I had it fully working in 2.3.4 and made a full backup of the 2.3.4 otrs folder. I then uninstalled 2.3.4 and installed 2.4.3. I tried first to copy and past my whole config.pm file from 2.3.4 to 2.4.3 and that did not work. I tried just the segment I have below and that still did not work. Is it somewhere in the documentation and I'm missing it or can you give me a portion of your config.pm and just have me fill in my stuff?
Thanks,
Justin
Justin, I just dealt with this headache myself. Did you have it working and then it quit or is it a simple question of agent authentication?
--
Julian Cook
Securities and Exchange Commission
Operations Center
DMZ OpsIs there even a way for the Agent to authenticate over LDAP anymore? It looks like it has been taken out. I've been going through SysConfig and can't find anything on it. Anything I also try to throw at it by manually editing Config.pm leaves the system broken. I've also uninstalled and reinstalled a few times now.
Justin
On Tue, Aug 25, 2009 at 12:18 PM, <guenther.rasch@gmx.de> wrote:
Hi,> Here is the whole LDAP configuration part from my config.pm <http://config.pm> that I just
same problem here, but only with one of 200:
I have tested it, with case-sensitive typed
username, it works - but no problem with
case-sensitive for all the others...
Günther
-------- Original-Nachricht --------
> Datum: Tue, 25 Aug 2009 12:12:17 -0400
> Von: Justin Holt <holt.justin173@gmail.com>
> An: otrs@otrs.org
> Betreff: [otrs] Active Directory and 2.4.3 issues
> I finally went to make the jump to 2.4.3 from 2.3.4 and am having a bit of
> an issue. Customers still authenticate against our Active Directory
> Server
> just fine, but when an agent tries to authenticate, it all blows up.
>
> "Panic, user authenticated but no user data can be found in OTRS DB!!
> Perhaps the user is invalid."
>
> copied and pasted out of the config.pm <http://config.pm> for 2.3.4. I have seen that there
> are others with this same issue but there have been no responses. This is
> all running on a windows 2003 server with a regurlar install of OTRS. Any
> Ideas?
> #-----------------------Customer
> Data------------------------------------------------
>
>
> #Enable LDAP authentication for Customers / Users
> $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
> $Self->{'Customer::AuthModule::LDAP::Host'} = 'vdp-dc-003';
> $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=ci, dc=vernon,
> dc=ct,
> dc=us';
> $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
>
> #The following is valid but would only be necessary if the
> #anonymous user do NOT have permission to read from the LDAP tree
> $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrs_ldap';
> $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = '1qaz2wsx';
>
> #CustomerUser
> #(customer user database backend and settings)
> $Self->{CustomerUser} = {
> Module => 'Kernel::System::CustomerUser::LDAP',
> Params => {
> Host => 'vdp-dc-003',
> BaseDN => 'dc=ci, dc=vernon, dc=ct, dc=us',
> SSCOPE => 'sub',
> UserDN =>'otrs_ldap',
> UserPw => '1qaz2wsx',
> },
> # customer unique id
> CustomerKey => 'sAMAccountName',
> # customer #
> CustomerID => 'mail',
> CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
> CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
> CustomerUserSearchPrefix => '',
> CustomerUserSearchSuffix => '*',
> CustomerUserSearchListLimit => 250,
> CustomerUserPostMasterSearchFields => ['mail'],
> CustomerUserNameFields => ['givenname', 'sn'],
> Map => [
> # note: Login, Email and CustomerID needed!
> # var, frontend, storage, shown, required, storage-type
> #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
> [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
> [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
> [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
> [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
> [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
> [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
> #[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
> #[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
> ],
> };
> # -------------------------End Customer data-----------------------------
>
>
> #------------------------------Agent Data---------------------------------
>
> #Enable LDAP authentication for Customers / Users
> $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
> $Self->{'AuthModule::LDAP::Host'} = 'vdp-dc-003';
> $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=ci, dc=vernon, dc=ct, dc=us';
> $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
>
> #The following is valid but would only be necessary if the
> #anonymous user do NOT have permission to read from the LDAP tree
> $Self->{'AuthModule::LDAP::SearchUserDN'} = 'otrs_ldap';
> $Self->{'AuthModule::LDAP::SearchUserPw'} = '1qaz2wsx';
>
> # UserSyncLDAPMap
> # (map if agent should create/synced from LDAP to DB after login)
> $Self->{UserSyncLDAPMap} = {
> # DB -> LDAP
> UserFirstname => 'givenName',
> UserLastname => 'sn',
> UserEmail => 'mail',
> };
>
> # UserSyncLDAPGroups
> # (If "LDAP" was selected="selected" for AuthModule, you can specify
> # initial user groups for first login.)
> $Self->{UserSyncLDAPGroups} = [
> 'users',
> ];
>
> # UserTable
> $Self->{DatabaseUserTable} = 'users';
> $Self->{DatabaseUserTableUserID} = 'id';
> $Self->{DatabaseUserTableUserPW} = 'pw';
> $Self->{DatabaseUserTableUser} = 'login';
>
> #Add the following lines when only users are allowed to login if they
> reside
> in the spicified security group
> #Remove these lines if you want to provide login to all users specified in
> the User Base DN
> $Self->{'AuthModule::LDAP::GroupDN'}
> ='CN=otrs_ldap_allow_A,CN=Builtin,DC=ci,DC=vernon,DC=ct,DC=us';
> $Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
> $Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
>
> #---------------------------End Agent Data--------------------------------
--
GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT!
Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/