Re: [otrs] LDAP customer information

15 May 2013


      Check this:
https://www.google.com/search?q=site:forums.otterhub.org+scalars+leaked
and
https://www.google.com/search?q=site:forums.otterhub.org%20sizelimit%20excee...


On Wed, May 15, 2013 at 10:03 AM, Simon Allison
wrote:
...
Sorry about that, I had commented out a lot of the config, as this is on
windows.   ****
** **
** **
Here is our system****
** **
OTRS 3.2.2****
Windows 2003****
** **
** **
Apache log shows :****
** **
Message: Sizelimit exceeded****
** **
RemoteAddress: 172.16.52.51****
RequestURI: /otrs/index.pl?Action=AdminCustomerUser;Nav=Agent****
** **
Traceback (536): ****
Module: Kernel::System::CustomerUser::LDAP::CustomerSearch (v1.74)
Line: 383****
Module: Kernel::System::CustomerUser::CustomerSearch (v1.72) Line: 198*
***
Module: Kernel::Modules::AdminCustomerUser::_Overview (v1.105) Line: 665
****
Module: Kernel::Modules::AdminCustomerUser::Run (v1.105) Line: 602****
Module: Kernel::System::Web::InterfaceAgent::Run (v1.73) Line: 866****
Module:
ModPerl::ROOT::ModPerl::Registry::C_3a_Program_20Files_OTRS_OTRS_bin_cgi_2dbin_index_2epl::handler
(unknown version) Line: 48****
Module: (eval) (v1.94) Line: 204****
Module: ModPerl::RegistryCooker::run (v1.94) Line: 204****
Module: ModPerl::RegistryCooker::default_handler (v1.94) Line: 170****
Module: ModPerl::Registry::handler (v1.99) Line: 31****
** **
Scalars leaked: 1****
Scalars leaked: 1****
Scalars leaked: 1****
Scalars leaked: 1****
Scalars****
** **
** **
** **
** **
** **
** **
*From:* otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] *On Behalf
Of *Gerald Young
*Sent:* 14 May 2013 15:19
*To:* User questions and discussions about OTRS.
*Subject:* Re: [otrs] LDAP customer information****
** **
half of that post is commented out, so it's a bit difficult to address
your issue specifically. Next time, please consider removing large chunks
of commented sections when posting. What do the logs say? Especially,
otrs.log or apache error.log or what version of OTRS, what operating system
is it installed on, etc.****
** **
The general "feel" of the answer is that you have a problem in
CustomerUser. Specifically, you may have too strict of a filter or improper
GroupDN.****
** **
When you say, ****
** **
...
The link below is where I get page cannot be displayed****
the apache log probably can tell you more information.****
** **
On Tue, May 14, 2013 at 6:16 AM, Simon Allison 
wrote:****
Hi Gerald,
Sorry I forgot to send this yesterday, here is a copy of the config.pm(obvious bits removed)
Simon
# This is customer LDAP configuration for an LDAP auth. backend.
# (make sure Net::LDAP is installed!)
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = '';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=,dc=internal';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group xyz to use otrs)
$Self->{'Customer::AuthModule::LDAP::GroupDN'} =
'OU=SDC,OU=Establishments,DC=,DC=INTERNAL';
$Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
# for ldap posixGroups objectclass (just uid)
#$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID';
# for non ldap posixGroups objectclass (full user dn)
$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN';
# The following is valid but would only be necessary if the
# anonymous user does NOT have permission to read from the LDAP tree
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} =
'cn=otrs,cn=Users,dc=,dc=internal';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = '';
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter =>
'(objectclass=user)'
$Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '(mail=*)';
# in case you want to add a suffix to each customer login name, then
# you can use this option. e. g. user just want to use user but
# in your ldap directory exists user@domain.
#$Self->{'Customer::AuthModule::LDAP::UserSuffix'} = '@.internal';
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'Customer::AuthModule::LDAP::Params'} = {
    port => 389,
    timeout => 120,
    async => 0,
    version => 3,
};
# Enable LDAP lookups for Customer account information.
    $Self->{CustomerUser} = {
      Module => 'Kernel::System::CustomerUser::LDAP',
      Params => {
        Host => '',
        BaseDN => 'dc=,dc=internal',
        SSCOPE => 'sub',
        UserDN => 'cn=otrs,cn=Users,dc=,dc=internal',
        UserPw => '',
        AlwaysFilter => '(objectclass=user)',
        GroupDN => 'ou=SDC,ou=establishments,dc=,dc=internal',
#        GroupDN => 'cn=OTRS Customers,cn=Users,dc=,dc=internal',
        AccessAttr => 'member',
        UserAttr => 'DN',
      },
# customer uniq id
                CustomerKey => 'sAMAccountName',
                # customer #
                CustomerID => 'mail',
                CustomerUserListFields => ['givenname', 'sn', 'mail'],
                CustomerUserSearchFields =>
['displayName','sAMAccountName','givenname', 'sn',
'mail','description'],
                CustomerUserPostMasterSearchFields =>
['displayName','sAMAccountName','givenname','sn','mail','description'],
                CustomerUserNameFields => ['givenname', 'sn'],
                # show not own tickets in customer panel, CompanyTickets
    CustomerUserExcludePrimaryCustomerID => 0,
    # add an ldap filter for valid users (expert setting)
#    CustomerUserValidFilter => '(!(description=locked))',
    # administrator can't change customer preferences
    AdminSetPreferences => 0,
#    # cache time to live in sec. - cache any database queries
#CacheTTL => 0,
                Map => [
                        # note: Login, Email and CustomerID needed!
                        # var, frontend, storage, shown, required,
storage-type
                        [ 'UserSalutation', 'Title', 'title', 1, 0, 'var'
],
                        [ 'UserFirstname', 'Firstname', 'givenname', 1, 1,
'var' ],
                        [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
                        [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1,
'var' ],
                        [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
                        [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1,
'var' ],
                        #[ 'UserCustomerIDs', 'CustomerIDs',
'wWWHomePage', 1, 0, 'var' ],
                        [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0,
'var' ],
                        [ 'UserAddress', 'Address', 'postaladdress', 1, 0,
'var' ],
                        [ 'UserComment', 'Comment', 'description', 1, 0,
'var' ],
                        ],
        };
****
** **
**********************************************************************
This message may contain privileged and confidential information.
It is intended solely for the person to whom it is addressed.
If you are not the intended recipient, please notify the sender and delete
the message immediately.
The text in this e-mail and any attachments should not be altered or
tampered with in any way.
Any views expressed in this message are those of the individual sender and
do not necessarily
reflect the views of South Downs College http://www.southdowns.ac.uk.
**********************************************************************
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs