Hello everyone.  What a great community.  Maybe after reading ~all~ the archives, I’ll have a super-incredible, totally reliable, never stoppable OTRS system.  I already love it, but I’m a newbie.  However, I have done quite a bit of RTFMing, so my question is not 100% unresearched. I’m just confused.  (Looks like a lot of questions here, but it’s mostly code).

 

I am having trouble connecting OTRS to our domains Global Catalog (running either on 3268 or 3269, depending) so OTRS can authenticate customers through it.

 

A little up front info: 

 

I am running OTRS v. 2.0.3

Our OTRS is running on a Windows 2003 server and has been quite reliable;

Since I want the system to actually be working while I am also tweaking, I am only trying to authenticate the ~customer interface~ through LDAP connecting to our GC;

I have successfully connected an LDAP browser to our GC and can poke around with no issues;

I know you might hate my bold type – especially if viewing in plain text <b> ;) – but, hopefully this makes it easier on the eyes as far as separating the code from the Qs.

 

1) The Windows installer package installs NET::LDAP, but does it install everything I need?  When I have gone through the whole cpan process, a few other things install (like the SSL script which I don’t need right at this moment) I haven’t run the cpan process since this revision of my installation.  The current output of my otrs.checkmodules says I am only missing the required module Date:: Format

 

2) I have tried some of the suggestions, such as placing this in my config.pm:

 

            $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';

 

             # You must first authenticate as a user for the NA domain before you can query the AD and authenticate against it

 

$Self->{'AuthModule::LDAP::Host'} = ‘my.host.com’;

$Self->{'AuthModule::LDAP::BaseDN'} = ‘ou=blah,ou=bblah,dc=example,dc=com’;

$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';  #ß I left that that way

$Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=LAST\, First, ou=blah,ou=bblah,dc=example,dc=com ';

$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'secret';

 

# The following section is for authenticating customer users

# (take care that Net::LDAP is installed!)

 

$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';

$Self->{'Customer::AuthModule::LDAP::Host'} = ‘my.host.com’;

$Self->{'Customer::AuthModule::LDAP::BaseDN'} = ‘ou=blah,ou=bblah,dc=example,dc=com’;

$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName'; #ß I left that that way

$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'CN=LAST\, First,ou=blah,ou=bblah,dc=example,dc=com ';

$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'secret';

 

# Since I have to use port 3268 or 3269 (I understand LDAPS is req’d for 3269), I add the following:

 

# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)

#    $Self->{'AuthModule::LDAP::Params'} = {

            port => 3268,

        timeout => 120,

        async => 0,

        version => 3,

 

AND – I saw this in chapter 11 of the manual and tried it – it came right after the above code in the config.pm:

(http://doc.otrs.org/1.3/en/html/ldap-integration.html)

 

# The following section is for authenticating customer users

# (take care that Net::LDAP is installed!)

 

# CustomerUser

# (customer user ldap backend and settings)

 

$Self->{CustomerUser} = {

    Module => 'Kernel::System::CustomerUser::LDAP',

    Params => {

      Host => 'my.host.com',

      BaseDN => ‘ou=blah,ou=bblah,dc=example,dc=com’,

      SSCOPE => 'sub',

      UserDN =>'CN=LAST\, first,ou=blah,ou=bblah,dc=example,dc=com’;

      UserPW => 'secret’

  },

# customer uniq id

    CustomerKey => 'sAMAccountName',

# customer #

    CustomerID => 'mail',

    CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],

    CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],

    CustomerUserPostMasterSearchFields => ['mail'],

    CustomerUserNameFields => ['givenname', 'sn'],

    Map => [

      # note: Login, Email and CustomerID needed!

      # var, frontend, storage, shown, required, storage-type

#       [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],

      [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],

      [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],

      [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],

      [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],

      [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],

#       [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],

#       [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],

#       [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],

    ],

  };

 

I have heard that in past versions, every user has to be entered into the OTRS db before AD authentication can happen.  I also could be mistaken in that only the initial user being used to authenticate to the GC for the first time needs to be in the OTRS dB

 

3) SO – with all of this failing (Basically Apache won’t start up again), I strip everything out of the config.pm and start fresh, making sure my entries in the admin user interface for Frontend::Customer::Auth and I finally get a promising action that something right is happening, even though it is an error.  I get this software error:

 

IO::Socket::INET: connect: Unknown error at E:/RTCOTRS/otrs//Kernel/System/CustomerAuth/LDAP.pm line 115.

 

And, line 115 tells me:

 

my $LDAP = Net::LDAP->new($Self->{Host}, %{$Self->{Params}}) or die "$@";

 

Does LDAP not like my port?

Is this because I don’t have IO fully installed by the whole “perl –MCPAN –e shell;” command?

 

 

4)       I saw a nice little test someone posted where I try:

 

use strict;

use Net::LDAP;

 

#LDAP Server here

$Host = ‘my.host.com';

 

#Admin name (fully qualified)

$Admin = 'CN=LAST\, First,ou=blah,ou=bblah,dc=example,dc=com';

 

#Admin PW

$AdminPass = 'secret;

 

$Uid = 'employee login'; # Put some user's name here that you want to get info about (does not have to be fully qualified - just the sAMAccountName

 

# Put your searchbase here (dc=example,dc=com)

my $SearchBase = 'OU=blah,OU=bblah,DC=example,DC=com';

 

# Leave it just like that

my $Filter = "sAMAccountName=$Uid";

 

my $LDAP = Net::LDAP->new($Host, port=>3268) or die "Failed to connect to LDAP host!";

$LDAP->bind($Admin, password =$AdminPass) or die "Permission to browse directory denied!";

my $Result = $LDAP->search( base=>$SearchBase, filter=>$Filter ) or die "Failed to retreive user information";

my $UserDN = '';

foreach my $Entry ($Result->all_entries) {

    $UserDN = $Entry->dn();

}

if (!$UserDN) {

print "User: $Uid login failed, no LDAP entry found!

BaseDN='$SearchBase', Filter='$Filter'";

}

 

This resulted in the following output:

 

Global symbol "$Host" requires explicit package name at ldaptest.pl line 5, <DATA> line 225.

Global symbol "$Admin" requires explicit package name at ldaptest.pl line 8, <DATA> line 225.

Global symbol "$AdminPass" requires explicit package name at ldaptest.pl line 11, <DATA> line 225.

Global symbol "$Uid" requires explicit package name at ldaptest.pl line 13, <DATA> line 225.

Global symbol "$Uid" requires explicit package name at ldaptest.pl line 19, <DATA> line 225.

Global symbol "$Host" requires explicit package name at ldaptest.pl line 21, <DATA> line 225.

Global symbol "$Admin" requires explicit package name at ldaptest.pl line 22, <DATA> line 225.

Global symbol "$AdminPass" requires explicit package name at ldaptest.pl line 22, <DATA> line 225.

Global symbol "$Uid" requires explicit package name at ldaptest.pl line 29, <DATA> line 225.

Bareword "password" not allowed while "strict subs" in use at ldaptest.pl line 22, <DATA> line 225.

Execution of ldaptest.pl aborted due to compilation errors.

 

 

It seems to me that I’m close, but missing an essential brain cell.

 

Any thoughts on this?

 

 

Thank you very much for any efforts anyone and everyone makes.

 

Alex Swett