Re: [otrs] OTRS config : LDAP and Consumers

Hi Thanks for your email. I understand that the two parts $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = $SearchUserDN; $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = $SearchUserPw; $Self->{'Customer::AuthModule::LDAP::Host'} = $Host; $Self->{'Customer::AuthModule::LDAP::BaseDN'} = $Base; $Self->{'Customer::AuthModule::LDAP::UID'} = 'uid'; $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'uid'; $Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '(objectclass=posixAccount)'; $Self->{'Customer::AuthModule::LDAP::Params'} = $Params; and $Self->{CustomerUser} = { Name => 'LDAP Backend',         Module => 'Kernel::System::CustomerUser::LDAP',         Params => { ...            [ 'UserComment',    'Comment',    'description',     1, 0, 'var', '', 0 ],        ], } are necessary. Sorry for this mistake. So I put these two parts in my configuration - the first : very similar to the "$Self->{'AuthModule'}" part - the second : very carefully edited from Config/Defaults.pm But I get the same messages when I try to connect - Web interface : Panic, user authenticated but no user data can be found in OTRS DB!! Perhaps the user is invalid. - error_log : Message: No UserID found for 'jma'! It is the same with the line $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'uid'; or with the line $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID'; Regards, Joel Marchand PS : one LDIF entry # jma, people, huma-num.fr dn: uid=jma,ou=people,dc=huma-num,dc=fr uid: jma loginShell: /bin/bash uidNumber: 30001 gidNumber: 30001 mail: joel.marchand@laposte.net gosaMailDeliveryMode: [] o: CNRS supannListeRouge: FALSE dateOfBirth: 1963-08-15 gender: M co: France fdPrivateMail: joel.marchand@laposte.net homeDirectory: /home/jma cn: jma jma sn: jma givenName: jma gecos: jma jma description: TGIR sambaSID: S-1-5-21-134782382-3786202306-2389167217-60003 sambaDomainName: DEFAULT sambaMungedDial: IAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgA CAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAUAAEABoACA ABAEMAdAB4AEMAZgBnAFAAcgBlAHMAZQBuAHQANTUxZTBiYjAYAAgAAQBDAHQAeABDAGYAZwBGAGw AYQBnAHMAMQAwMGUwMDAxMBIACAABAEMAdAB4AFMAaABhAGQAbwB3ADAxMDAwMDAwKgACAAEAQwB0 AHgATQBpAG4ARQBuAGMAcgB5AHAAdABpAG8AbgBMAGUAdgBlAGwAMDA= sambaAcctFlags: [U ] objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: posixAccount objectClass: shadowAccount objectClass: gosaMailAccount objectClass: eduPerson objectClass: supannPerson objectClass: fdPersonalInfo objectClass: sambaSamAccount sambaBadPasswordTime: 0 sambaBadPasswordCount: 0 sambaNTPassword: xxxxxxxxxxxxxxxxxxxxxxxxx sambaPwdLastSet: 1478193536 Le Fri, Nov 04, 2016 at 08:38:46AM -0400, Gerald Young disait :

Just for reference, I wrote this old post: http://forums.otterhub.org/ viewtopic.php?t=16543

The following are important:     $Self->{'Customer::AuthModule::LDAP::UID'} = 'uid';     $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID';

You can change these to mail if you want to try differently.

On Fri, Nov 4, 2016 at 5:52 AM, Joel Marchand wrote:

        Hello,

My config : Linux CentOS 7 - otrs-5.0.13-01 (from rpm) - OpenLDAP 2.4

I have configured OTRS to use LDAP for the Agents authentification. It is OK.

I want to do the same for the Consumers. I read many examples, but without success.

1/ in the Administration/Consumers panel, I see all my LDAP users like :

jjma2 jma2 jma2         jma2@jma2.com   jma2@jma2.com

2/ when I try to login with an LDAP id, I get these message

         Panic, user authenticated but no user data can be found in OTRS DB!! Perhaps the user is invalid.

3/ and in /var/log/httpd/error.log, I get

ERROR: OTRS-CGI-38 Perl: 5.16.3 OS: linux Time: Fri Nov  4 10:40:31 2016

 Message: No UserID found for 'jjma2'!

 RemoteAddress: 109.190.22.197  RequestURI: /otrs/index.pl

 Traceback (19414):    Module: Kernel::System::User::UserLookup Line: 935    Module: Kernel::System::Auth::Auth Line: 206    Module: Kernel::System::Web::InterfaceAgent::Run Line: 228    Module: ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_ 2dbin_index_2epl::handler Line: 40    Module: (eval) (v1.99) Line: 207    Module: ModPerl::RegistryCooker::run (v1.99) Line: 207    Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 173    Module: ModPerl::Registry::handler (v1.99) Line: 32

ERROR: OTRS-CGI-38 Perl: 5.16.3 OS: linux Time: Fri Nov  4 10:40:31 2016

 Message: No UserID found for 'jjma2'!

 RemoteAddress: 109.190.22.197  RequestURI: /otrs/index.pl

 Traceback (19414):    Module: Kernel::System::User::UserLookup Line: 935    Module: Kernel::System::Auth::Auth Line: 305    Module: Kernel::System::Web::InterfaceAgent::Run Line: 228    Module: ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_ 2dbin_index_2epl::handler Line: 40    Module: (eval) (v1.99) Line: 207    Module: ModPerl::RegistryCooker::run (v1.99) Line: 207    Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 173    Module: ModPerl::Registry::handler (v1.99) Line: 32

My config is below.

Where is my mistake ?

Thanks a lot for any suggestion.

        Joel Marchand

   $Self->{CustomerUser} = {        Name => 'LDAP Backend',        Module => 'Kernel::System::CustomerUser::LDAP',        Params => {            # ldap host            Host => 'ldaps://ldapr1.huma-num.fr:636/',            # ldap base dn            BaseDN => 'dc=huma-num,dc=fr',            # search scope (one|sub)            SSCOPE => 'sub',            # The following is valid but would only be necessary if the            # anonymous user does NOT have permission to read from the LDAP tree            UserDN => 'cn=otrs,ou=dsa,dc=huma-num,dc=fr',            UserPw => 'xxxx',            # in case you want to add always one filter to each ldap query, use            # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'            AlwaysFilter => '(objectclass=posixAccount)',            # if the charset of your ldap server is iso-8859-1, use this:            # SourceCharset => 'iso-8859-1',            # die if backend can't work, e. g. can't connect to server            Die => 1,            # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)            Params => {                port    => 636,                timeout => 120,                async   => 0,                version => 3,                 cafile => '/etc/ssl/certs/star_huma-num_ fr-intermediate.pem',                 clientcert => '/etc/ssl/certs/star_huma-num_fr.pem',                 clientkey => '/etc/ssl/private/star_huma-num_fr.key',            },        },        # customer unique id        CustomerKey => 'uid',        # customer #        CustomerID => 'mail',        CustomerUserListFields => ['cn', 'mail'],        CustomerUserSearchFields => ['uid', 'cn', 'mail'],        CustomerUserSearchPrefix => '',        CustomerUserSearchSuffix => '*',        CustomerUserSearchListLimit => 250,        CustomerUserPostMasterSearchFields => ['mail'],        CustomerUserNameFields => ['givenname', 'sn'],        # show now own tickets in customer panel, CompanyTickets        CustomerUserExcludePrimaryCustomerID => 0,        # add a ldap filter for valid users (expert setting)        # CustomerUserValidFilter => '(!(description=gesperrt))',        # admin can't change customer preferences        AdminSetPreferences => 0,        # cache time to live in sec. - cache any ldap queries        CacheTTL => 0,        Map => [            # note: Login, Email and CustomerID needed!            # var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly            [ 'UserTitle',      'Title',      'title',           1, 0, 'var', '', 0 ],            [ 'UserFirstname',  'Firstname',  'givenname',       1, 1, 'var', '', 0 ],            [ 'UserLastname',   'Lastname',   'sn',              1, 1, 'var', '', 0 ],            [ 'UserLogin',      'Username',   'uid',             1, 1, 'var', '', 0 ],            [ 'UserEmail',      'Email',      'mail',            1, 1, 'var', '', 0 ],            [ 'UserCustomerID', 'CustomerID', 'mail',            0, 1, 'var', '', 0 ],            # [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1, 0, 'var', '', 0 ],            [ 'UserPhone',      'Phone',      'telephonenumber', 1, 0, 'var', '', 0 ],            [ 'UserAddress',    'Address',    'postaladdress',   1, 0, 'var', '', 0 ],            [ 'UserComment',    'Comment',    'description',     1, 0, 'var', '', 0 ],        ],    };

PS : I try also

    $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';     $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=otrs,ou= dsa,dc=huma-num,dc=fr';     $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'xxx';     $Self->{'Customer::AuthModule::LDAP::Host'} = ['ldaps:// ldapr1.huma-num.fr:636/','ldaps://ldapr2.huma-num.fr:636/'];     $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=huma-num,dc=fr';     $Self->{'Customer::AuthModule::LDAP::UID'} = 'uid';     $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID';     $Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '(objectclass= posixAccount)';     $Self->{'Customer::AuthModule::LDAP::Params'} = {         port => 636,         timeout => 120,         async => 0,         version => 3,         cafile => '/etc/ssl/certs/star_huma-num_fr-intermediate.pem',         clientcert => '/etc/ssl/certs/star_huma-num_fr.pem',         clientkey => '/etc/ssl/private/star_huma-num_fr.key',     };

-> with this configuration, I don't see the LDAP accounts in the Administration/Customers panel.

-- Très Grande Infrastructure de Recherche Huma-Num - CNRS UMS 3598 3ème étage - bureau 303 - CS n°71345 196 avenue de France - 75648 PARIS CEDEX 13 Tél : 01 49 54 83 09  - http://www.huma-num.fr/personne/joel-marchand --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/mailman/listinfo/otrs