OTRS2.3.4 mit LDAP gegen AD Auth klappt nicht
Hallo, ich beschäftige mich erst kurz mit OTRS. Zur Zeit bereitet mir die Konfiguration von LDAP Probleme. Ich send mal mein Configfile. Ich bin sicher, Ihr findet den Fehler : # -- # Kernel/Config.pm - Config file for OTRS kernel # Copyright (C) 2001-2008 OTRS AG, http://otrs.org/ [http://otrs.org/] # -- # $Id: Config.pm.dist,v 1.20 2008/03/07 16:50:44 martin Exp $ # -- # This software comes with ABSOLUTELY NO WARRANTY. For details, see # the enclosed file COPYING for license information (GPL). If you # did not receive this file, see http://www.gnu.org/licenses/gpl-2.0.txt [http://www.gnu.org/licenses/gpl-2.0.txt]. # -- # Note: # # -->> OTRS does have a lot of config settings. For more settings # (Notifications, Ticket::ViewAccelerator, Ticket::NumberGenerator, # LDAP, PostMaster, Session, Preferences, ...) see # Kernel/Config/Defaults.pm and copy your wanted lines into "this" # config file. This file will not be changed on update! # # -- package Kernel::Config; sub Load { my $Self = shift; # ---------------------------------------------------- # # ---------------------------------------------------- # # # # Start of your own config options!!! # # # # ---------------------------------------------------- # # ---------------------------------------------------- # # ---------------------------------------------------- # # database settings # # ---------------------------------------------------- # # DatabaseHost # (The database host.) $Self->{'DatabaseHost'} = 'localhost'; # Database # (The database name.) $Self->{'Database'} = 'otrs'; # DatabaseUser # (The database user.) $Self->{'DatabaseUser'} = 'otrs'; # DatabasePw # (The password of database user. You also can use bin/CryptPassword.pl # for crypted passwords.) $Self->{'DatabasePw'} = 'hot'; # DatabaseDSN # (The database DSN for MySQL ==> more: "man DBD::mysql") $Self->{DatabaseDSN} = "DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost};"; # (The database DSN for PostgreSQL ==> more: "man DBD::Pg") # if you want to use a local socket connection # $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};"; # if you want to use a tcpip connection # $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};host=$Self->{DatabaseHost};"; # ---------------------------------------------------- # # fs root directory # ---------------------------------------------------- # $Self->{Home} = '/opt/otrs'; # ---------------------------------------------------- # # insert your own config settings "here" # # config settings taken from Kernel/Config/Defaults.pm # # ---------------------------------------------------- # # $Self->{SessionUseCookie} = 0; # $Self->{'CheckMXRecord'} = 1; # ---------------------------------------------------- # # ---------------------------------------------------- # # data inserted by installer # # ---------------------------------------------------- # # $DIBI$ $Self->{'SystemID'} = 10; $Self->{'SecureMode'} = 1; $Self->{'Organization'} = ''; $Self->{'LogModule::LogFile'} = '/tmp/otrs.log'; $Self->{'LogModule'} = 'Kernel::System::Log::SysLog'; $Self->{'FQDN'} = 'ubuntu-nagios.alexianer.dc'; $Self->{'DefaultLanguage'} = 'de'; $Self->{'AdminEmail'} = 'r.wanke@alexianer.de' [mailto:'r.wanke@alexianer.de']; $Self->{'DefaultCharset'} = 'utf-8'; #we want to use LDAP for Auth $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self->{'AuthModule::LDAP::Host'} = 'xx.xx.xx.xx'; $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=alexianer,dc=dc'; $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName'; #The username and password of the user you setup to access LDAP information in AD $Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=otrs,OU=DaKS,OU=Muenster,DC=alexianer,DC=de'; $Self->{'AuthModule::LDAP::SearchUserPw'} = 'xxxx'; #We want our Customer/users to Auth using LDAP $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self->{'Customer::AuthModule::LDAP::Host'} = '10.12.4.10'; $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'DC=alexianer,DC=dc'; $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'CN=otrs,OU=DaKS,OU=Muenster,DC=alexianer,DC=dc'; $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'xxxx'; $Self->{CustomerUser} = { Module => 'Kernel::System::CustomerUser::LDAP', Params => { Host => '10.12.4.10', BaseDN => 'DC=alexianer,DC=de', SSCOPE => 'sub', UserDN => 'CN=otrs,OU=DaKS,OU=Muenster,DC=alexianer,DC=dc', UserPw => 'xxxx', }, CustomerKey => 'sAMAccountName', CustomerID => 'userPrincipalName', CustomerUserListFields => ['displayName', 'userPrincipalName'], CustomerUserSearchFields => ['displayName', 'userPrincipalName'], CustomerUserPostMasterSearchFields => userPrincipalName, CustomerUserNameFields => ['givenName', 'sn'], #the following must map to valid fields in your AD (givenname,sn,sAMAccountName,...) Map => [ [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ], [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ], [ 'UserEmail', 'Email', 'userPrincipalName', 1, 1, 'var' ], [ 'UserCustomerID', 'CustomerID', 'userPrincipalName', 0, 1, 'var' ], ], }; #OK now lets have our agents use LDAP $Self->{'AuthModule::LDAP::GroupDN'} = 'DC=alexianer,DC=dc'; $Self->{'AuthModule::LDAP::AccessAttr'} = 'member'; $Self->{'AuthModule::LDAP::UserAttr'} = 'CN=otrs,OU=DaKS,OU=Muenster,DC=alexianer,DC=dc'; $Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'DC=alexianer,DC=dc'; $Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member'; $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'CN=otrs,OU=DaKS,OU=Muenster,DC=alexianer,DC=dc'; # UserSyncLDAPMap # (map if agent should create/synced from LDAP to DB after login must match your AD) $Self->{UserSyncLDAPMap} = { # DB -> LDAP Firstname => 'givenName', Lastname => 'sn', Email => 'userPrincipalName', }; # UserSyncLDAPGroups # (If "LDAP" was selected for AuthModule, you can specify # initial user groups for first login.) $Self->{UserSyncLDAPGroups} = [ 'users', ]; <snip> ##################### End of Config.pm #################### # ---------------------------------------------------- # # ---------------------------------------------------- # # # # End of your own config options!!! # # # # ---------------------------------------------------- # # ---------------------------------------------------- # } # ---------------------------------------------------- # # needed system stuff (don't edit this) # # ---------------------------------------------------- # use strict; use warnings; use vars qw(@ISA $VERSION); use Kernel::Config::Defaults; push (@ISA, 'Kernel::Config::Defaults'); use vars qw(@ISA $VERSION); $VERSION = qw($Revision: 1.20 $)[1]; # -----------------------------------------------------# 1; Fehlermeldung mit LOG: Jun 29 14:28:03 ubuntu-nagios OTRS-CGI-10[10169]: [Error][Kernel::System::Auth::LDAP::Auth][Line:191]: First bind failed! 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece kommt die Fehlermeldung FIRST BIND FAILED Gruß Rüdiger
Hallo Rüdiger, ich tippe auf die zwei Variablen: $Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=otrs,OU=DaKS,OU=Muenster,DC=alexianer,DC=de'; $Self->{'AuthModule::LDAP::SearchUserPw'} = 'xxxx'; Um in ADS suchen zu können, muss man sich anmelden, es sei denn, die anonyme Suche ist in ADS explizit erlaubt, was standardmäßig (zumindest ab MS Server 2003) nicht der Fall ist. Die OTRS nutzt dafür die Daten, die in den zwei Variablen stehen. Überprüfe bitte, ob die richtig sind. Am besten versuchst du es auf der Kommandozeile, ob es mit ldapsearch klappt, wenn du dich mit dem obigen User anzumelden versuchst. Gruß Hermann Maurer
Von: otrs-de-bounces@otrs.org [mailto:otrs-de-bounces@otrs.org] Im Auftrag von ruediger.wanke@web.de Gesendet: Montag, 29. Juni 2009 14:40 An: otrs-de@otrs.org Betreff: [otrs-de] OTRS2.3.4 mit LDAP gegen AD Auth klappt nicht
Hallo,
[skipped..]
Gruß Rüdiger
participants (2)
-
Maurer, Hermann -
ruediger.wanke@web.de