Hi,
First post, please be gentle... ;-)
Don't know that much about it, but a few
ideas:
The "hd\xpinstall" UID i think is wrong. The UID, i believe, is
used to decide which LDAP Property that is used as UID.
In the case of a Windows AD domain, it's usually "sAMAccountName" or
"userPrincipalName".
That might give you the "Bad filter" message.
Does the filter/search string show up in the log?
Also, i think the "CustomerID => 'o'" usually reads "CustomerID => 'mail'", to use the e-mail from LDAP as customerID in the OTRS DB.
The issue that Tim had back then...
The
error message seem to indicate that he was logging on using "userPrincipalName"
(<username>@<dom>.<dom>) instead of "sAMAccountName"
(<username>), which might have worked if the "UID" and "CustomerKey" was
set to "userPrincipalName" instead of "sAMAccountName".
Hope that helps you along...
--
/Sune
________________________________
From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On Behalf
Of Arnold, Andrew
Sent: Thursday, November 23, 2006 2:13
PM
To: otrs@otrs.org
Subject:
[otrs] Customer LDAP to AD Authentication - close, but not working
Please see mail below from Tim Miller: I too have a similar
problem, ("Login
failed! Your username or password was
entered incorrectly". on the customer.pl web page) but I get the following entry
in log file:
[Thu Nov 23 13:06:23
2006][Error][Kernel::System::CustomerAuth::LDAP::Auth][141] Search failed! Bad
filter
Any ideas people
please:
Thanks a lot:
Andrew
(please see LDAP entries in my
Config.pm)
# AA Customer
Authentication #
$Self->{'Customer::AuthModule'} =
'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} =
'128.30.1.50';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} =
'dc=hq,dc=office,dc=hd,dc=com';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'hd\xpinstall';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} =
'cn=xpinstall,ou=Support,ou=IT,OU=HD,dc=hq,dc=office,dc=hd,dc=com';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = '******starred
out*';
# Getting Customer
Info #
$Self->{CustomerUser} = {
Module =>
'Kernel::System::CustomerUser::LDAP',
Params => {
Host =>
'128.30.1.50',
BaseDN
=> 'dc=hq,dc=office,dc=hd,dc=com',
SSCOPE => 'sub',
UserDN =>
'cn=xpinstall,ou=Support,ou=IT,OU=HD,dc=hq,dc=office,dc=hd,dc=com',
UserPw => '******starred
out*',
},
CustomerKey => 'sAMAccountName',
CustomerID => 'o',
CustomerUserListFields => ['cn'],
CustomerUserSearchFields => ['sAMAccountName',
'cn', 'mail'],
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname',
'sn'],
Map => [
# note: Login, Email and CustomerID
needed!
# var, frontend,
storage, shown, required, storage-type
# [ 'UserSalutation', 'Title',
'title', 1, 0, 'var' ],
[
'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1,
'var' ],
[ 'UserLogin',
'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1,
'var' ],
[
'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
[ 'UserPhone', 'Phone',
'telephonenumber', 1, 0, 'var' ],
# [ 'UserAddress', 'Address',
'postaladdress', 1, 0, 'var' ],
[ 'UserComment', 'Comment',
'description', 1, 0, 'var' ],
],
};
(Mail from Tim Miller
I am having trouble getting the customers to be able to
authenticate and
log in to the customer.pl web
page. I am trying to use LDAP to
authenticate. From the agent side, my LDAP searches are working
fine.
If I search for a customer by name to create a new
ticket, I get a
complete list of possible names back
from the LDAP search.
However, when the customers attempt to log in, all I get
is "Login
failed! Your username or password was
entered incorrectly". I know the
username and
password is correct, but I keep getting this error. In the
System log, I get the following message, "CustomerUser:
jdoe at dbtamerica.local <http://lists.otrs.org/cgi-bin/listinfo/otrs>
authentification failed, no LDAP entry
found!BaseDN='dc=dbtamerica,dc=local',
Filter='(&(sAMAccountName=jdoe at dbtamerica.local <http://lists.otrs.org/cgi-bin/listinfo/otrs>
)(!objectclass=computer))
', (REMOTE_ADDR: 10.222.128.53)."
I have a J Doe account in my AD that I use for testing, the
account
exists and I am using the correct password.
Do I have to use the PosixGroups lines in the Config.pm
file? I am
currently not using these at all, but
my understanding is that it should
work without
them. Do I have to create a group in AD, or specify that
the "domain users" group is allowed access?
Any advice is greatly appreciated, this is our last major hurdle
to get
over, so far we love the package, but we really
want the AD
authentication to work.
With Best Regards,
Tim )
Andrew Arnold
IT Support Analyst
hammondsdirect
DDI 01274 764677
Mob 07946 459179
mailto:andrew.arnold@hammondsdirect.com
This message is confidential and
may be legally privileged or otherwise protected from disclosure. If you
are not the intended recipient, please telephone or email the sender and delete
this message and any attachment from your system; you must not copy or disclose
the contents of this message or any attachment to any other person.
Copyright in documents created by or on behalf of this firm remains vested in the firm, and we assert our moral rights, unless the terms of our relevant client's engagement provide otherwise.
HammondsDirect is regulated in the United Kingdom by the Law Society. The partners in the firm are either solicitors or registered foreign lawyers and a list of their names and professional qualifications can be inspected at Pennine House, Well Street, Bradford, BD1 5NU.
This e-mail has been scanned for all viruses on behalf of HammondsDirect by Integralis e:scan.