Re: [otrs] Another painful LDAPS problem

30 Jun 2017

      Hi Roy,

Thanks for looking at my config! I hadn't considered using the UPN
instead of the sAMAccountName. No luck, unfortunately.

The old and new installations are on two different VMs, and I used the
same syntax and similar parameters with the exception of switching to
LDAPS instead of plaintext LDAP. I didn't have to specify the port and
protocol in the Net::LDAP or hostname fields. Besides that, nothing has
changed. They weren't rolled out to production yet so are/were stock
(besides this LDAP auth) with no tickets except for test tickets.

I've switched sAMAccountname to userPrincipalName in the relevant
fields and commented out the appending UserSuffix line.

The customer fields repopulated using the UPN as username and customer
ID, but same error.

Syslog:

OTRS-CGI-10[3833]: [Error][Kernel::System::User::UserLookup][Line:922]:
No UserID found for 'Test.User@tekfusioninc.com'!
OTRS-CGI-10[3832]: [Error][Kernel::System::User::UserLookup][Line:922]:
No UserID found for 'test.user'!

Apache error.log:

ERROR: OTRS-CGI-10 Perl: 5.22.1 OS: linux Time: Fri Jun 30 17:20:15
2017

 Message: No UserID found for 'Test.User@tekfusioninc.com'!

 RemoteAddress: 192.168.0.61
 RequestURI: /otrs/index.pl

 Traceback (3833):
   Module: Kernel::System::User::UserLookup Line: 922
   Module: Kernel::System::Auth::Auth Line: 241
   Module: Kernel::System::Web::InterfaceAgent::Run Line: 226
   Module:
ModPerl::ROOT::ModPerl::Registry::usr_share_otrs_bin_cgi_2dbin_index_2e
pl::handler Line: 40
   Module: (eval) (v1.99) Line: 207
   Module: ModPerl::RegistryCooker::run (v1.99) Line: 207
   Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 173
   Module: ModPerl::Registry::handler (v1.99) Line: 32

ERROR: OTRS-CGI-10 Perl: 5.22.1 OS: linux Time: Fri Jun 30 17:20:20
2017

 Message: No UserID found for 'test.user'!

 RemoteAddress: 192.168.0.61
 RequestURI: /otrs/index.pl

 Traceback (3832):
   Module: Kernel::System::User::UserLookup Line: 922
   Module: Kernel::System::Auth::Auth Line: 241
   Module: Kernel::System::Web::InterfaceAgent::Run Line: 226
   Module:
ModPerl::ROOT::ModPerl::Registry::usr_share_otrs_bin_cgi_2dbin_index_2e
pl::handler Line: 40
   Module: (eval) (v1.99) Line: 207
   Module: ModPerl::RegistryCooker::run (v1.99) Line: 207
   Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 173
   Module: ModPerl::Registry::handler (v1.99) Line: 32

Thanks!

--
---

Evan Spangler
Systems Administrator

TEK Fusion Global, Inc

On Fri, 2017-06-30 at 22:27 +0200, Roy Kaldung wrote:
...
Hi Evan,
Is this the same config you’re using on your other system?
...
On Jun 30, 2017, at 9:08 PM, Evan Spangler  wrote:
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'Customer::AuthModule::LDAP::UserSuffix'} = '@domain.com';
Looks weird to me to add the domain to the sAMAccountName. AFAIK know
sAMAccountName plus the domain is mostly the userPrincipalName.
Did you tried it without the UserSuffix when the customer enter the
sAMAccountName?
- Roy
This e-mail may contain confidential or privileged information. This communication and any attached documents may also contain data subject to the International Traffic in Arms Regulations or U.S. Export Administration Regulations and cannot be disseminated, distributed or copied to foreign nationals, residing in the U.S. or abroad, without the prior approval of the U.S. Department of State or appropriate export licensing authority. If you are not the intended recipient, please notify the sender immediately by return e-mail with a copy to: IT@tekfusioninc.com and delete this e-mail and all copies and attachments. Opinions, conclusions and other information in this message that do not relate to the official business of Tek Fusion Global, Inc., shall be understood as neither given nor endorsed by it.