On Thu, Feb 19, 2004 at 01:30:02PM -0600, Jason Joines wrote:
Then, jo, don, and sam along with everyone else were no longer able to log in. The error in the log is:
User: jo login failed, no LDAP group entry foundGroupDN='cn=otrs,dc=mydomain,dc=org', Filter='(memberUid=uid=jo,dc=mydomain,dc=org)'! (REMOTE_ADDR: 172.16.9.159).
What setting should I use to require membership in my group?
[Kernle/Config.pm]
# for ldap posixGroups objectclass (just uid) $Self->{'AuthModule::LDAP::UserAttr'} = 'UID';
[...]
See Kernel/Config/Defaults.pm.
I did look at that and it's how I got User LDAP Authentication working. I don't think I understand what I'm seeing. In: $Self->{'AuthModule::LDAP::UserAttr'} = 'UID'; how do I specify what group?
My settings to make sure User LDAP Authentication was working were:
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self->{'AuthModule::LDAP::Host'} = 'ldap.mydomain.org'; $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=mydomain,dc=org'; $Self->{'AuthModule::LDAP::UID'} = 'uid';
That allowed LDAP users to authenticate. However, it allowed all my LDAP users to authenticate. I need to restrict it to a particular subset of users based on posixGroup. So, I added:
$Self->{'AuthModule::LDAP::GroupDN'} = 'cn=otrs,dc=mydomain,dc=org'; $Self->{'AuthModule::LDAP::AccessAttr'} = 'memberUid';
Add $Self->{'AuthModule::LDAP::UserAttr'} = 'UID'; To Kernel/Config.pm like I wrote. It tells the ldap auth module that the cn=otrs,dc=mydomain,dc=org group is an posixGroup group (and not a normal LDAP group).
Jason ===========
Martin Edenhofer -- ((otrs.de)) :: OTRS GmbH :: Norsk-Data-Str. 1 :: 61352 Bad Homburg http://www.otrs.de/ :: Manage your communication!