Hi,

 

givanName, sn and mail are valid fields on LDAP(AD).

 

According my configuration, I’ve posted below, and compared with many other examples I can’t see a reason why it is not synchronizing. I’ve seen some people saying it worked from them in a previous version but when they upgraded it stopped to work.

I was wondering if it a bug on version 2.3.4 and if anyone experienced the same problem.

 

Thanks

 

Fernando

 

From: Leong Tat Lee [mailto:leongtat3110@hotmail.com]
Sent: 08 July 2009 04:38
To: otrs@otrs.org; Fernando Frediani (Qube)
Subject: RE: [otrs] LDAP(AD) + UserSyncLDAPMap

 

 

Date: Tue, 7 Jul 2009 16:13:44 +0100
From: fernando.frediani@qubenet.co.uk
To: otrs@otrs.org
Subject: [otrs] LDAP(AD) + UserSyncLDAPMap


Hi fernando,

I have encounter this error before “Panic! No UserData”.

For your information if you were to use ldap to authenticate your user, you need to get them sync to the local database before they can login to the agent site.


Below error i suspect it was the synchronisation issue. Try to browse to your ldap and check out on the field below such as givenName, sn, and mail.


It will not work if one of the field i mention above is not preset at LDAP. As the sync process needed the info to create the authenticate user at the local DB.


Hope this help.


Thanks.

Guys,

 

I’ve trying to configure my OTRS (version 2.3.4) to authenticate Agents against a LDAP server (Active Directory actually)

 

It works fine for users which were already registered at the DB before the LDAP config. It authenticates correctly only the users that belong to the OTRS_agents group and also set their permissions and groups depending if they belong to OTRS_agents.

 

Problem I have is that If it is a new user created on AD it doesn’t authenticate and get the famous message “Panic! No UserData”. I have already tried to change some specific settings but it never does correct.

I will put right below the settings I am not sure of and further below my full config with regards LDAP Authentication. Can someone give me a hand on it?

 

$Self->{UserSyncLDAPMap} = {

    UserFirstname => 'givenName',

    UserLastname => 'sn',

    UserEmail => 'mail',

  };

 

Not sure if for version 2.3.4 the correct is “UserFirstname” or simply “Firstname” and the same for the others

 

$Self->{UserSyncLDAPGroups} = [

       'users',

  ];

 

Is the “users” there the table at the DB where the data is being synced TO or the group on my AD where the data should be pulled out ?

 

$Self->{'AuthModule::LDAP::GroupDN'}= 'cn=OTRS_agents,ou=Groups,ou=COMPANY,dc=subdomain,dc=domain,dc=net';

  $Self->{'AuthModule::LDAP::AccessAttr'} = 'member';

  $Self->{'AuthModule::LDAP::UserAttr'} = 'DN';

 

Are the two last lines correct? “member” or “sAMAccountName” or “memberUid”

And “DN” if I am using Active Directory.

 

Below my full LDAP config:

 

Thanks in advance.

 

 

$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';

  $Self->{'AuthModule::LDAP::Host'} = 'hostname';

  $Self->{'AuthModule::LDAP::BaseDN'} = 'ou=COMPANY,dc=subdomain,dc=domain,dc=net';

  $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';

 

  $Self->{'AuthModule::LDAP::GroupDN'}= 'cn=OTRS_agents,ou=Groups,ou=COMPANY,dc=subdomain,dc=domain,dc=net';

  $Self->{'AuthModule::LDAP::AccessAttr'} = 'member';

  $Self->{'AuthModule::LDAP::UserAttr'} = 'DN';

 

  $Self->{'AuthModule::LDAP::SearchUserDN'} = 'bind-user;

  $Self->{'AuthModule::LDAP::SearchUserPw'} = '*************';

 

  $Self->{UserSyncLDAPMap} = {

    UserFirstname => 'givenName',

    UserLastname => 'sn',

    UserEmail => 'mail',

  };

 

  $Self->{UserSyncLDAPGroups} = [

       'users',

  ];

 

    # UserTable

    $Self->{DatabaseUserTable} = 'users';

    $Self->{DatabaseUserTableUserID} = 'id';

    $Self->{DatabaseUserTableUserPW} = 'pw';

    $Self->{DatabaseUserTableUser} = 'login';

 

 

  $Self->{'UserSyncLDAPGroupsDefinition'} = {

        'cn=OTRS_agents,ou=Groups,ou=COMPANY,dc=subdomain,dc=domain,dc=net' => {

            'users' => {

                rw => 1,

            },

            'faq' => {

                rw => 1,

            },

            'stats' => {

                rw => 1,

            },

        },

    };

 

   $Self->{'UserSyncLDAPRolesDefination'} = {

        # LDAP group

        'cn=OTRS_agents,ou=Groups,ou=COMPANY,dc=subdomain,dc=domain,dc=net' => {

            'users' => 1,

            'faq' => 1,

            'stats' => 1,

            },

    };

 

 

Qube Managed Services Limited:: The Engineer’s Choice for Co-Location, Internet Bandwidth, Design & Build, and Managed Servers

 

Qube Managed Services Limited :: Company Number 6215769 Registered in England and Wales :: VAT Registration No: GB 933 8400 27 
This e-mail and the information it contains are confidential. If you have received this e-mail in error please notify the sender immediately. You should not copy it for any purpose, or disclose its contents to any other person .

P Please consider the environment - do you really need to print this email?

 





 

 

Lauren found her dream laptop. Find the PC that’s right for you.