Blue System Ltd.
>>
>> mailto:sfeher at bluesystem.hu http://www.bluesystem.hu
>> [ - real men don't click - ]
>>
>> _______________________________________________
>> OTRS mailing list: otrs - Webpage: http://otrs.org/
>> Archive: http://lists.otrs.org/pipermail/otrs
>> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
>> Support or consulting for your OTRS system?
>> => http://www.otrs.com/
>>
>> _______________________________________________
>> OTRS mailing list: otrs - Webpage: http://otrs.org/
>> Archive: http://lists.otrs.org/pipermail/otrs
>> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
>> Support or consulting for your OTRS system?
>> => http://www.otrs.com/
>>
>> _______________________________________________
>> OTRS mailing list: otrs - Webpage: http://otrs.org/
>> Archive: http://lists.otrs.org/pipermail/otrs
>> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
>> Support or consulting for your OTRS system?
>> => http://www.otrs.com/
>>
>
>
> --
> Üdvözlettel, Fehér Sándor
>
>
> ...Fehér Sándor... --- ....Sandor Feher....
> fejlesztési vezető --- development manager
> Blue System Kft. --- Blue System Ltd.
>
> mailto:sfeher at bluesystem.hu http://www.bluesystem.hu
> [ - real men don't click - ]
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> OTRS mailing list: otrs - Webpage: http://otrs.org/
> Archive: http://lists.otrs.org/pipermail/otrs
> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
> Support or consulting for your OTRS system?
> => http://www.otrs.com/
--
Üdvözlettel, Fehér Sándor
...Fehér Sándor... --- ....Sandor Feher....
fejlesztési vezető --- development manager
Blue System Kft. --- Blue System Ltd.
mailto:sfeher at bluesystem.hu http://www.bluesystem.hu
[ - real men don't click - ]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.otrs.org/pipermail/otrs/attachments/20070712/5f44d18a/attachment-0001.html
More information about the otrs
mailing list