[otrs] LDAP auth problem
Sándor Fehér
sfeher at bluesystem.hu
Thu Jul 12 16:04:07 GMT 2007
Greg Horne írta:
> Sorry for the misunderstanding. I generally do Customers first
> (internal IT shop) and then get the agents working last. Have never
> done one with agents only using LDAP. I'll try to do an agent only
> config.pm against a test install of 2.2 and see what happens, will
> be later in the day so if anyone has any suggestions.....
Thanks in advance.
Sandor
>
> Thanks
>
> GEH
>
> -----Original Message-----
> *From:* otrs-bounces at otrs.org [mailto:otrs-bounces at otrs.org]*On
> Behalf Of *Sándor Fehér
> *Sent:* Thursday, July 12, 2007 9:29 AM
> *To:* User questions and discussions about OTRS.org
> *Subject:* Re: [otrs] LDAP auth problem
>
> Greg Horne írta:
>> Do you have a MAP Array configured in Config.pm?
> No. But I need not for that because I want to authenticate agents
> only in this way.
> Anyway I applied the section above but nothing has changed. (It
> worked perfectly in 2.1.6 with the same settings)
>
> Regards., Sandor
>>
>> Looking at
>> http://doc.otrs.org/2.2/en/html/x1572.html#customer-backend-ldap
>>
>> They have a sample config section as shown below in part, the
>> part of this that I would look at is the map array : ",
>> Map => [
>> # note: Login, Email and CustomerID needed!
>> # var, frontend, storage, shown (1=always,2=lite),
>> required, storage-type, http-link, readonly
>> [ 'UserSalutation', 'Title', 'title',
>> 1, 0, 'var', '', 0 ],
>> [ 'UserFirstname', 'Firstname', 'givenname',
>> 1, 1, 'var', '', 0 ],
>> [ 'UserLastname', 'Lastname', 'sn',
>> 1, 1, 'var', '', 0 ],
>> [ 'UserLogin', 'Username', 'uid',
>> 1, 1, 'var', '', 0 ],
>> [ 'UserEmail', 'Email', 'mail',
>> 1, 1, 'var', '', 0 ],
>> [ 'UserCustomerID', 'CustomerID', 'mail',
>> 0, 1, 'var', '', 0 ],
>> # [ 'UserCustomerIDs', 'CustomerIDs',
>> 'second_customer_ids', 1, 0, 'var', '', 0 ],
>> [ 'UserPhone', 'Phone', 'telephonenumber',
>> 1, 0, 'var', '', 0 ],
>> [ 'UserAddress', 'Address', 'postaladdress',
>> 1, 0, 'var', '', 0 ],
>> [ 'UserComment', 'Comment', 'description',
>> 1, 0, 'var', '', 0 ],
>> ],
>> };
>>
>> " ##### End of Map Array
>>
>> Have Fun
>>
>> Greg Horne
>> geh
>> gehorne
>>
>>
>>
>> ################# Full cut and paste of the sample code from
>> http://doc.otrs.org/2.2/en/html/x1572.html#customer-backend-ldap
>>
>> # CustomerUser
>> # (customer user ldap backend and settings)
>> $Self->{CustomerUser} = {
>> Name => 'LDAP Datenquelle',
>> Module => 'Kernel::System::CustomerUser::LDAP',
>> Params => {
>> # ldap host
>> Host => 'bay.csuhayward.edu',
>> # ldap base dn
>> BaseDN => 'ou=seas,o=csuh',
>> # search scope (one|sub)
>> SSCOPE => 'sub',
>> # # The following is valid but would only be necessary
>> if the
>> # # anonymous user does NOT have permission to read
>> from the LDAP tree
>> UserDN => '',
>> UserPw => '',
>> # in case you want to add always one filter to each
>> ldap query, use
>> # this option. e. g. AlwaysFilter => '(mail=*)' or
>> AlwaysFilter => '(objectclass=user)'
>> AlwaysFilter => '',
>> # if your frontend is e. g. iso-8859-1 and the
>> charset of your
>> # ldap server is utf-8, use this options (if not,
>> ignore it)
>> # SourceCharset => 'utf-8',
>> # DestCharset => 'iso-8859-1',
>> # Net::LDAP new params (if needed - for more info see
>> perldoc Net::LDAP)
>> Params => {
>> port => 389,
>> timeout => 120,
>> async => 0,
>> version => 3,
>> },
>> },
>> # customer uniq id
>> CustomerKey => 'uid',
>> # customer #
>> CustomerID => 'mail',
>> CustomerUserListFields => ['cn', 'mail'],
>> CustomerUserSearchFields => ['uid', 'cn', 'mail'],
>> CustomerUserSearchPrefix => '',
>> CustomerUserSearchSuffix => '*',
>> CustomerUserSearchListLimit => 250,
>> CustomerUserPostMasterSearchFields => ['mail'],
>> CustomerUserNameFields => ['givenname', 'sn'],
>> # show now own tickets in customer panel, CompanyTickets
>> CustomerUserExcludePrimaryCustomerID => 0,
>> # add a ldap filter for valid users (expert setting)
>> # CustomerUserValidFilter => '(!(description=gesperrt))',
>> # admin can't change customer preferences
>> AdminSetPreferences => 0,
>> Map => [
>> # note: Login, Email and CustomerID needed!
>> # var, frontend, storage, shown (1=always,2=lite),
>> required, storage-type, http-link, readonly
>> [ 'UserSalutation', 'Title', 'title',
>> 1, 0, 'var', '', 0 ],
>> [ 'UserFirstname', 'Firstname', 'givenname',
>> 1, 1, 'var', '', 0 ],
>> [ 'UserLastname', 'Lastname', 'sn',
>> 1, 1, 'var', '', 0 ],
>> [ 'UserLogin', 'Username', 'uid',
>> 1, 1, 'var', '', 0 ],
>> [ 'UserEmail', 'Email', 'mail',
>> 1, 1, 'var', '', 0 ],
>> [ 'UserCustomerID', 'CustomerID', 'mail',
>> 0, 1, 'var', '', 0 ],
>> # [ 'UserCustomerIDs', 'CustomerIDs',
>> 'second_customer_ids', 1, 0, 'var', '', 0 ],
>> [ 'UserPhone', 'Phone', 'telephonenumber',
>> 1, 0, 'var', '', 0 ],
>> [ 'UserAddress', 'Address', 'postaladdress',
>> 1, 0, 'var', '', 0 ],
>> [ 'UserComment', 'Comment', 'description',
>> 1, 0, 'var', '', 0 ],
>> ],
>> };
>>
>> -----Original Message-----
>> *From:* otrs-bounces at otrs.org
>> [mailto:otrs-bounces at otrs.org]*On Behalf Of *Sándor Fehér
>> *Sent:* Thursday, July 12, 2007 8:36 AM
>> *To:* User questions and discussions about OTRS.org
>> *Subject:* Re: [otrs] LDAP auth problem - Changed
>>
>> Greg Horne írta:
>>
>> Greg,
>>
>> Thank you for the response. I double checked everything but I
>> can't figure out what's the problem.
>> I reinstalled a new 2.2.1 with the default settings (mysql,
>> utf8 and so one).
>> I followed the 2.2 documentation and pasted the required
>> section into my Config.pm
>> Changed it as needed but the result is the same. Here is the
>> relevant part.
>>
>> # This is an example configuration for an LDAP auth. backend.
>> # (take care that Net::LDAP is installed!)
>>
>> $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
>> $Self->{'AuthModule::LDAP::Host'} = 'localhost';
>> $Self->{'AuthModule::LDAP::BaseDN'} =
>> 'ou=Staff,dc=office,dc=bluesystem,dc=hu';
>> $Self->{'AuthModule::LDAP::UID'} = 'uid';
>> $Self->{'AuthModule::LDAP::SearchUserDN'} = '';
>> $Self->{'AuthModule::LDAP::SearchUserPw'} = '';
>> $Self->{'AuthModule::LDAP::AlwaysFilter'} = '';
>> $Self->{'AuthModule::LDAP::Params'} = {
>> port => 389,
>> timeout => 120,
>> async => 0,
>> version => 3,
>> };
>> $Self->{UserSyncLDAPMap} = {
>> # DB -> LDAP
>> Firstname => 'givenName',
>> Lastname => 'sn',
>> Email => 'mail',
>> };
>> $Self->{UserSyncLDAPGroups} = [
>> 'users',
>> ];
>>
>> # UserTable
>> $Self->{DatabaseUserTable} = 'system_user';
>> $Self->{DatabaseUserTableUserID} = 'id';
>> $Self->{DatabaseUserTableUserPW} = 'pw';
>> $Self->{DatabaseUserTableUser} = 'login';
>>
>>
>> And the log.
>>
>> [Thu Jul 12 14:10:42
>> 2007][Notice][Kernel::System::Auth::LDAP::Auth] User: sfeher
>> (uid=sfeher,ou=Staff,dc=office,dc=bluesystem,dc=hu)
>> authentication ok (REMOTE_ADDR: 192.168.1.11).
>> [Thu Jul 12 14:10:42
>> 2007][Notice][Kernel::System::User::GetUserData] Panic! No
>> UserData for user: 'sfeher'!!!
>> [Thu Jul 12 14:10:42
>> 2007][Error][Kernel::System::User::UserAdd][229] Need
>> UserFirstname!
>> [Thu Jul 12 14:10:42
>> 2007][Error][Kernel::System::Auth::LDAP::Auth][385] Can't
>> create user 'sfeher'
>> (uid=sfeher,ou=Staff,dc=office,dc=bluesystem,dc=hu) in RDBMS!
>> [Thu Jul 12 14:10:42
>> 2007][Notice][Kernel::System::User::GetUserData] Panic! No
>> UserData for user: 'sfeher'!!!
>>
>> And the LDAP entry:
>>
>> dn: uid=sfeher,ou=Staff,dc=office,dc=bluesystem,dc=hu
>> objectClass: posixAccount
>> objectClass: top
>> objectClass: inetOrgPerson
>> objectClass: shadowAccount
>> gidNumber: 65534
>> givenName: Sandor
>> sn: Feher
>> displayName: Sandor Feher
>> uid: sfeher
>> homeDirectory: /home/sfeher
>> loginShell: /bin/bash
>> shadowFlag: 0
>> shadowMin: 0
>> shadowMax: 99999
>> shadowWarning: 0
>> shadowInactive: 99999
>> shadowLastChange: 12011
>> shadowExpire: 99999
>> mail: sfeher at bluesystem.hu
>> cn: Sandor Feher
>> uidNumber: 17261
>> structuralObjectClass: inetOrgPerson
>> entryUUID: 2f008b44-c3da-102b-93cc-b53af2a69bad
>> creatorsName: cn=admin,dc=office,dc=bluesystem,dc=hu
>> createTimestamp: 20070711090933Z
>> userPassword:: e1NIQX03MnErRUswSUxBSVZsSUdjVVdKcmsxVEtQL2M9
>> entryCSN: 20070711091036Z#000000#00#000000
>> modifiersName: cn=admin,dc=office,dc=bluesystem,dc=hu
>> modifyTimestamp: 20070711091036Z
>>
>>
>> Regards., Sandor
>>
>>
>>> Sándor,
>>>
>>> Sorry its still early here (US), searched the web for UserSyncLDAPMap and
>>> found that The DB line is normally commented out. So would not think that
>>> is you issue. I searched my 2.2 config and found that I do not have a
>>> UserSyncLDAPMap in it. When I did my 2.2 LDAP, I started from the default
>>> Config.pm and worked my way through using the 2.2 HTML manual from the
>>> website.
>>>
>>> Again, in the past when I have seen the Panic statement I have found the
>>> problem to be in the Map command. Following is a cut and paste from mine.
>>> Map => [
>>> # note: Login, Email and CustomerID needed!
>>> # var, frontend, storage, shown (1=always,2=lite), required,
>>> storage-type, http-link, readonly
>>> [ 'UserSalutation', 'Title', 'title', 1, 0,
>>> 'var', '', 0 ],
>>> [ 'UserFirstname', 'Firstname', 'givenname', 1, 1,
>>> 'var', '', 0 ],
>>> [ 'UserLastname', 'Lastname', 'sn', 1, 1,
>>> 'var', '', 0 ],
>>> [ 'UserLogin', 'Username', 'uid', 1, 1,
>>> 'var', '', 0 ],
>>> [ 'UserEmail', 'Email', 'mail', 1, 1,
>>> 'var', '', 0 ],
>>> [ 'UserCustomerID', 'CustomerID', 'confirm', 0, 1,
>>> 'var', '', 0 ],
>>> # [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1,
>>> 0, 'var', '', 0 ],
>>> [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0,
>>> 'var', '', 0 ],
>>> [ 'UserAddress', 'Address', 'postaladdress', 1, 0,
>>> 'var', '', 0 ],
>>> [ 'UserComment', 'Comment', 'description', 1, 0,
>>> 'var', '', 0 ],
>>> ],
>>> };
>>>
>>> If I recieved the message I would verify that in my example, givenname was
>>> actually in LDAP and contained the first name of the user. You may want to
>>> post the entire LDAP section from your Config.pm with any usernames/password
>>> changed.
>>>
>>> Sorry everyone for the poor prior post, again its early here :)
>>>
>>>
>>> Have Fun.
>>>
>>> Greg Horne
>>> geh
>>> gehorne
>>>
>>> -----Original Message-----
>>> From: otrs-bounces at otrs.org [mailto:otrs-bounces at otrs.org]On Behalf Of
>>> Sándor Fehér
>>> Sent: Thursday, July 12, 2007 2:00 AM
>>> To: User questions and discussions about OTRS.org
>>> Subject: Re: [otrs] LDAP auth problem
>>>
>>>
>>> Sándor Fehér írta:
>>>
>>> Some additional info. I downgraded to 2.1.6 and it works fine with that.
>>> Here is the relevant part of my Config.pm
>>>
>>> # $DIBI$
>>> $Self->{'SystemID'} = 10;
>>> $Self->{'SecureMode'} = 1;
>>> $Self->{'Organization'} = 'Blue System ';
>>> $Self->{'LogModule::LogFile'} = '/opt/otrs/var/otrs.log';
>>> $Self->{'LogModule'} = 'Kernel::System::Log::SysLog';
>>> $Self->{'FQDN'} = 'mail.office.bluesystem.hu';
>>> $Self->{'DefaultLanguage'} = 'hu';
>>> $Self->{'DefaultCharset'} = 'iso-8859-2';
>>> $Self->{'AdminEmail'} = 'sfeher at bluesystem.hu';
>>> $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
>>> $Self->{'AuthModule::LDAP::Host'} = '192.168.1.9';
>>> $Self->{'AuthModule::LDAP::BaseDN'} =
>>> 'ou=Staff,dc=office,dc=bluesystem,dc=hu';
>>> $Self->{'AuthModule::LDAP::UID'} = 'uid';
>>> $Self->{'AuthModule::LDAP::UserAttr'} = 'uid';
>>> $Self->{'AuthModule::LDAP::Params'} = {
>>> port => 389,
>>> timeout => 120,
>>> async => 0,
>>> version => 3,
>>> };
>>>
>>> $Self->{UserSyncLDAPMap} = {
>>> # DB -> LDAP
>>> Firstname => 'givenName',
>>> Lastname => 'sn',
>>> Email => 'mail',
>>> };
>>>
>>> $Self->{UserSyncLDAPGroups} = [
>>> 'users',
>>> ];
>>>
>>> $Self->{DatabaseUserTable} = 'system_user';
>>> $Self->{DatabaseUserTableUserID} = 'id';
>>> $Self->{DatabaseUserTableUserPW} = 'pw';
>>> $Self->{DatabaseUserTableUser} = 'login';
>>>
>>>
>>>
>>>
>>> And the log I get.
>>>
>>> [Thu Jul 12 07:55:28 2007][Notice][Kernel::System::Auth::LDAP::Auth]
>>> User: sfeher (uid=sfeher,ou=St
>>> [Thu Jul 12 07:55:28 2007][Notice][Kernel::System::User::GetUserData]
>>> Panic! No UserData for user:
>>> [Thu Jul 12 07:55:28 2007][Error][Kernel::System::User::UserAdd][229]
>>> Need UserFirstname!
>>> [Thu Jul 12 07:55:28 2007][Error][Kernel::System::Auth::LDAP::Auth][385]
>>> Can't create user 'sfeher'
>>> [Thu Jul 12 07:55:28 2007][Notice][Kernel::System::User::GetUserData]
>>> Panic! No UserData for user:
>>>
>>> Regards., Sandor
>>>
>>>
>>>> Hi,
>>>>
>>>>
>>>> I had a well working otrs config so far with the following parts:
>>>>
>>>> - Apache 2.2.3 with mod_perl
>>>> - OTRS 2.1.6
>>>> - Oracle 10.2.0.1
>>>> - Openldap 2.3.35
>>>>
>>>> The authetication worked perfectly from LDAP. Today I decided to build
>>>> a new config with otrs 2.2.1.
>>>> I backed up my Config.pm and installed a new otrs 2.2.1. Ran the
>>>> oracle database scripts as well.
>>>> Everything is fine except the authentication (I can log in with
>>>> root at localhost).
>>>> The result is the same either I use mysql backend.
>>>> Thank you in advance.
>>>>
>>>> Regards., Sandor
>>>>
>>>>
>>>> ERROR: OTRS-CGI-10 Perl: 5.8.8 OS: linux Time: Wed Jul 11 11:10:39 2007
>>>>
>>>> Message: Can't create user 'sfeher'
>>>> (uid=sfeher,ou=Staff,dc=office,dc=bluesystem,dc=hu) in RDBMS!
>>>>
>>>> Traceback (8276):
>>>> Module: Kernel::System::Auth::LDAP::Auth (v1.37) Line: 385
>>>> Module: Kernel::System::Auth::Auth (v1.23) Line: 120
>>>> Module: Kernel::System::Web::InterfaceAgent::Run (v1.22) Line: 192
>>>> Module:
>>>>
>>>>
>>> ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_index_2epl::handler
>>>
>>>> (v) Line: 4
>>>> Module: (eval) (v1.81) Line: 203
>>>> Module: ModPerl::RegistryCooker::run (v1.81) Line: 203
>>>> Module: ModPerl::RegistryCooker::default_handler (v1.81) Line: 169
>>>> Module: ModPerl::Registry::handler (v1.99) Line: 30
>>>>
>>>>
>>>
>>>
>>> --
>>> Üdvözlettel, Fehér Sándor
>>>
>>>
>>> ...Fehér Sándor... --- ....Sandor Feher....
>>> fejlesztési vezető --- development manager
>>> Blue System Kft. --- Blue System Ltd.
>>>
>>> mailto:sfeher at bluesystem.hu http://www.bluesystem.hu
>>> [ - real men don't click - ]
>>>
>>> _______________________________________________
>>> OTRS mailing list: otrs - Webpage: http://otrs.org/
>>> Archive: http://lists.otrs.org/pipermail/otrs
>>> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
>>> Support or consulting for your OTRS system?
>>> => http://www.otrs.com/
>>>
>>> _______________________________________________
>>> OTRS mailing list: otrs - Webpage: http://otrs.org/
>>> Archive: http://lists.otrs.org/pipermail/otrs
>>> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
>>> Support or consulting for your OTRS system?
>>> => http://www.otrs.com/
>>>
>>> _______________________________________________
>>> OTRS mailing list: otrs - Webpage: http://otrs.org/
>>> Archive: http://lists.otrs.org/pipermail/otrs
>>> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
>>> Support or consulting for your OTRS system?
>>> => http://www.otrs.com/
>>>
>>
>>
>> --
>> Üdvözlettel, Fehér Sándor
>>
>>
>> ...Fehér Sándor... --- ....Sandor Feher....
>> fejlesztési vezető --- development manager
>> Blue System Kft. --- Blue System Ltd.
>>
>> mailto:sfeher at bluesystem.hu http://www.bluesystem.hu
>> [ - real men don't click - ]
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> OTRS mailing list: otrs - Webpage: http://otrs.org/
>> Archive: http://lists.otrs.org/pipermail/otrs
>> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
>> Support or consulting for your OTRS system?
>> => http://www.otrs.com/
>
>
> --
> Üdvözlettel, Fehér Sándor
>
>
> ...Fehér Sándor... --- ....Sandor Feher....
> fejlesztési vezető --- development manager
> Blue System Kft. --- Blue System Ltd.
>
> mailto:sfeher at bluesystem.hu http://www.bluesystem.hu
> [ - real men don't click - ]
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> OTRS mailing list: otrs - Webpage: http://otrs.org/
> Archive: http://lists.otrs.org/pipermail/otrs
> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
> Support or consulting for your OTRS system?
> => http://www.otrs.com/
--
Üdvözlettel, Fehér Sándor
...Fehér Sándor... --- ....Sandor Feher....
fejlesztési vezető --- development manager
Blue System Kft. --- Blue System Ltd.
mailto:sfeher at bluesystem.hu http://www.bluesystem.hu
[ - real men don't click - ]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.otrs.org/pipermail/otrs/attachments/20070712/e9d11048/attachment-0001.html
More information about the otrs
mailing list