Hallo wir sind etwas weiter gekommen. OTRS merkt jetzt schonmal daß wir per LDAP uthentifizieren wollen. Aber es geht immernoch nichtz. Fehlermeldung: Jul 29 13:25:26 COOCGNOTRS001 OTRS-CGI-10[11680]: [Error][Kernel::System::Auth::LDAP::Auth][Line:215]: Search failed! 0000208D: NameErr: DSID-0310020A, prob$ Jul 29 13:25:26 COOCGNOTRS001 OTRS-CGI-10[11680]: [Error][Kernel::System::User::UserLookup][Line:696]: No UserID found for 'otrsldap'! Config.pm: ##agent #Enable LDAP authentication for Customers / Users $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self->{'AuthModule::LDAP::Host'} = 'ServerIP'; $Self->{'AuthModule::LDAP::BaseDN'} = 'ou=Users,dc=domäne,dc=local'; $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName'; #The following is valid but would only be necessary if the #anonymous user do NOT have permission to read from the LDAP tree $Self->{'AuthModule::LDAP::SearchUserDN'} = 'otrsldap'; $Self->{'AuthModule::LDAP::SearchUserPw'} = 'Passwort123'; # UserSyncLDAPMap # (map if agent should create/synced from LDAP to DB after login) $Self->{UserSyncLDAPMap} = { # DB -> LDAP UserFirstname => 'givenName', UserLastname => 'sn', UserEmail => 'mail', }; # UserSyncLDAPGroups # (If "LDAP" was selected="selected" for AuthModule, you can specify # initial user groups for first login.) $Self->{UserSyncLDAPGroups} = [ 'users', ]; # UserTable $Self->{DatabaseUserTable} = 'users'; $Self->{DatabaseUserTableUserID} = 'id'; $Self->{DatabaseUserTableUserPW} = 'pw'; $Self->{DatabaseUserTableUser} = 'login'; ##ende agent ##customer #Enable LDAP authentication for Customers / Users $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self->{'Customer::AuthModule::LDAP::Host'} = 'ServerIP'; $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=Users,dc=domäne,dc=local'; $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName'; #The following is valid but would only be necessary if the #anonymous user do NOT have permission to read from the LDAP tree $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrsldap'; $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'Passwort123'; #CustomerUser #(customer user database backend and settings) $Self->{CustomerUser} = { Module => 'Kernel::System::CustomerUser::LDAP', Params => { Host => 'ServerIP', BaseDN => 'OU=Users,dc=domäne,DC=local', SSCOPE => 'sub', UserDN =>'otrsldap', UserPw => 'Passwort123', }, # customer unique id CustomerKey => 'sAMAccountName', # customer # CustomerID => 'mail', CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchPrefix => '', CustomerUserSearchSuffix => '*', CustomerUserSearchListLimit => 250, CustomerUserPostMasterSearchFields => ['mail'], CustomerUserNameFields => ['givenname', 'sn'], Map => [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown, required, storage-type #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ], [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ], [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ], [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ], [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ], #[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ], #[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ], ], }; ##ende customer Der otrsldap- User ist Domänen- Benutzer und auch Konten-Operator. Und in der Windows- Authzentifizierungszugriffsgruppe. Hat noch jemand eine Idee?