[otrs] Adding a second agent auth

Thu Mar 6 09:26:23 GMT 2008

I had this came problem.  I didn't want to have both forms of
authentication though... only LDAP.  I had logged into OTRS as my AD
account via LDAP and then logged out.  I then tried to login as the
root at localhost to give myself admin privs.  Then same as you I could no
longer get in.

All I did as a work around was revert to my save config file, login to
OTRS, give my AD account admin rights, and then changed back to my
config file with my LDAP info, and there I was with an accessible admin
account.

Wes Sothard

-----Original Message-----
From: otrs-bounces at otrs.org [mailto:otrs-bounces at otrs.org] On Behalf Of
Lambert, Derek
Sent: Wednesday, March 05, 2008 3:40 PM
To: otrs at otrs.org
Subject: [otrs] Adding a second agent auth

I'm in the process of creating an OTRS test environment and attempting
to configure LDAP agent authentication. After a bit of reading I managed
to get things working. When I tried to log back into OTRS as the
root at localhost user though I realized I that I was no longer using the
local DB and couldn't get admin access. I tried to add a second agent
authentication method following the docs and previous posts but haven't
found much information on configuring the DB method. Here is my current
config:

    $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
    $Self->{'AuthModule::LDAP::Host'} = 'maddc01.acme.com';
    $Self->{'AuthModule::LDAP::BaseDN'} = 'DC=acme,DC=com';
    $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';

    $Self->{'AuthModule::LDAP::GroupDN'} = 'CN=Enterprise Desktop
Technician,OU=Security Groups,OU=USA,DC=acme,DC=com';
    $Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
    $Self->{'AuthModule::LDAP::UserAttr'} = 'DN';

    $Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=Lambert\,
Derek,OU=Users,OU=USA,DC=acme,DC=com';
    $Self->{'AuthModule::LDAP::SearchUserPw'} = 'password';

    $Self->{'AuthModule::LDAP::AlwaysFilter'} =
'(objectCategory=person)';

    $Self->{'AuthModule::LDAP::Params'} = {
        port => 389,
        timeout => 120,
        async => 0,
        version => 3,
    };

    $Self->{'AuthModule::LDAP::Die'} = 1;

    $Self->{UserSyncLDAPMap} = {
        # DB -> LDAP
        UserFirstname => 'givenName',
        UserLastname => 'sn',
        UserEmail => 'mail',
    };

    $Self->{UserSyncLDAPGroups} = [
        'users',
    ];

    $Self->{DatabaseUserTable} = 'system_user';
    $Self->{DatabaseUserTableUserID} = 'id';
    $Self->{DatabaseUserTableUserPW} = 'pw';
    $Self->{DatabaseUserTableUser} = 'login';

    $Self->{'AuthModule2'} = 'Kernel::System::Auth::DB';

 When I try and login as root at localhost I get the following errors in
otrs.log:

[Wed Mar  5 14:11:19 2008][Error][Kernel::System::Auth::DB::Auth][90]
Table 'otrs.user' doesn't exist, SQL: 'SELECT pw, id  FROM  user  WHERE
valid_id IN ( 1 )  AND  login = 'root at localhost''
[Wed Mar  5 14:11:19 2008][Notice][Kernel::System::Auth::DB::Auth] User:
root at localhost doesn't exist or is invalid!!! (REMOTE_ADDR: 127.0.0.1)

I can see the problem is it's looking for the table 'user', not
'system_user' - but how do I change this?

I tried changing LDAP to the second method but the Sync Map doesn't work
and I get the 'Panic! No UserData for user' error.

This is probably a simple question but my perl is a bit rusty and I
can't quite remember all the ->, =>, =, etc. and where to use which one.
Any help would be greatly appreciated!

Thanks!

Derek J. Lambert
Technical Support Analyst
IT Operations Support
Fiskars Brands, Inc.
_______________________________________________
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support or consulting for your OTRS system?
=http://www.otrs.com/