Robert Kehl wrote:
Just follow them thoroughly, leaving not a bit aside when trying to copy examples to your Config.pm.
You may also try to thoroughly follow the advices given in the various messages on this list mentioning 'active' and 'directory'. Or best: both. There must be some. S-}
10x for your replay. Of course, this is not everything from my config. I'm sorry, my mistake, I've not post everything (I'm afraid this will be large and unreadable post). And yes, I've done everything described in manuals and read everything in this list (searching LDAP, "directory", "active" adn so on), but with negative result. Now complete story. Here is my full LDAP coniguration: # ***** # This is an example configuration for an LDAP auth. backend. # (take care that Net::LDAP is installed!) # $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self->{'Customer::AuthModule'} = Kernel::System::CustomerAuth::LDAP'; #$Self->{'Customer::AuthModule::LDAP::Host'} = 'ldap.example.com'; #$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=example,dc=com'; #$Self->{'Customer::AuthModule::LDAP::UID'} = 'uid'; $Self->{'AuthModule::LDAP::Host'} = 'heb-hdo-dc-03.hebros.bg'; $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=hebros,dc=bg'; $Self->{'AuthModule::LDAP::UID'} = 'uid'; # $Self->{'AuthModule::LDAP::UserAttr'} = 'UID'; # non Anonumous login, searching $Self->{'AuthModule::LDAP::SearchUserDN'} = 'cn=OTRS,ou=Service Users,ou=HeadOffice,dc=hebros,dc=bg'; CustomerUser (customer user ldap backend and settings) $Self->{CustomerUser} = { Name => 'LDAP Source', Module => 'Kernel::System::CustomerUser::LDAP', Params => { # ldap host Host => 'heb-hdo-dc-03.hebros.bg', # ldap base dn BaseDN => 'dc=hebros,dc=bg', # search scope (one|sub) SSCOPE => 'sub', # The following is valid but would only be necessary if the # anonymous user does NOT have permission to read from the LDAP tree UserDN => 'cn=OTRS,ou=Service Users,ou=HeadOffice,dc=hebros,dc=bg', UserPw => 'XXXXXXX', # in case you want to add always one filter to each ldap query, use # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)' AlwaysFilter => '', # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP) Params => { port => 389, version => 3, }, }, # customer uniq id CustomerKey => 'uid', # customer # CustomerID => 'mail', CustomerUserListFields => ['uid', 'cn', 'mail'], CustomerUserSearchFields => ['uid', 'cn', 'mail'], CustomerUserPostMasterSearchFields => ['mail'], CustomerUserNameFields => ['givenname', 'sn'], Map => [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown, required, storage-type [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ], [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ], [ 'UserLogin', 'Login', 'uid', 1, 1, 'var' ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ], [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ], [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ], [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ], [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ], ], }; # *** My AD structure is (AD server is heb-hdo-dc-03.hebros.bg): root | +-> hebros.bg | +-> HeadOffice | +-> Service Users | +-> OTRS I think string: cn=OTRS,ou=Service Users,ou=HeadOffice,dc=hebros,dc=bg is correct enough. We disable anonymous search in AD. I think BaseDN is "dc=hebros,dc=bg". Am I on the right way? I have no experiеnce with LDAP servers, but when I config my email client to work with LDAP directory (with string above), everithing is OK (with this BaseDN). Is there somethig Active Directory specific in sintax? -- Best regards, Vladimir Gerdjikov Communication and NOS Manager, HebrosBank Head Office, +359 32/903435, +359 888 578 458 KeyID:BC821E9B from http://wwwkeys.uk.pgp.net Fingerprint: 503C 54EE C1B0 B446 DD84 5A3A 4E05 4D62 BC82 1E9B