Hello
I am very new to OTRS and have ran into a problem
I’m unable to figure out as yet.
I am trying to set up a helpdesk system for a small
“kommune” in
Right now agents can log in and get authenticated by
the Radius server, but this demands that their personal information is already
entered in OTRS.
Normal users get authenticated via LDAP but unless
they too are already registered they get the error message “Panic! No
UserData!!!”. In the system log these attempts show up as
notice OTRS-CGI-10 CustomerUser: pers
authentification ok (REMOTE_ADDR: 192.168.105.107).
(pers is the ID of the testuser.)
The plan is that as soon as authentication against
LDAP works well I’ll stop using Radius.
I guess that my problem is connected to mapping from
LDAP to OTRS and problems with copying the content of the fields from one to
the other. After a little googling I found that this has been discussed
before. I edited the file shown at http://www.mail-archive.com/otrs@otrs.org/msg16539.html
and tried using that, but alas it didn’t work out.
I feel at a dead end right now, and would really appreciate
som input on where I went wrong and what I need to do.
( And an extra query: It seems some examples off the
net have [ and ] whereas others have { and }. Does it matter which one I
use? )
My feebly modified Config.pm looks like this:
******************** Paste begin
****************************************
# --
# Kernel/Config.pm - Config file for OTRS kernel
# Copyright (C) 2001-2006 OTRS GmbH, http://otrs.org/
# --
# $Id: Config.pm.dist,v 1.18 2006/09/07 16:15:41 mh
Exp $
# --
# This software comes with ABSOLUTELY NO WARRANTY.
For details, see
# the enclosed file COPYING for license information
(GPL). If you
# did not receive this file, see
http://www.gnu.org/licenses/gpl.txt.
# --
# Note:
#
# -->> OTRS does have a lot of config
settings. For more settings
# (Notifications,
Ticket::ViewAccelerator, Ticket::NumberGenerator,
# LDAP,
PostMaster, Session, Preferences, ...) see
#
Kernel/Config/Defaults.pm and copy your wanted lines into "this"
# config file.
This file will not be changed on update!
#
# --
package Kernel::Config;
sub Load {
my $Self = shift;
#
---------------------------------------------------- #
#
---------------------------------------------------- #
#
#
# Start of your own config
options!!! #
#
#
#
---------------------------------------------------- #
# ----------------------------------------------------
#
# This is example configuration to
auth. agents against a radius server
$Self->{'AuthModule'} =
'Kernel::System::Auth::Radius';
$Self->{'AuthModule::Radius::Host'} = '192.168.105.3';
$Self->{'AuthModule::Radius::Password'}
= 'PASSWORD';
# This is an example configuration
for an LDAP auth. backend.
# (take care that Net::LDAP is
installed!)
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'}
= '192.168.105.3';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=grueopen,dc=lokal';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
# Check if the user is allowed to
auth in a posixGroup
# (e. g. user needs to be in a
group xyz to use otrs)
#
$Self->{'Customer::AuthModule::LDAP::GroupDN'} =
'cn=otrsallow,ou=posixGroups,dc=example,dc=com';
#
$Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'memberUid';
# for ldap posixGroups objectclass
(just uid)
#
$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID';
# for non ldap posixGroups
objectclass (full user dn)
#
$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN';
# The following is valid but would
only be necessary if the
# anonymous user do NOT have
permission to read from the LDAP tree
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=otrs
otrs,cn=users,dc=grueopen,dc=lokal';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = ' PASSWORD ';
# in case you want to add always
one filter to each ldap query, use
# this option. e. g. AlwaysFilter
=> '(mail=*)' or AlwaysFilter => '(objectclass=user)'
#
$Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '';
# in case you want to add a suffix
to each customer login name, then
# you can use this option. e. g.
user just want to use user but
# in your ldap directory exists
user@domain.
#
$Self->{'Customer::AuthModule::LDAP::UserSuffix'} = '@domain.com';
$Self->{UserSyncLDAPMap} = [
Username =>
'sAMAccountName',
Firstname =>
'givenName',
Lastname => 'sn',
Email => 'mail',
CustomerID =>
'mail',
];
# UserSyncLDAPGroups
# (If "LDAP" was
selected for AuthModule, you can specify inital
# user groups for first login.)
$Self->{UserSyncLDAPGroups} = [
'users',
];
# Net::LDAP new params (if needed
- for more info see perldoc Net::LDAP)
$Self->{'Customer::AuthModule::LDAP::Params'}
= {
port =>
389,
timeout
=> 120,
async
=> 0,
version
=> 3,
};
#
---------------------------------------------------- #
# database
settings
#
# ----------------------------------------------------
#
# DatabaseHost
# (The database host.)
$Self->{'DatabaseHost'} =
'localhost';
# Database
# (The database name.)
$Self->{'Database'} = 'otrs';
# DatabaseUser
# (The database user.)
$Self->{'DatabaseUser'} =
'otrs';
# DatabasePw
# (The password of database user.
You also can use bin/CryptPassword.pl
# for crypted passwords.)
$Self->{'DatabasePw'} =
'tuib75';
# DatabaseDSN
# (The database DSN for MySQL
==> more: "man DBD::mysql")
$Self->{DatabaseDSN} =
"DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost};";
( Rest of file skipped)
******************** Paste end
****************************************
Kind regards,
Bjørn Ingmar Berg