Re: [otrs] LDAP - Windows Server 2008 R2 - AD Object 2003

6 Jul 2012

      now i solve the error 187... but i have this response

[Fri Jul  6 18:18:45 2012][Notice][Kernel::System::Auth::LDAP::Auth] User:
adone\agente1 authentication failed, no LDAP entry
found!BaseDN='dc=adone,dc=lan', Filter='(sAMAccountName=adone\\agente1)',
(REMOTE_ADDR: xxxx).
[Fri Jul  6 18:18:45 2012][Error][Kernel::System::User::UserLookup][797] No
UserID found for 'adone\agente1'!

On 6 July 2012 18:15, Stefano Ricci  wrote:
...
hi, and thanks fot the second help of the day
i have to integrate otrs 3.1 (windows version) with the domain active
directory, based on 2003 object, but installed on a windows 2008 r2
server...
but i have always the same error:
[Fri Jul  6 14:41:39 2012][Error][Kernel::System::Auth::LDAP::Auth][187]
First bind failed! 80090308: LdapErr: DSID-0C0903A9, comment:
AcceptSecurityContext error, data 52e, v1db0
[Fri Jul  6 14:41:39 2012][Error][Kernel::System::User::UserLookup][797]
No UserID found for 'adone\agente1'!
the network configuration is that:
domain controller: dcad101
domain name: adone.lan
ad configuration is that:
Groups:
- OTRSAgents
   - OTRSCustomers
Agent Users:
- agente1
   - agente2
   - otrs (i use to sync otrs with ldap)
Customer Users:
- cliente1
   - cliente2
all objects are in the root of active directory
in the login form i use as name: domain\username (adone\agente1)
this is the part of load function related to login:
# Enable LDAP lookups for Agent logins. User must be a member of OTRS
Agents group.
    $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
    $Self->{'AuthModule::LDAP::Host'} = 'dcad101.adone.lan';
    $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=adone,dc=lan';
    $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
    $Self->{'AuthModule::LDAP::SearchUserDN'} =
'cn=otrs,cn=Users,dc=adone,dc=lan';
    $Self->{'AuthModule::LDAP::SearchUserPw'} = 'a12345++';
$Self->{'AuthModule::LDAP::AlwaysFilter'} = '';
    $Self->{'AuthModule::LDAP::GroupDN'} =
'cn=OTRSAgents,cn=Users,dc=adone,dc=lan';
    $Self->{'AuthModule::LDAP::AccessAttr'} = 'memberUid';
    $Self->{'AuthModule::LDAP::UserAttr'} = 'UID';
# Enable LDAP lookups of Agent account informations and default roles.
    $Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
    $Self->{'AuthSyncModule::LDAP::Host'} = 'dcad101.adone.lan';
    $Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=adone,dc=lan';
    $Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} =
'cn=otrs,cn=OTRSAgents,dc=adone,dc=lan';
    $Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'a12345++';
$Self->{'AuthSyncModule::LDAP::AlwaysFilter'} = '';
    $Self->{'AuthSyncModule::LDAP::GroupDN'} =
'cn=OTRSAgents,cn=Users,dc=adone,dc=lan';
    $Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'memberUid';
    $Self->{'AuthSyncModule::LDAP::UserAttr'} = 'UID';
    $Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
        UserFirstname => 'givenName',
        UserLastname  => 'sn',
        UserEmail     => 'mail',
    };
    $Self->{'AuthSyncModule::LDAP::UserSyncRolesDefinition'} = {
        'cn=OTRSAgents,cn=Users,dc=adone,dc=lan' => {
            'Company Agents' => 1,
        },
        'cn=Domain Admins,cn=Users,dc=adone,dc=lan' => {
            'Tech Support Agents' => 1,
        }
    };
# Enable LDAP lookups for Customer logins.
    $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
    $Self->{'Customer::AuthModule::LDAP::Host'} = 'dcad101.adone.lan';
    $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=adone,dc=lan';
    $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} =
'cn=otrs,cn=OTRSCustomers,dc=adone,dc=lan';
    $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'a12345++';
$Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '';
    $Self->{'Customer::AuthModule::LDAP::GroupDN'} =
'cn=OTRSCustomers,dc=adone,dc=lan';
    $Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'memberUid';
    $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID';
# Enable LDAP lookups for Customer account information.
    $Self->{CustomerUser} = {
      Module => 'Kernel::System::CustomerUser::LDAP',
      Params => {
        Host => 'dcad101.adone.lan',
        BaseDN => 'dc=adone,dc=lan',
        SSCOPE => 'sub',
        UserDN => 'cn=otrs,cn=Users,dc=adone,dc=lan',
        UserPw => 'a12345++',
        #AlwaysFilter => '(objectclass=user)',
AlwaysFilter => '',
        GroupDN => 'cn=OTRSCustomers,dc=adone,dc=lan',
        AccessAttr => 'memberUid',
        UserAttr => 'UID',
      },
      CustomerKey => 'sAMAccountName',
      CustomerID => '[customer_id]',
      CustomerUserListFields => ['sAMAccountName', 'sn', 'givenname',
'company',  'mail'],
      CustomerUserSearchFields => ['sAMAccountName', 'sn', 'givenname',
'company', 'mail'],
      CustomerUserPostMasterSearchFields => ['mail'],
      CustomerUserNameFields => ['givenname', 'sn'],
      CustomerUserValidFilter => '(company=*)',
      Map => [
        [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
        [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
        [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
        [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
        [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
        [ 'UserCustomerID', 'CustomerID', 'company', 0, 1, 'var' ],
        [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
        [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
        [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
      ],
    };