I don't understand. I have already do that. I have a local user that have
the same username and password in my Active Directory and in OTRS. If I
don't use AD to authenticate, I can access to http://tickets/otrs/index.pl
and http://tickets/otrs/customer.pl. If I use AD, I can login to
http://tickets/otrs/customer.pl withou error, if I try to login to
http://tickets/otrs/index.pl I have this error : Login failed! Your
username or password was entered incorrectly.
Do you know what is wrong ?
Regards,
_____________________
Olivier VILLEGENTE
Administrateur système & réseau
Société Immobilière de Nouvelle-Calédonie
Tél : (687) 28.03.78
Fax : (687) 28.43.56
e-Mail : olivier.villegente@sic.nc
Steve Hall
Envoyé par : otrs-bounces@otrs.org
12/06/2009 20:59
Veuillez répondre à
"User questions and discussions about OTRS."
A
"User questions and discussions about OTRS."
cc
Objet
Re: [otrs] Active Directory and user + agent authentification
Even though you are auth'ing via AD, you still need to have local agents
created with the same username as the AD username. (Cant comment on
customers, as I dont run like that).
If you change the
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
back to the default, create your admin user as per the name in AD, and try
again.
Regards
I
On 12 Jun 2009, at 05:02, olivier.villegente@sic.nc wrote:
Hi,
I have a little problem that I'm unable to solve.
- I need that agents and users (customers) can authenticate using Active
Directory. My users can access to the customer page but my agent can't
login to the agent page. When agent try to login they have an error
message saying "the connection has failed! Your username or password is
incorrect".
- After edit my Config.pm in order to allow authenticate by Active
Directory, I can't connect using a local user.
Can you help me to find what is wrong ?
I join a copy of my Config.pm
Regards,
** My Config.pm **
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# #
# Start of your own config options!!! #
# #
# ---------------------------------------------------- #
# ---------------------------------------------------- #
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'pollux.sic.intra';
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=sic, dc=intra';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::SearchUserDN'} =
'cn=ldap_php,cn=Systeme,dc=sic,dc=intra';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'XXXX';
# This is an example configuration for an LDAP auth. backend.
# (take care that Net::LDAP is installed!)
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'pollux.sic.intra';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} =
'ou=SIC,dc=sic,dc=intra';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
# The following is valid but would only be necessary if the
# anonymous user do NOT have permission to read from the LDAP tree
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} =
'cn=ldap_php,ou=Systeme,dc=sic,dc=intra';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'XXXX';
# CustomerUser
# (customer user database backend and settings)
$Self->{CustomerUser} = {
Name => 'Datenbank',
Module => 'Kernel::System::CustomerUser::DB',
Params => { Table => 'customer_user',
# to use an external database
# DSN => 'DBI:odbc:yourdsn',
# DSN => 'DBI:mysql:database=customerdb;host=customerdbhost',
# User => '', Password => '',
},
# customer uniq id
CustomerKey => 'login',
CustomerID => 'customer_id',
CustomerValid => 'valid_id',
CustomerUserListFields => ['first_name', 'last_name', 'email'],
# CustomerUserListFields => ['login', 'first_name', 'last_name',
'customer_id', 'email'],
CustomerUserSearchFields => ['login', 'last_name', 'customer_id'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['email'],
CustomerUserNameFields => ['salutation', 'first_name',
'last_name'],
# ReadOnly => 1,
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type,
http-link
[ 'UserSalutation', 'Salutation', 'salutation', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'first_name', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'last_name', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'login', 1, 1, 'var' ],
[ 'UserPassword', 'Password', 'pw', 0, 1, 'var' ],
[ 'UserEmail', 'Email', 'email', 0, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'customer_id', 0, 1, 'var'
],
[ 'UserComment', 'Comment', 'comments', 1, 0, 'var' ],
[ 'ValidID', 'Valid', 'valid_id', 0, 1, 'int' ],
],
};
# CustomerUser1
# (customer user ldap backend and settings)
$Self->{CustomerUser1} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
# ldap host
Host => 'pollux.sic.intra',
# ldap base dn
BaseDN => 'ou=SIC,dc=sic,dc=intra',
# search scope (one|sub)
SSCOPE => 'sub',
# The following is valid but would only be necessary if the
# anonymous user does NOT have permission to read from the LDAP tree
UserDN => 'cn=ldap_php,ou=Systeme,dc=sic,dc=intra',
UserPw => 'XXXX',
AlwaysFilter => '',
SourceCharset => 'utf-8',
DestCharset => 'iso-8859-1',
},
# customer uniq id
CustomerKey => 'sAMAccountName',
# customer #
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
#[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
#[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
#[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
# ---------------------------------------------------- #
# database settings #
# ---------------------------------------------------- #
# DatabaseHost
# (The database host.)
$Self->{DatabaseHost} = $dbserver || 'localhost';
# Database
# (The database name.)
$Self->{Database} = $dbname || 'otrs';
# DatabaseUser
# (The database user.)
$Self->{DatabaseUser} = $dbuser || 'otrs';
# DatabasePw
# (The password of database user. You also can use
bin/CryptPassword.pl
# for crypted passwords.)
$Self->{DatabasePw} = $dbpass;
# DatabaseDSN
# (The database DSN for MySQL ==> more: "man DBD::mysql")
$Self->{DatabaseDSN} =
"$dsn=$Self->{Database};host=$Self->{DatabaseHost};port=$dbport;";
# (The database DSN for PostgreSQL ==> more: "man DBD::Pg")
# if you want to use a local socket connection
# $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};";
# if you want to use a tcpip connection
# $Self->{DatabaseDSN} =
"DBI:Pg:dbname=$Self->{Database};host=$Self->{DatabaseHost};";
# ---------------------------------------------------- #
# fs root directory
# ---------------------------------------------------- #
$Self->{Home} = '/usr/share/otrs';
# ---------------------------------------------------- #
# insert your own config settings "here" #
# config settings taken from Kernel/Config/Defaults.pm #
# ---------------------------------------------------- #
# $Self->{SessionUseCookie} = 0;
# $Self->{CheckMXRecord} = 0;
# ---------------------------------------------------- #
# switch off the web based installer for the Debian package
$Self->{SecureMode} = 1;
# ---------------------------------------------------- #
# data inserted by installer #
# ---------------------------------------------------- #
# $DIBI$
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# #
# End of your own config options!!! #
# #
# ---------------------------------------------------- #
# ---------------------------------------------------- #
}
# ---------------------------------------------------- #
# needed system stuff (don't edit this) #
# ---------------------------------------------------- #
use strict;
use warnings;
use vars qw(@ISA $VERSION);
use Kernel::Config::Defaults;
push (@ISA, 'Kernel::Config::Defaults');
use vars qw(@ISA $VERSION);
$VERSION = qw($Revision: 1.20 $)[1];
# -----------------------------------------------------#
1;
_____________________
Olivier VILLEGENTE
Administrateur système & réseau
Société Immobilière de Nouvelle-Calédonie
Tél : (687) 28.03.78
Fax : (687) 28.43.56
e-Mail : olivier.villegente@sic.nc
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/