Re: [otrs] Another painful LDAPS problem

Thanks Roy, Your config file was helpful in cutting out the unnecessary directives in my old one. Unfortunately, no luck either. Jun 30 21:50:34 tfg-lv-ticket-p OTRS-CGI-10[1226]: [Error][Kernel::System::User::UserLookup][Line:922]: No UserID found for 'Test.User@domain.tld'! Jun 30 21:50:42 tfg-lv-ticket-p OTRS-CGI-10[1225]: [Error][Kernel::System::User::UserLookup][Line:922]: No UserID found for 'test.user@domain.tld'! Jun 30 21:50:58 tfg-lv-ticket-p OTRS-CGI-10[1225]: [Error][Kernel::System::User::UserLookup][Line:922]: No UserID found for 'test.user'! Jun 30 21:51:03 tfg-lv-ticket-p OTRS-CGI-10[1225]: [Error][Kernel::System::User::UserLookup][Line:922]: No UserID found for 'Test.User'! And again, all users are present in the user list. tcpdump shows that the server is definitely talking LDAPS to the DC, but I'm not sure whether it's actually trying to authenticate the users or just pulling the list. Will see if I can get some more detailed debugging from the DC. I have no idea why OTRS would be trying to use the local DB instead of LDAPS, except that the agent accounts are local. Still shouldn't matter, the config file should be working. Did you install otrs from source or from a repository? If it was manual, then I'll do a manual installation on another VM and try with the same config I have here. If it works then, it might be a bug. -- --- Evan Spangler Systems Administrator TEK Fusion Global, Inc ________________________________ From: Roy Kaldung Sent: Friday, June 30, 2017 7:12:08 PM To: Evan Spangler Cc: User questions and discussions about OTRS. Subject: Re: [otrs] Another painful LDAPS problem Hi Evan, this is my working config on a test system: $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self->{'Customer::AuthModule::LDAP::Host'} = 'ldaps://xxx'; $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=domain,dc=tld'; $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrsbinduser@domain.tld'; $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = ‘xxx'; $Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '(mail=*)’; $Self->{CustomerUser} = { Name => 'LDAP Backend', Module => 'Kernel::System::CustomerUser::LDAP', Params => { Host => 'ldaps://xxx', BaseDN => 'dc=domain,dc=tld', SSCOPE => 'sub', UserDN => 'otrsbinduser@domain.tld', UserPw => ‘xx', AlwaysFilter => '(mail=*)', SourceCharset => 'utf-8', DestCharset => 'utf-8', Die => 0, Params => { verify => 'none', timeout => 30, async => 0, version => 3, }, }, # customer unique id CustomerKey => 'sAMAccountName', # customer # CustomerID => 'mail’, … hth, Roy This e-mail may contain confidential or privileged information. This communication and any attached documents may also contain data subject to the International Traffic in Arms Regulations or U.S. Export Administration Regulations and cannot be disseminated, distributed or copied to foreign nationals, residing in the U.S. or abroad, without the prior approval of the U.S. Department of State or appropriate export licensing authority. If you are not the intended recipient, please notify the sender immediately by return e-mail with a copy to: IT@tekfusioninc.com and delete this e-mail and all copies and attachments. Opinions, conclusions and other information in this message that do not relate to the official business of Tek Fusion Global, Inc., shall be understood as neither given nor endorsed by it.