OTRS and LDAP Integration get broken

Mahmoud Ramadan Ali

10 Nov 2014 10 Nov '14

7:08 p.m.

Hi everyone I've integrated OTRS and LDAP and it worked for a sometime but the integration get broken and i'm reciving this error message...any help please how to solve this ?! Nov 10 20:00:38 localhost OTRS-CGI-62[3438]: [Error][Kernel::System::Auth::LDAP::Auth][Line:167]: Can't connect to dc.hotciscolabs.com: IO::Socket::INET: connect: Connection refused

Attachments:

attachment.html (text/html — 447 bytes)

Show replies by date

Marcel Schulte

11 Nov 11 Nov

4:56 a.m.

Hi Mahmoud, do you connect to LDAP or LDAPS (with SSL)? In case of LDAPS it could have happened the SSL certificate of your LDAP server has changed and your OTRS does not know how to verify this new cert... HTH, Marcel Mahmoud Ramadan Ali schrieb am Mon Nov 10 2014 at 20:09:21:

...

Hi everyone I've integrated OTRS and LDAP and it worked for a sometime but the integration get broken and i'm reciving this error message...any help please how to solve this ?! Nov 10 20:00:38 localhost OTRS-CGI-62[3438]: [Error][Kernel::System::Auth::LDAP::Auth][Line:167]: Can't connect to dc.hotciscolabs.com: IO::Socket::INET: connect: Connection refused

--------------------------------------------------------------------- OTRS mailing list: itsm - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/itsm To unsubscribe: http://lists.otrs.org/mailman/listinfo/itsm

Mahmoud Ramadan Ali

9:18 a.m.

Hiii Marcel, Thanks for the reply but no i'm not using SSL...i'm integrating this with MS Active directory and the integration worked fine for sometime then get broken...i have uploaded my config file so you can check it ..and thanks in advance... On Tue, Nov 11, 2014 at 6:56 AM, Marcel Schulte wrote:

...

Hi Mahmoud,

do you connect to LDAP or LDAPS (with SSL)? In case of LDAPS it could have happened the SSL certificate of your LDAP server has changed and your OTRS does not know how to verify this new cert...

HTH, Marcel

Mahmoud Ramadan Ali schrieb am Mon Nov 10 2014 at 20:09:21:

...
Hi everyone I've integrated OTRS and LDAP and it worked for a sometime but the integration get broken and i'm reciving this error message...any help please how to solve this ?! Nov 10 20:00:38 localhost OTRS-CGI-62[3438]: [Error][Kernel::System::Auth::LDAP::Auth][Line:167]: Can't connect to dc.hotciscolabs.com: IO::Socket::INET: connect: Connection refused

--------------------------------------------------------------------- OTRS mailing list: itsm - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/itsm To unsubscribe: http://lists.otrs.org/mailman/listinfo/itsm

--------------------------------------------------------------------- OTRS mailing list: itsm - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/itsm To unsubscribe: http://lists.otrs.org/mailman/listinfo/itsm

Patrick Bloem

9:25 a.m.

Hi Mahmoud, do you check the Active Directory User for the connection? Maybe is the user is disable or banned from the inactivity policy. With best regards Patrick Bloem System Administrator Von: itsm-bounces@otrs.org [mailto:itsm-bounces@otrs.org] Im Auftrag von Mahmoud Ramadan Ali Gesendet: Dienstag, 11. November 2014 10:18 An: OTRS::ITSM User questions and discussions Betreff: Re: [itsm] OTRS and LDAP Integration get broken Hiii Marcel, Thanks for the reply but no i'm not using SSL...i'm integrating this with MS Active directory and the integration worked fine for sometime then get broken...i have uploaded my config file so you can check it ..and thanks in advance... On Tue, Nov 11, 2014 at 6:56 AM, Marcel Schulte mailto:schulte.marcel@gmail.com> wrote: Hi Mahmoud, do you connect to LDAP or LDAPS (with SSL)? In case of LDAPS it could have happened the SSL certificate of your LDAP server has changed and your OTRS does not know how to verify this new cert... HTH, Marcel Mahmoud Ramadan Ali mailto:cisco.and.more.blog@gmail.com> schrieb am Mon Nov 10 2014 at 20:09:21: Hi everyone I've integrated OTRS and LDAP and it worked for a sometime but the integration get broken and i'm reciving this error message...any help please how to solve this ?! Nov 10 20:00:38 localhost OTRS-CGI-62[3438]: [Error][Kernel::System::Auth::LDAP::Auth][Line:167]: Can't connect to dc.hotciscolabs.comhttp://dc.hotciscolabs.com: IO::Socket::INET: connect: Connection refused --------------------------------------------------------------------- OTRS mailing list: itsm - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/itsm To unsubscribe: http://lists.otrs.org/mailman/listinfo/itsm --------------------------------------------------------------------- OTRS mailing list: itsm - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/itsm To unsubscribe: http://lists.otrs.org/mailman/listinfo/itsm

Mahmoud Ramadan Ali

7:37 p.m.

Hii Dears, Thanks for the reply but i checked the user and it is not locked or disabled also i'm using Microsoft active directory and do not have ssl configured ...i added the user to the administators and domain admins group without success...i have attached my Config.pm file so u can check it. Please this is urgent so any assistance will be appreciated. On Tue, Nov 11, 2014 at 11:25 AM, Patrick Bloem wrote:

...

Hi Mahmoud,

do you check the Active Directory User for the connection?

Maybe is the user is disable or banned from the inactivity policy.

*With best regards*

*Patrick Bloem*

System Administrator

*Von:* itsm-bounces@otrs.org [mailto:itsm-bounces@otrs.org] *Im Auftrag von *Mahmoud Ramadan Ali *Gesendet:* Dienstag, 11. November 2014 10:18 *An:* OTRS::ITSM User questions and discussions *Betreff:* Re: [itsm] OTRS and LDAP Integration get broken

Hiii Marcel,

Thanks for the reply but no i'm not using SSL...i'm integrating this with MS Active directory and the integration worked fine for sometime then get broken...i have uploaded my config file so you can check it ..and thanks in advance...

On Tue, Nov 11, 2014 at 6:56 AM, Marcel Schulte wrote:

Hi Mahmoud,

do you connect to LDAP or LDAPS (with SSL)? In case of LDAPS it could have happened the SSL certificate of your LDAP server has changed and your OTRS does not know how to verify this new cert...

HTH,

Marcel

Mahmoud Ramadan Ali schrieb am Mon Nov 10 2014 at 20:09:21:

Hi everyone I've integrated OTRS and LDAP and it worked for a sometime but the integration get broken and i'm reciving this error message...any help please how to solve this ?! Nov 10 20:00:38 localhost OTRS-CGI-62[3438]: [Error][Kernel::System::Auth::LDAP::Auth][Line:167]: Can't connect to dc.hotciscolabs.com: IO::Socket::INET: connect: Connection refused

--------------------------------------------------------------------- OTRS mailing list: itsm - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/itsm To unsubscribe: http://lists.otrs.org/mailman/listinfo/itsm

--------------------------------------------------------------------- OTRS mailing list: itsm - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/itsm To unsubscribe: http://lists.otrs.org/mailman/listinfo/itsm

--------------------------------------------------------------------- OTRS mailing list: itsm - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/itsm To unsubscribe: http://lists.otrs.org/mailman/listinfo/itsm

Mahmoud Ramadan Ali

12 Nov 12 Nov

3:46 p.m.

any updates dears ! i'm stuck now On Tue, Nov 11, 2014 at 9:37 PM, Mahmoud Ramadan Ali < cisco.and.more.blog@gmail.com> wrote:

...

Hii Dears, Thanks for the reply but i checked the user and it is not locked or disabled also i'm using Microsoft active directory and do not have ssl configured ...i added the user to the administators and domain admins group without success...i have attached my Config.pm file so u can check it. Please this is urgent so any assistance will be appreciated.

On Tue, Nov 11, 2014 at 11:25 AM, Patrick Bloem wrote:

...
Hi Mahmoud,

do you check the Active Directory User for the connection?

Maybe is the user is disable or banned from the inactivity policy.

*With best regards*

*Patrick Bloem*

System Administrator

*Von:* itsm-bounces@otrs.org [mailto:itsm-bounces@otrs.org] *Im Auftrag von *Mahmoud Ramadan Ali *Gesendet:* Dienstag, 11. November 2014 10:18 *An:* OTRS::ITSM User questions and discussions *Betreff:* Re: [itsm] OTRS and LDAP Integration get broken

Hiii Marcel,

Thanks for the reply but no i'm not using SSL...i'm integrating this with MS Active directory and the integration worked fine for sometime then get broken...i have uploaded my config file so you can check it ..and thanks in advance...

On Tue, Nov 11, 2014 at 6:56 AM, Marcel Schulte wrote:

Hi Mahmoud,

do you connect to LDAP or LDAPS (with SSL)? In case of LDAPS it could have happened the SSL certificate of your LDAP server has changed and your OTRS does not know how to verify this new cert...

HTH,

Marcel

Mahmoud Ramadan Ali schrieb am Mon Nov 10 2014 at 20:09:21:

Hi everyone I've integrated OTRS and LDAP and it worked for a sometime but the integration get broken and i'm reciving this error message...any help please how to solve this ?! Nov 10 20:00:38 localhost OTRS-CGI-62[3438]: [Error][Kernel::System::Auth::LDAP::Auth][Line:167]: Can't connect to dc.hotciscolabs.com: IO::Socket::INET: connect: Connection refused

--------------------------------------------------------------------- OTRS mailing list: itsm - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/itsm To unsubscribe: http://lists.otrs.org/mailman/listinfo/itsm

--------------------------------------------------------------------- OTRS mailing list: itsm - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/itsm To unsubscribe: http://lists.otrs.org/mailman/listinfo/itsm

--------------------------------------------------------------------- OTRS mailing list: itsm - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/itsm To unsubscribe: http://lists.otrs.org/mailman/listinfo/itsm

Stanford, Philip N.

4:50 p.m.

Hi Mahmoud Have you checked using other tools on your OTRS system (eg something like ‘ldapsearch’) that you do have access to the AD LDAP server still? ‘Connection refused’ does sound as if the basic network socket isn’t being established, so could it be that someone has changed a firewall setting between your OTRS system and the AD LDAP server, or decided to enforce SSL access? Other basic tools like ping or traceroute could be useful too just in case something is preventing access to your DC now. You might try using SSL – I have found that to get this to work I need to specify the host using a URL format rather than just a hostname – eg in line 98 of your Config.pm file you could change Host => 'dc.hotciscolabs.com', to Host => 'ldaps://dc.hotciscolabs.com', and in line 121 change port => 389 to port => 636 That should make OTRS use SSL for the lookup (in version 3.3 anyway). Regards Phil From: Mahmoud Ramadan Ali [mailto:cisco.and.more.blog@gmail.com] Sent: 12 November 2014 15:46 To: OTRS::ITSM User questions and discussions Subject: Re: [itsm] OTRS and LDAP Integration get broken any updates dears ! i'm stuck now On Tue, Nov 11, 2014 at 9:37 PM, Mahmoud Ramadan Ali mailto:cisco.and.more.blog@gmail.com> wrote: Hii Dears, Thanks for the reply but i checked the user and it is not locked or disabled also i'm using Microsoft active directory and do not have ssl configured ...i added the user to the administators and domain admins group without success...i have attached my Config.pm file so u can check it. Please this is urgent so any assistance will be appreciated. On Tue, Nov 11, 2014 at 11:25 AM, Patrick Bloem mailto:P.Bloem@call-teleteam.de> wrote: Hi Mahmoud, do you check the Active Directory User for the connection? Maybe is the user is disable or banned from the inactivity policy. With best regards Patrick Bloem System Administrator Von: itsm-bounces@otrs.orgmailto:itsm-bounces@otrs.org [mailto:itsm-bounces@otrs.orgmailto:itsm-bounces@otrs.org] Im Auftrag von Mahmoud Ramadan Ali Gesendet: Dienstag, 11. November 2014 10:18 An: OTRS::ITSM User questions and discussions Betreff: Re: [itsm] OTRS and LDAP Integration get broken Hiii Marcel, Thanks for the reply but no i'm not using SSL...i'm integrating this with MS Active directory and the integration worked fine for sometime then get broken...i have uploaded my config file so you can check it ..and thanks in advance... On Tue, Nov 11, 2014 at 6:56 AM, Marcel Schulte mailto:schulte.marcel@gmail.com> wrote: Hi Mahmoud, do you connect to LDAP or LDAPS (with SSL)? In case of LDAPS it could have happened the SSL certificate of your LDAP server has changed and your OTRS does not know how to verify this new cert... HTH, Marcel Mahmoud Ramadan Ali mailto:cisco.and.more.blog@gmail.com> schrieb am Mon Nov 10 2014 at 20:09:21: Hi everyone I've integrated OTRS and LDAP and it worked for a sometime but the integration get broken and i'm reciving this error message...any help please how to solve this ?! Nov 10 20:00:38 localhost OTRS-CGI-62[3438]: [Error][Kernel::System::Auth::LDAP::Auth][Line:167]: Can't connect to dc.hotciscolabs.comhttp://dc.hotciscolabs.com:\ --------------------------------------------------------------------- OTRS mailing list: itsm - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/itsm To unsubscribe: http://lists.otrs.org/mailman/listinfo/itsm --------------------------------------------------------------------- OTRS mailing list: itsm - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/itsm To unsubscribe: http://lists.otrs.org/mailman/listinfo/itsm --------------------------------------------------------------------- OTRS mailing list: itsm - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/itsm To unsubscribe: http://lists.otrs.org/mailman/listinfo/itsm ________________________________ This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. ________________________________

Mahmoud Ramadan Ali

13 Nov 13 Nov

9:58 p.m.

Hi Stanford, I followed that steps by updating the DC name to support SSL and changed the LDAP port but still reciving the same error Nov 13 22:52:22 localhost OTRS-CGI-62[3409]: [Notice][Kernel::System::Auth::DB::Auth] User: mahmoud.ramadan authentication with wrong Pw!!! (Method: sha256, REMOTE_ADDR: 192.168.1.4) Nov 13 22:52:22 localhost OTRS-CGI-62[3409]: [Error][Kernel::System::Auth::LDAP::Auth][Line:167]: Can't connect to ldaps://dc.hotciscolabs.com: IO::Socket::SSL: connect: Connection refused I'm using OTRS ITSM 3.3.10 and didn't explicitly configured SSL with LDAP...i'm afraid that the issue because of I've upgraded OTRS:ITSM because everything was working fine...if u have any ideas please share ! On Wed, Nov 12, 2014 at 6:50 PM, Stanford, Philip N. wrote:

...

Hi Mahmoud

Have you checked using other tools on your OTRS system (eg something like ‘ldapsearch’) that you do have access to the AD LDAP server still?

‘Connection refused’ does sound as if the basic network socket isn’t being established, so could it be that someone has changed a firewall setting between your OTRS system and the AD LDAP server, or decided to enforce SSL access? Other basic tools like ping or traceroute could be useful too just in case something is preventing access to your DC now.

You might try using SSL – I have found that to get this to work I need to specify the host using a URL format rather than just a hostname – eg in line 98 of your Config.pm file you could change

Host => 'dc.hotciscolabs.com',

to

Host => 'ldaps://dc.hotciscolabs.com',

and in line 121 change

port => 389

to

port => 636

That should make OTRS use SSL for the lookup (in version 3.3 anyway).

Regards

Phil

*From:* Mahmoud Ramadan Ali [mailto:cisco.and.more.blog@gmail.com] *Sent:* 12 November 2014 15:46 *To:* OTRS::ITSM User questions and discussions *Subject:* Re: [itsm] OTRS and LDAP Integration get broken

any updates dears ! i'm stuck now

On Tue, Nov 11, 2014 at 9:37 PM, Mahmoud Ramadan Ali < cisco.and.more.blog@gmail.com> wrote:

Hii Dears,

Thanks for the reply but i checked the user and it is not locked or disabled also i'm using Microsoft active directory and do not have ssl configured ...i added the user to the administators and domain admins group without success...i have attached my Config.pm file so u can check it. Please this is urgent so any assistance will be appreciated.

On Tue, Nov 11, 2014 at 11:25 AM, Patrick Bloem wrote:

Hi Mahmoud,

do you check the Active Directory User for the connection?

Maybe is the user is disable or banned from the inactivity policy.

*With best regards*

*Patrick Bloem*

System Administrator

*Von:* itsm-bounces@otrs.org [mailto:itsm-bounces@otrs.org] *Im Auftrag von *Mahmoud Ramadan Ali *Gesendet:* Dienstag, 11. November 2014 10:18 *An:* OTRS::ITSM User questions and discussions *Betreff:* Re: [itsm] OTRS and LDAP Integration get broken

Hiii Marcel,

Thanks for the reply but no i'm not using SSL...i'm integrating this with MS Active directory and the integration worked fine for sometime then get broken...i have uploaded my config file so you can check it ..and thanks in advance...

On Tue, Nov 11, 2014 at 6:56 AM, Marcel Schulte wrote:

Hi Mahmoud,

do you connect to LDAP or LDAPS (with SSL)? In case of LDAPS it could have happened the SSL certificate of your LDAP server has changed and your OTRS does not know how to verify this new cert...

HTH,

Marcel

Mahmoud Ramadan Ali schrieb am Mon Nov 10 2014 at 20:09:21:

Hi everyone I've integrated OTRS and LDAP and it worked for a sometime but the integration get broken and i'm reciving this error message...any help please how to solve this ?! Nov 10 20:00:38 localhost OTRS-CGI-62[3438]: [Error][Kernel::System::Auth::LDAP::Auth][Line:167]: Can't connect to dc.hotciscolabs.com:\

--------------------------------------------------------------------- OTRS mailing list: itsm - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/itsm To unsubscribe: http://lists.otrs.org/mailman/listinfo/itsm

--------------------------------------------------------------------- OTRS mailing list: itsm - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/itsm To unsubscribe: http://lists.otrs.org/mailman/listinfo/itsm

--------------------------------------------------------------------- OTRS mailing list: itsm - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/itsm To unsubscribe: http://lists.otrs.org/mailman/listinfo/itsm

------------------------------ This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. ------------------------------

--------------------------------------------------------------------- OTRS mailing list: itsm - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/itsm To unsubscribe: http://lists.otrs.org/mailman/listinfo/itsm

3958

Age (days ago)

3961

Last active (days ago)

List overview

Download

7 comments

4 participants

participants (4)

Mahmoud Ramadan Ali
Marcel Schulte
Patrick Bloem
Stanford, Philip N.

OTRS and LDAP Integration get broken

tags

participants (4)