Hi Bjørn,
 
Isn't there anything else in the log that might indicate what goes wrong?
 
Ideas (even though i'm no expert in this area):
 
Make sure that your AD users have populated the fields you're trying to use (sync).
 
As i have understood the process, any fields (firstname, lastname and so on) configured in OTRS as required, must be mapped to an AD/LDAP property, and this property must be populated in AD/LDAP.
Otherwise the "Panic" might show up.
 
I'm using (for agent auth):
 

    $Self->{UserSyncLDAPMap} = [

      Firstname => 'givenName',

      Lastname => 'sn',

      Email => 'mail',

    ];

 
That means that i must make sure that the "givenName", "sn" and "mail" fields are populated in AD before it will work.
 
Let me know if you'd like an example config.
 
--
/Sune
 
 

 

From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On Behalf Of Bjørn Ingmar Berg
Sent: Monday, March 05, 2007 10:28 AM
To: otrs@otrs.org
Subject: [otrs] OTRS 2.1.5 and LDAP

Hello

 

 

I am very new to OTRS and have ran into a problem I'm unable to figure out as yet.

I am trying to set up a helpdesk system for a small "kommune" in Norway, and I'd like both agent and user authentication to be done against the AD server via LDAP.

 

Right now agents can log in and get authenticated by the Radius server, but this demands that their personal information is already entered in OTRS.

Normal users get authenticated via LDAP but unless they too are already registered they get the error message "Panic! No UserData!!!".  In the system log these attempts show up as

notice OTRS-CGI-10 CustomerUser: pers authentification ok (REMOTE_ADDR: 192.168.105.107).

(pers is the ID of the testuser.)

The plan is that as soon as authentication against LDAP works well I'll stop using Radius.

 

I guess that my problem is connected to mapping from LDAP to OTRS and problems with copying the content of the fields from one to the other.  After a little googling I found that this has been discussed before.  I edited the file shown at http://www.mail-archive.com/otrs@otrs.org/msg16539.html and tried using that, but alas it didn't work out.

 

I feel at a dead end right now, and would really appreciate som input on where I went wrong and what I need to do.

 

( And an extra query: It seems some examples off the net have [ and ] whereas others have { and }.  Does it matter which one I use? )

 

 

 

My feebly modified Config.pm looks like this:

 

******************** Paste begin ****************************************

 

# --

# Kernel/Config.pm - Config file for OTRS kernel

# Copyright (C) 2001-2006 OTRS GmbH, http://otrs.org/

# --

# $Id: Config.pm.dist,v 1.18 2006/09/07 16:15:41 mh Exp $

# --

# This software comes with ABSOLUTELY NO WARRANTY. For details, see

# the enclosed file COPYING for license information (GPL). If you

# did not receive this file, see http://www.gnu.org/licenses/gpl.txt.

# --

#  Note:

#

#  -->> OTRS does have a lot of config settings. For more settings

#       (Notifications, Ticket::ViewAccelerator, Ticket::NumberGenerator,

#       LDAP, PostMaster, Session, Preferences, ...) see

#       Kernel/Config/Defaults.pm and copy your wanted lines into "this"

#       config file. This file will not be changed on update!

#

# --

 

package Kernel::Config;

 

sub Load {

    my $Self = shift;

    # ---------------------------------------------------- #

    # ---------------------------------------------------- #

    #                                                      #

    #         Start of your own config options!!!          #

    #                                                      #

    # ---------------------------------------------------- #

    # ---------------------------------------------------- #

 

    # This is example configuration to auth. agents against a radius server

    $Self->{'AuthModule'} = 'Kernel::System::Auth::Radius';

    $Self->{'AuthModule::Radius::Host'} = '192.168.105.3';

    $Self->{'AuthModule::Radius::Password'} = 'PASSWORD';

 

 

    # This is an example configuration for an LDAP auth. backend.

    # (take care that Net::LDAP is installed!)

     $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';

     $Self->{'Customer::AuthModule::LDAP::Host'} = '192.168.105.3';

     $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=grueopen,dc=lokal';

     $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';

 

    # Check if the user is allowed to auth in a posixGroup

    # (e. g. user needs to be in a group xyz to use otrs)

    # $Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'cn=otrsallow,ou=posixGroups,dc=example,dc=com';

    # $Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'memberUid';

    # for ldap posixGroups objectclass (just uid)

    # $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID';

    # for non ldap posixGroups objectclass (full user dn)

    # $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN';

 

    # The following is valid but would only be necessary if the

    # anonymous user do NOT have permission to read from the LDAP tree

    $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=otrs otrs,cn=users,dc=grueopen,dc=lokal';

    $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = ' PASSWORD ';

 

    # in case you want to add always one filter to each ldap query, use

    # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'

    # $Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '';

 

    # in case you want to add a suffix to each customer login name, then

    # you can use this option. e. g. user just want to use user but

    # in your ldap directory exists user@domain.

    # $Self->{'Customer::AuthModule::LDAP::UserSuffix'} = '@domain.com';

 

    $Self->{UserSyncLDAPMap} = [

      Username => 'sAMAccountName',

      Firstname => 'givenName',

      Lastname => 'sn',

      Email => 'mail',

      CustomerID => 'mail',

    ];

 

    # UserSyncLDAPGroups

    # (If "LDAP" was selected for AuthModule, you can specify inital

    # user groups for first login.)

    $Self->{UserSyncLDAPGroups} = [

        'users',

    ];

 

    # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)

    $Self->{'Customer::AuthModule::LDAP::Params'} = {

        port => 389,

        timeout => 120,

        async => 0,

        version => 3,

    };

 

 

    # ---------------------------------------------------- #

    # database settings                                    #

    # ---------------------------------------------------- #

    # DatabaseHost

    # (The database host.)

    $Self->{'DatabaseHost'} = 'localhost';

    # Database

    # (The database name.)

    $Self->{'Database'} = 'otrs';

    # DatabaseUser

    # (The database user.)

    $Self->{'DatabaseUser'} = 'otrs';

    # DatabasePw

    # (The password of database user. You also can use bin/CryptPassword.pl

    # for crypted passwords.)

    $Self->{'DatabasePw'} = 'tuib75';

    # DatabaseDSN

    # (The database DSN for MySQL ==> more: "man DBD::mysql")

    $Self->{DatabaseDSN} = "DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost};";

 

( Rest of file skipped)

 

******************** Paste end ****************************************

 

 

Kind regards,

Bjørn Ingmar Berg