Re: [otrs] Active Directory and 2.4.3 issues

25 Aug 2009


      Is there even a way for the Agent to authenticate over LDAP anymore?  It
looks like it has been taken out.  I've been going through SysConfig and
can't find anything on it.  Anything I also try to throw at it by manually
editing Config.pm leaves the system broken.  I've also uninstalled and
reinstalled a few times now.

Justin

On Tue, Aug 25, 2009 at 12:18 PM,  wrote:
...
Hi,
same problem here, but only with one of 200:
I have tested it, with case-sensitive typed
username, it works - but no problem with
case-sensitive for all the others...
Günther
-------- Original-Nachricht --------
...
Datum: Tue, 25 Aug 2009 12:12:17 -0400
Von: Justin Holt 
An: otrs@otrs.org
Betreff: [otrs] Active Directory and 2.4.3 issues
...
I finally went to make the jump to 2.4.3 from 2.3.4 and am having a bit
of
an issue.  Customers still authenticate against our Active Directory
Server
just fine, but when an agent tries to authenticate, it all blows up.
"Panic, user authenticated but no user data can be found in OTRS DB!!
Perhaps the user is invalid."
Here is the whole LDAP configuration part from my config.pm that I just
copied and pasted out of the config.pm for 2.3.4.  I have seen that
there
are others with this same issue but there have been no responses.  This
is
all running on a windows 2003 server with a regurlar install of OTRS.
 Any
Ideas?
#-----------------------Customer
Data------------------------------------------------
#Enable LDAP authentication for Customers / Users
  $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
  $Self->{'Customer::AuthModule::LDAP::Host'} = 'vdp-dc-003';
  $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=ci, dc=vernon,
dc=ct,
dc=us';
  $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
  $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrs_ldap';
  $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = '1qaz2wsx';
#CustomerUser
#(customer user database backend and settings)
    $Self->{CustomerUser} = {
      Module => 'Kernel::System::CustomerUser::LDAP',
      Params => {
      Host => 'vdp-dc-003',
      BaseDN => 'dc=ci, dc=vernon, dc=ct, dc=us',
      SSCOPE => 'sub',
      UserDN =>'otrs_ldap',
      UserPw => '1qaz2wsx',
    },
# customer unique id
    CustomerKey => 'sAMAccountName',
    # customer #
    CustomerID => 'mail',
    CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserSearchPrefix => '',
    CustomerUserSearchSuffix => '*',
    CustomerUserSearchListLimit => 250,
    CustomerUserPostMasterSearchFields => ['mail'],
    CustomerUserNameFields => ['givenname', 'sn'],
    Map => [
      # note: Login, Email and CustomerID needed!
      # var, frontend, storage, shown, required, storage-type
      #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
      [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
      [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
      [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
      [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
      [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
      [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
      #[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
      #[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
    ],
  };
#  -------------------------End Customer
data-----------------------------
#------------------------------Agent
Data---------------------------------
#Enable LDAP authentication for Customers / Users
  $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
  $Self->{'AuthModule::LDAP::Host'} = 'vdp-dc-003';
  $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=ci, dc=vernon, dc=ct, dc=us';
  $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
  $Self->{'AuthModule::LDAP::SearchUserDN'} = 'otrs_ldap';
  $Self->{'AuthModule::LDAP::SearchUserPw'} = '1qaz2wsx';
# UserSyncLDAPMap
# (map if agent should create/synced from LDAP to DB after login)
    $Self->{UserSyncLDAPMap} = {
        # DB -> LDAP
        UserFirstname => 'givenName',
        UserLastname => 'sn',
        UserEmail => 'mail',
    };
# UserSyncLDAPGroups
# (If "LDAP" was selected="selected" for AuthModule, you can specify
# initial user groups for first login.)
    $Self->{UserSyncLDAPGroups} = [
        'users',
    ];
# UserTable
    $Self->{DatabaseUserTable} = 'users';
    $Self->{DatabaseUserTableUserID} = 'id';
    $Self->{DatabaseUserTableUserPW} = 'pw';
    $Self->{DatabaseUserTableUser} = 'login';
#Add the following lines when only users are allowed to login if they
reside
in the spicified security group
#Remove these lines if you want to provide login to all users specified
in
the User Base DN
  $Self->{'AuthModule::LDAP::GroupDN'}
='CN=otrs_ldap_allow_A,CN=Builtin,DC=ci,DC=vernon,DC=ct,DC=us';
  $Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
  $Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
#---------------------------End Agent
Data--------------------------------
--
GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT!
Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/