Hi, To use Active Directory as the autneitcator with Otrs, you need to change your config to use sAMAccountName=otrs in stead of uid. AD does not use "uid". To make sure you are using the right LDAP entries, use the LDIFDE -f output.txt to dump the entire AD LDAP tree info to the output.txt file (run this command on your server - or workstation if you have the W2K Resource kit installed). You can then browse through the file to make sure you have the right information regarding your OTRS user. As I recall, to use LDAP, you will need to have the net-ldap utils installed for perl (unless my mind is playing up again...) Here is a dump of our OTRS Kernel/Config.pm AD auth configuration. We take all info from ad, including admin users and customer users. (Some of the fields is wrapped below!) ---------------------- $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self->{'AuthModule::LDAP::Host'} = 'w2k01.dummydomain.dummy.com'; $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=dummydomain,dc=dummy,dc=com'; $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self->{'AuthModule::LDAP::SearchUserDN'} = 'cn=otrs,cn=Users,dc=dummydomain,dc=dummy,dc=com'; $Self->{'AuthModule::LDAP::SearchUserPw'} = 'pass'; # This is an example configuration for an LDAP auth. backend. # (take care that Net::LDAP is installed!) $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self->{'Customer::AuthModule::LDAP::Host'} = 'w2k01.dummydomain.dummy.com'; $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=dummydomain,dc=dummy,dc=com'; $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName'; # The following is valid but would only be necessary if the # anonymous user do NOT have permission to read from the LDAP tree $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=otrsr,cn=Users,dc=dummydomain,dc=dummy,dc=com'; $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'pass'; # (customer user ldap backend and settings) $Self->{CustomerUser} = Module => 'Kernel::System::CustomerUser::LDAP', Params => { # ldap host Host => 'w2k01.dummydomain.dummy.com', # ldap base dn BaseDN => 'dc=domain,dc=dummy,dc=com', # search scope (one|sub) SSCOPE => 'sub', # The following is valid but would only be necessary if the # anonymous user does NOT have permission to read from the LDAP tree UserDN => 'cn=otrs,cn=Users,dc=dummydomain,dc=dummy,dc=com', UserPw => 'pass', }, # customer uniq id CustomerKey => 'sAMAccountName', # customer # CustomerID => 'mail', CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'], CustomerUserPostMasterSearchFields => ['mail'], CustomerUserNameFields => ['givenname', 'sn'], Map => [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown, required, storage-type # [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ], [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ], [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ], [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ], # [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ], # [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ], # [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ], ], };
-----Original Message----- From: Vladimir Gerdjikov [mailto:vladimir.gerdjikov@hebros.bg] Sent: Wednesday, March 17, 2004 9:32 AM To: User questions and discussions about OTRS. Subject: Re: [otrs] CustomerAuth LDAP problem
Robert Kehl wrote:
Find attached the necessary settings for both tasks.
10x, for configs. Everything is more clearer, but I still can't authenticate successeful. Error is: [Notice][Kernel::System::CustomerAuth::LDAP::Auth] CustomerUser: otrs login failed, no LDAP entry found!BaseDN='DC=hebros,DC=bg', Filter='(uid=otrs)'
I suspect that something is wrong with BaseDN when authenticate, but WHAT?! When I use DB authentication for users, I can search (not so goog, may be additional parameters are necessary, but serch is working), therefore my BaseDN is correct.
What about user password? Does password is send in plain text, or password is send with some hash (MD5, SHA-1) to LDAP server (AD in my case). Sorry, but I'm not programmer and can't search through all this pers stuf. This is my first attemt to authenticate someone non windows user through AD and I think that something is missing in my Linux server (PAM module?).
-- Best regards, Vladimir Gerdjikov
Communication and NOS Manager, HebrosBank Head Office, +359 32/903435, +359 888 578 458 KeyID:BC821E9B from http://wwwkeys.uk.pgp.net Fingerprint: 503C 54EE C1B0 B446 DD84 5A3A 4E05 4D62 BC82 1E9B
_______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? => http://www.otrs.de/
DISCLAIMER: This message contains information that may be privileged or confidential and is the property of the Roxar Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorised to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.