Hi Michiel,

Thank you for your quick response, I thought the LDAP sync was a performance enhancement rather than a necessity, cheers for pointing that out.

Unfortunately I'm still having issues with it, it seems my OTRS installation is very sensitive to that extra bit of code, I just implemented the below and I was unable to even get into the logon page. Therefore to prevent any major damage I thought I would post it to see where I'm going wrong:


    # agent data sync against ldap
    $Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
    $Self->{'AuthSyncModule::LDAP::Host'} = 'ldap://myserver.domain.local/';
    $Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=domain, dc=local';
    $Self->{'AuthSyncModule::LDAP::UID'} = 'UID';
    $Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'CN=OTRS Searcher,OU=OTRS LDAP Searcher,DC=domain,DC=local';
    $Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'myotrspassword';
    $Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
        # DB -> LDAP
        UserFirstname => 'givenName',
        UserLastname  => 'sn',
        UserEmail     => 'mail',
    };
    [...]

    # AuthSyncModule::LDAP::UserSyncInitialGroups
    # (sync following group with rw permission after initial create of first agent
    # login)
    $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
        'users',
    ];

Any thoughts as to what I'm doing wrong?

Thanks,

David


On Mon, Aug 3, 2009 at 8:25 PM, Michiel Beijen <michiel@beefreeit.nl> wrote:
You'd need to also configure LDAPSync (and, map attributes from LDAP to OTRS) in order for the accounts to automatically synchronize. See the part under "AuthSyncModule" in the Manual:

http://doc.otrs.org/2.4/en/html/x1826.html

Kind regards,
--
Michiel Beijen
Software Consultant
+31 6 - 457 42 418
Bee Free IT + http://beefreeit.nl


On Mon, Aug 3, 2009 at 21:06, David Holder <david.holder@gmail.com> wrote:
Hi Chaps,

I'm trying to authenticate agents on my OTRS implementation (OTRSforwin) by adopting the LDAP template like so: (Windows Server 2003 Active Directory domain controller)

   ########## Start of LDAP Config ##########


    # This is an example configuration for an LDAP auth. backend.
    # (take care that Net::LDAP is installed!)
    $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
    $Self->{'AuthModule::LDAP::Host'} = 'myserver.domain.local';
    $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=domain,dc=local';
    $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';

    # Check if the user is allowed to auth in a posixGroup
    # (e. g. user needs to be in a group xyz to use otrs)
    $Self->{'AuthModule::LDAP::GroupDN'} = 'cn=OTRS_Agents,ou=OTRS Admins,dc=domain,dc=local';
    $Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
   
    # for ldap posixGroups objectclass (just uid)
    #$Self->{'AuthModule::LDAP::UserAttr'} = 'UID';
    # for non ldap posixGroups objectclass (with full user dn)
    $Self->{'AuthModule::LDAP::UserAttr'} = 'DN';

    # The following is valid but would only be necessary if the
    # anonymous user do NOT have permission to read from the LDAP tree
    $Self->{'AuthModule::LDAP::SearchUserDN'} = 'cn=OTRS Searcher,ou=OTRS LDAP Searcher,dc=domain,dc=local';
    $Self->{'AuthModule::LDAP::SearchUserPw'} = 'myotrspassword';

    # in case you want to add always one filter to each ldap query, use
    # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
    $Self->{'AuthModule::LDAP::AlwaysFilter'} = '';

    # in case you want to add a suffix to each login name, then
    # you can use this option. e. g. user just want to use user but
    # in your ldap directory exists user@domain.
    #$Self->{'AuthModule::LDAP::UserSuffix'} = '@domain.com';

    # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
    $Self->{'AuthModule::LDAP::Params'} = {
        port => 389,
        timeout => 120,
        async => 0,
        version => 3,
    };



Output from Log File:



[Mon Aug  3 19:51:40 2009][Notice][Kernel::System::Auth::LDAP::Auth] User: David Holder (CN=David Holder,OU=IT,DC=domain,DC=local) authentication ok (REMOTE_ADDR: 127.0.0.1).
[Mon Aug  3 19:51:40 2009][Error][Kernel::System::User::UserLookup][680] No UserID found for 'David Holder'!
[Mon Aug  3 19:51:40 2009][Error][Kernel::System::User::UserLookup][680] No UserID found for 'David Holder'!
[Mon Aug  3 19:51:40 2009][Notice][Kernel::System::User::GetUserData] Panic! No UserData for user: 'David Holder'!!!


Does anyone have any ideas what is wrong with my config?

Your help is most appreciated.

David

---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/


---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/