Michael,
Sorry, I'm working from an Ubuntu box, so I'm not sure how you'd do it with ActivePerl on a Windows Server.
Logging in to OTRS via the browser interface, I just use <username> (not <domain\username> or <
username@domain>), though I haven't tried the others to see if they work, also.
Robert
On 9/24/07, Edward Kovarski <
edward.kovarski@groupkae.com> wrote:
Haven't used ActivePerl for a while but try this from a command prompt,
ppm install Net::LDAP
Ed
On 24-Sep-07, at 3:37 PM, Michael Holland wrote:
> This is actually on a Windows Server 2003 box. Any thoughts on how to
> install NET::LDAP on a Windows box? I'm sorry, I'm not a PERL
> expert at
> all.
>
> Thanks.
>
> -----Original Message-----
> From: otrs-bounces@otrs.org [mailto:
otrs-bounces@otrs.org] On
> Behalf Of
> Edward Kovarski
> Sent: Monday, September 24, 2007 2:28 PM
> To: User questions and discussions about OTRS.org
> Subject: Re: [otrs] Re: LDAP Authentication using Microsoft
> ActiveDirectoryserver
>
> Mike,
>
> For Unix, as per http://doc.otrs.org/2.2/en/html/x354.html, you would
> need Net::LDAP. To install the module via CPAN, you'd type in:
>
> perl -MCPAN -e 'install Net::LDAP'
>
> or, alternatively some Unices allow:
>
> cpan Net::LDAP
>
> To answer your second question, you'd login via "username" or
> specifically the sAMAccountName LDAP attribute in Active Directory.
>
> Ed
>
> On 24-Sep-07, at 2:57 PM, Michael Holland wrote:
>
>> Robert and or anyone that can assist. 2 quick questions...
>>
>>
>>
>> Do you have any instructions on how to install the correct PERL
>> Ldap modules?
>> When you login to OTRS do you use the username or domain\username?
>>
>>
>>
>>
>> Thanks for any help offered. I have been chasing this issue for
>> well over a month.
>>
>>
>>
>> Mike Holland
>>
>>
>>
>> From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On
>> Behalf Of Robert Aldridge
>> Sent: Monday, September 24, 2007 11:43 AM
>> To: User questions and discussions about OTRS.org
>> Subject: Re: [otrs] Re: LDAP Authentication using Microsoft Active
>> Directoryserver
>>
>>
>>
>> Edward,
>>
>> Thanks for the suggestion. I copied your configuration and now
>> have both agents and customers successfully logging in with
>> authentication against our AD server.
>>
>> Thanks!!!
>>
>> Robert
>>
>> On 9/24/07, Edward Kovarski <edward.kovarski@groupkae.com> wrote:
>>
>>
>> Robert,
>>
>> I would suggest trying to simplify the configurations by removing the
>> AlwaysFilter and specifying the root of your Active Directory as the
>> BaseDN. Once it authenticates properly you can start customizing and
>> narrowing the BaseDN scope.
>>
>> Here is an excerpt from Config.pm which I just tested on our dev
>> environment as we don't use the customer interface in production. It
>> properly authenticated and pulled in all the proper values into
>> OTRS...
>>
>> # --- Customer ---
>> $Self->{'Customer::AuthModule'} =
>> 'Kernel::System::CustomerAuth::LDAP';
>> $Self->{'Customer::AuthModule::LDAP::Host'} = '
>> ad.groupkae.com';
>> $Self->{'Customer::AuthModule::LDAP::BaseDN'} =
>> 'ou=Customer,dc=ad,dc=groupkae,dc=com';
>> $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
>> $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} =
>> 'ldap@ad.groupkae.com';
>> $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} =
>> 'password';
>>
>> $Self->{CustomerUser} = {
>> Module => 'Kernel::System::CustomerUser::LDAP',
>> Params => {
>> Host => 'ad.groupkae.com',
>> BaseDN => 'ou=Customer,dc=ad,dc=groupkae,dc=com',
>> SSCOPE => 'sub',
>> UserDN =>'ldap@ad.groupkae.com',
>> UserPw => 'password',
>> },
>>
>> CustomerKey => 'sAMAccountName',
>> CustomerID => 'mail',
>> CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
>> CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
>> CustomerUserSearchPrefix => '',
>> CustomerUserSearchSuffix => '*',
>> CustomerUserSearchListLimit => 250,
>> CustomerUserPostMasterSearchFields => ['mail'],
>> CustomerUserNameFields => ['givenname', 'sn'],
>> Map => [
>> [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
>> [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
>> [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
>> [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
>> [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
>> [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
>> ],
>> };
>>
>> On 24-Sep-07, at 10:42 AM, Robert Aldridge wrote:
>>
>>> Thanks for the suggestion, Edward. Changing the SearchUserDN to
>>> <username>@<domain> continues to work for the agent login. I still
>>> haven't been able to get the customer login working. Any hints?
>>> Here's my current LDAP portion of Config.pm:
>>>
>>> $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
>>> $Self->{'AuthModule::LDAP::Host'} = ' ldapserver.domain.com ';
>>> $Self->{'AuthModule::LDAP::BaseDN'} = 'ou=Group of
>>> Users,dc=domain,dc=com';
>>> $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
>>> $Self->{'AuthModule::LDAP::SearchUserDN'} = '
OTRS@domain.com';
>>> $Self->{'AuthModule::LDAP::SearchUserPw'} = '********';
>>>
>>> $Self->{'Customer::AuthModule'} =
>>> 'Kernel::System::CustomerAuth::LDAP';
>>> $Self->{'Customer::AuthModule::LDAP::Host'} = '
>>> ldapserver.domain.com';
>>> $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=Group of
>>> Users,dc=domain,dc=com';
>>> $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
>>> $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = '
>>> OTRS@domain.com';
>>> $Self->{'Customer::AuthModule::LDAP::SearchUserPW'} =
>> '********';
>>>
>>> $Self->{CustomerUser} = {
>>> Module => 'Kernel::System::CustomerUser::LDAP',
>>> Params => {
>>> Host => ' ldapserver.domain.com
',
>>> BaseDN => 'ou=Group of Users,dc=domain,dc=com',
>>> SSCOPE => 'sub',
>>> AlwaysFilter => '(&(sAMAccountName=*)(mail=*))',
>>> UserDN => 'OTRS@domain.com',
>>> UserPW => '********',
>>> },
>>> CustomerKey => 'sAMAccountName',
>>> CustomerID => 'mail',
>>> CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
>>> CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
>>> CustomerUserPostMasterSearchFields => ['mail'],
>>> CustomerUserNameFields => ['givenname', 'sn'],
>>> Map => [
>>> # note: Login, Email and CustomerID needed!
>>> # var, frontend, storage, shown, required, storage-type
>>> # [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
>>> [ 'UserFirstName', 'Firstname', 'givenname', 1, 1, 'var' ],
>>> [ 'UserLastName', 'Lastname', 'sn', 1, 1, 'var' ],
>>> [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
>>> [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
>>> [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
>>> ],
>>> };
>>>
>>> # UserSyncLDAPMap
>>> # (map if agent should create/synced from LDAP to DB after
>> login)
>>> $Self->{UserSyncLDAPMap} = {
>>> # DB -> LDAP
>>> Firstname => 'givenName',
>>> Lastname => 'sn',
>>> Email => 'mail',
>>> };
>>>
>>> # UserSyncLDAPGroups
>>> # (If "LDAP" was selected for AuthModule, you can specify
>> initial
>>> # user groups for first login.)
>>> $Self->{UserSyncLDAPGroups} = [
>>> 'users',
>>> ];
>>>
>>>
>>>
>>>
>>> On 9/21/07, Edward Kovarski <
edward.kovarski@groupkae.com> wrote:
>>> Robert,
>>>
>>> You may also try <username>@<domain> which is the new Microsoft
>> style
>>> for specifying users within domains. This is what we use in
>>> configuration...
>>>
>>> Ed
>>>
>>> On 21-Sep-07, at 2:48 PM, Robert Aldridge wrote:
>>>
>>>> Finally got it working...
>>>>
>>>> I changed every entry of:
>>>>
>>>> 'cn=OTRS Admin,ou=Tuscaloosa - Sheet Mill,dc=tsteel,dc=com';
>>>>
>>>> to:
>>>>
>>>> 'tsteel\OTRS'
>>>>
>>>> and, to pull user data to the local DB, I added:
>>>>
>>>> # UserSyncLDAPMap
>>>> # (map if agent should create/synced from LDAP to DB after
>>> login)
>>>> $Self->{UserSyncLDAPMap} = {
>>>> # DB -> LDAP
>>>> Firstname => 'givenName',
>>>> Lastname => 'sn',
>>>> Email => 'mail',
>>>> };
>>>>
>>>> # UserSyncLDAPGroups
>>>> # (If "LDAP" was selected for AuthModule, you can specify
>>> initial
>>>> # user groups for first login.)
>>>> $Self->{UserSyncLDAPGroups} = [
>>>> 'users',
>>>> ];
>>>>
>>>>
>>>> Perhaps this will help someone else who's trying to set OTRS up
>>>> with Microsoft Active Directory.
>>>>
>>>> Thanks,
>>>>
>>>> Robert Aldridge
>>>>
>>>>
>>>>
>>>> On 9/21/07, Robert Aldridge < bamarob55@gmail.com> wrote: Hi
>> folks,
>>>>
>>>> First let me say that OTRS appears to be a great product!
>> Kudos to
>>>> the developers!
>>>>
>>>> We are in the process of evaluating our options for a helpdesk/
>>>> trouble-ticket system. I would really like to give OTRS a good
>>>> evaluation, but I'm having some problems. Our chosen solution
>> must
>>>> be able to authenticate users (both agents and customers) via
>>>> Microsoft Active Directory. It appears that this is possible, but
>>>> I've yet to have any success. I'll outline the steps I've taken
>>>> and solicit any input from the community.
>>>>
>>>> OTRS is working fine when authenticating against it's own
>>>> database. Here's what I've done to try to authenticate against
>> AD:
>>>>
>>>> I edited Kernel/Config.pm and added:
>>>>
>>>> <begin additions to Config.pm>
>>>>
>>>> $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
>>>> $Self->{'AuthModule::LDAP::Host'} = ' lincoln.tsteel.com';
>>>> $Self->{'AuthModule::LDAP::BaseDN'} = 'ou=Tuscaloosa - Sheet
>>>> Mill,dc=tsteel,dc=com';
>>>> $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
>>>> $Self->{'AuthModule::LDAP::SearchUserDN'} = 'cn=OTRS
>>>> Admin,ou=Tuscaloosa - Sheet Mill,dc=tsteel,dc=com';
>>>> $Self->{'AuthModule::LDAP::SearchUserPw'} = 'password';
>>>>
>>>> $Self->{'Customer::AuthModule'} =
>>>> 'Kernel::System::CustomerAuth::LDAP';
>>>> $Self->{'Customer::AuthModule::LDAP::Host'} = '
>>>> lincoln.tsteel.com
';
>>>> $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=Tuscaloosa
>>>> - Sheet Mill,dc=tsteel,dc=com';
>>>> $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
>>>> $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=OTRS
>>>> Admin,ou=Tuscaloosa - Sheet Mill,dc=tsteel,dc=com';
>>>> $Self->{'Customer::AuthModule::LDAP::SearchUserPW'} =
>>> 'password';
>>>>
>>>> $Self->{CustomerUser} = {
>>>> Module => 'Kernel::System::CustomerUser::LDAP',
>>>> Params => {
>>>> Host => ' lincoln.tsteel.com ',
>>>> BaseDN => 'ou=Tuscaloosa - Sheet Mill,dc=tsteel,dc=com',
>>>> SSCOPE => 'sub',
>>>> UserDN => 'cn=OTRS Admin,ou=Tuscaloosa - Sheet
>>>> Mill,dc=tsteel,dc=com',
>>>> UserPW => 'password',
>>>> },
>>>> CustomerKey => 'sAMAccountName',
>>>> CustomerID => 'mail',
>>>> CustomerUserListFields => 'sAMAccountName', 'cn', 'mail',
>>>> CustomerUserSearchFields => 'sAMAccountName', 'cn', 'mail',
>>>> CustomerUserPostMasterSearchFields => 'mail',
>>>> CustomerUserNameFields => 'givenname', 'sn',
>>>> Map => [
>>>> [ 'UserFirstName', 'Firstname', 'givenname', 1, 1, 'var' ],
>>>> [ 'UserLastName', 'Lastname', 'sn', 1, 1, 'var' ],
>>>> [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
>>>> [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
>>>> [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
>>>> ],
>>>> };
>>>>
>>>> <end additions to Config.pm>
>>>>
>>>>
>>>> On my AD box, I ran: ldifde -f
users.ldf -d "OU=Tuscaloosa - Sheet
>>>> Mill,dc=tsteel,dc=com" -r "<objectClass=user>"
>>>>
>>>> Which returned a listing of all users in the Tuscaloosa - Sheet
>>>> Mill org unit. Within the users.ldf file (output from the above
>>>> command), there's an entry for OTRS Admin:
>>>>
>>>> <begin snippet from users.ldf
>
>>>>
>>>> dn: CN=OTRS,OU=Tuscaloosa - Sheet Mill,DC=tsteel,DC=com
>>>> changetype: add
>>>> objectClass: top
>>>> objectClass: person
>>>> objectClass: organizationalPerson
>>>> objectClass: user
>>>> cn: OTRS
>>>> sn: Admin
>>>> givenName: OTRS
>>>> distinguishedName: CN=OTRS,OU=Tuscaloosa - Sheet
>>>> Mill,DC=tsteel,DC=com
>>>> instanceType: 4
>>>> whenCreated: 20070920125829.0Z
>>>> whenChanged: 20070921135825.0Z
>>>> displayName: OTRS
>>>> uSNCreated: 8512826
>>>> uSNChanged: 8549454
>>>> name: OTRS
>>>> objectGUID:: po7FpWyIxEWWQeiUc9XMwA==
>>>> userAccountControl: 66048
>>>> badPwdCount: 0
>>>> codePage: 0
>>>> countryCode: 0
>>>> badPasswordTime: 128347689772801250
>>>> lastLogoff: 0
>>>> lastLogon: 128347693211238750
>>>> pwdLastSet: 128347667099207500
>>>> primaryGroupID: 513
>>>> objectSid:: AQUAAAAAAAUVAAAApR5XA/l+DSsgfDsl4xwAAA==
>>>> accountExpires: 9223372036854775807
>>>> logonCount: 0
>>>> sAMAccountName: OTRS
>>>> sAMAccountType: 805306368
>>>> userPrincipalName: OTRS@tsteel.com
>>>> objectCategory:
>>>> CN=Person,CN=Schema,CN=Configuration,DC=tsteel,DC=com
>>>> dSCorePropagationData: 20070921135825.0Z
>>>> dSCorePropagationData:
20070921135825.0Z
>>>> dSCorePropagationData: 20070921135825.0Z
>>>> dSCorePropagationData: 20070921131751.0Z
>>>> dSCorePropagationData: 16010108151056.0Z
>>>> lastLogonTimestamp: 128347680934676250
>>>>
>>>>
>>>> <end snippet from users.ldf>
>>>>
>>>>
>>>> With this configuration, when I attempt to login as an agent using
>>>> my username (which I know is valid in AD), it errors out with:
>>>>
>>>> Login failed! Your username or password was entered incorrectly.
>>>>
>>>> And, when I revert the
Config.pm back (so I can log in) and check
>>>> the system log, I see:
>>>>
>>>> User: raldridge authentication failed, no LDAP entry found!
>>>> BaseDN='ou=Tuscaloosa - Sheet Mill,dc=tsteel,dc=com',
>>>> Filter='(sAMAccountName=raldridge)', (REMOTE_ADDR: 10.1.1.50).
>>>>
>>>> Any help would be greatly appreciated.
>>>>
>>>> Thanks,
>>>>
>>>> Robert Aldridge
>>>>
>>>> _______________________________________________
>>>> OTRS mailing list: otrs - Webpage:
http://otrs.org/
>>>> Archive: http://lists.otrs.org/pipermail/otrs
>>>> To unsubscribe:
http://lists.otrs.org/cgi-bin/listinfo/otrs
>>>> Support or consulting for your OTRS system?
>>>> => http://www.otrs.com/
>>>
>>>
>>> _______________________________________________
>>> OTRS mailing list: otrs - Webpage: http://otrs.org/
>>> Archive:
http://lists.otrs.org/pipermail/otrs
>>> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
>>> Support or consulting for your OTRS system?
>>> => http://www.otrs.com/
>>
>> _______________________________________________
>> OTRS mailing list: otrs - Webpage:
http://otrs.org/
>> Archive: http://lists.otrs.org/pipermail/otrs
>> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
>> Support or consulting for your OTRS system?
>> => http://www.otrs.com/
>>
>>
>>
>> _______________________________________________
>> OTRS mailing list: otrs - Webpage: http://otrs.org/
>> Archive: http://lists.otrs.org/pipermail/otrs
>> To unsubscribe:
http://lists.otrs.org/cgi-bin/listinfo/otrs
>> Support or consulting for your OTRS system?
>> => http://www.otrs.com/
>
> _______________________________________________
> OTRS mailing list: otrs - Webpage: http://otrs.org/
> Archive:
http://lists.otrs.org/pipermail/otrs
> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
> Support or consulting for your OTRS system?
> =http://www.otrs.com/
> _______________________________________________
> OTRS mailing list: otrs - Webpage: http://otrs.org/
> Archive:
http://lists.otrs.org/pipermail/otrs
> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
> Support or consulting for your OTRS system?
> => http://www.otrs.com/
_______________________________________________
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive:
http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support or consulting for your OTRS system?
=> http://www.otrs.com/