Hallo,

ich würde mal bei der Fehlermeldung mal folgendes versuchen:

#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'uid=otrsldap,ou=Users,dc=domäne,dc=local';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'Passwort123';

Kann sein, dass 'ou=Users,dc=domäne,dc=local' bei einer Windows Domäne abweicht.
Am besten mal ein ldapsearch über die AD laufen lassen und die richtige DN des otrsldap Users rausfinden.

otrs-de-bounces@otrs.org wrote on 29.07.2010 11:31:55:

> Re: [otrs-de] AD-Anbindung
>
> Boris Wagener
>
> to:
>
> User questions and discussions about OTRS.org in German
>
> 29.07.2010 11:32
>
> Sent by:
>
> otrs-de-bounces@otrs.org
>
> [image removed]
>
> From:
>
> "Boris Wagener" <BorisWagener@gmx.de>
>
> To:
>
> "User questions and discussions about OTRS.org in German" <otrs-de@otrs.org>
>
> Sent by:
>
> otrs-de-bounces@otrs.org
>
> Please respond to "User questions and discussions about OTRS.org in
> German" <otrs-de@otrs.org>
>
> Hallo
> wir sind etwas weiter gekommen.
> OTRS merkt jetzt schonmal daß wir per LDAP uthentifizieren wollen.
> Aber es geht immernoch nichtz.
>
> Fehlermeldung:
> Jul 29 13:25:26 COOCGNOTRS001 OTRS-CGI-10[11680]: [Error]
> [Kernel::System::Auth::LDAP::Auth][Line:215]: Search failed!
> 0000208D: NameErr: DSID-0310020A, prob$
> Jul 29 13:25:26 COOCGNOTRS001 OTRS-CGI-10[11680]: [Error]
> [Kernel::System::User::UserLookup][Line:696]: No UserID found for 'otrsldap'!
>
>
> Config.pm:
>     ##agent
>
>     #Enable LDAP authentication for Customers / Users
>     $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
>     $Self->{'AuthModule::LDAP::Host'} = 'ServerIP';
>     $Self->{'AuthModule::LDAP::BaseDN'} = 'ou=Users,dc=domäne,dc=local';
>     $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
>
>     #The following is valid but would only be necessary if the
>     #anonymous user do NOT have permission to read from the LDAP tree
>     $Self->{'AuthModule::LDAP::SearchUserDN'} = 'otrsldap';
>     $Self->{'AuthModule::LDAP::SearchUserPw'} = 'Passwort123';
>
>     # UserSyncLDAPMap
>     # (map if agent should create/synced from LDAP to DB after login)
>     $Self->{UserSyncLDAPMap} = {
>     # DB -> LDAP
>     UserFirstname => 'givenName',
>     UserLastname => 'sn',
>     UserEmail => 'mail',
>     };
>
>     # UserSyncLDAPGroups
>     # (If "LDAP" was selected="selected" for AuthModule, you can specify
>     # initial user groups for first login.)
>     $Self->{UserSyncLDAPGroups} = [
>     'users',
>     ];
>
>     # UserTable
>     $Self->{DatabaseUserTable} = 'users';
>     $Self->{DatabaseUserTableUserID} = 'id';
>     $Self->{DatabaseUserTableUserPW} = 'pw';
>     $Self->{DatabaseUserTableUser} = 'login';
>
>     ##ende agent
>     ##customer
>     #Enable LDAP authentication for Customers / Users
>     $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
>     $Self->{'Customer::AuthModule::LDAP::Host'} = 'ServerIP';
>     $Self->{'Customer::AuthModule::LDAP::BaseDN'} =
> 'ou=Users,dc=domäne,dc=local';
>     $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
>
>     #The following is valid but would only be necessary if the
>     #anonymous user do NOT have permission to read from the LDAP tree
>     $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrsldap';
>     $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'Passwort123';
>
>  #CustomerUser
>     #(customer user database backend and settings)
>     $Self->{CustomerUser} = {
>     Module => 'Kernel::System::CustomerUser::LDAP',
>     Params => {
>     Host => 'ServerIP',
>     BaseDN => 'OU=Users,dc=domäne,DC=local',
>     SSCOPE => 'sub',
>     UserDN =>'otrsldap',
>     UserPw => 'Passwort123',
>     },
>     # customer unique id
>     CustomerKey => 'sAMAccountName',
>     # customer #
>     CustomerID => 'mail',
>     CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
>     CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
>     CustomerUserSearchPrefix => '',
>     CustomerUserSearchSuffix => '*',
>     CustomerUserSearchListLimit => 250,
>     CustomerUserPostMasterSearchFields => ['mail'],
>     CustomerUserNameFields => ['givenname', 'sn'],
>     Map => [
>     # note: Login, Email and CustomerID needed!
>     # var, frontend, storage, shown, required, storage-type
>     #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
>     [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
>     [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
>     [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
>     [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
>     [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
>     [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
>     #[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
>     #[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
>     ],
>     };
>     ##ende customer
>
> Der otrsldap- User ist Domänen- Benutzer und auch Konten-Operator.
> Und in der Windows- Authzentifizierungszugriffsgruppe.
>
> Hat noch jemand eine Idee?
> ---------------------------------------------------------------------
> OTRS mailing list: otrs-de - Webpage: http://otrs.org/
> Archive: http://lists.otrs.org/pipermail/otrs-de
> To unsubscribe: http://lists.otrs.org/mailman/listinfo/otrs-de
>
> NEU! ENTERPRISE SUBSCRIPTION - JETZT informieren und buchen!
> http://www.otrs.com/de/support/enterprise-subscription/


Mit freundlichen Grüßen,
Alexander Neufeld
Systemadministration

--

tel: +49 7031-6205-454
fax: +49 7031-6205-555
Alexander.Neufeld@compart.net

Compart AG
Otto-Lilienthal-Straße 38
71034 Böblingen
Germany
http://www.compart.net

Vorstand/Executive Board: Harald Grumser (Vorsitzender/Chairman), Christof Mayer, Peter Hopf, Jörg Palmer
Aufsichtsratsvorsitzender/Chairman of the Supervisory Board: Reinhard Hamburger

Sitz der Gesellschaft/Registered Office: Böblingen
Handelsregister/Commercial Register: Amtsgericht Stuttgart, HRB 728307

Bitte beachten Sie: Diese E-Mail ist nur für den genannten Empfänger bestimmt und kann vertrauliche und/oder rechtlich geschützte Informationen enthalten. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, unterlassen Sie bitte das Lesen, Kopieren oder die Weitergabe der in dieser E-Mail enthaltenen Informationen an Dritte. Bitte verständigen Sie sofort den Absender und löschen anschließend die E-Mail  und hiervon gegebenenfalls existierende Kopien. Vielen Dank.

Please note. This email and any files transmitted with it is intended only for the named recipient and may contain confidential and/or privileged information. If you are not the intended recipient, please do not read, copy use or disclose the contents of this communication to others and notify the sender immediately. Then please delete the email and any copies of it. Thank you.