[otrs] problems with LDAP

10 Jul 2009

      HI!

We are testing the OTRS in our company, but i'm having some problems with
the autentication in LDAP.
I configurate my config.pm based on the example of this page:
http://www.mail-archive.com/otrs@otrs.org/msg25382.html
BUT when i try to connect, i get the follow error:
Software error:

Can't connect to exampleCompany.com.br: IO::Socket::INET: connect:
Connection refused at /opt/otrs//Kernel/System/CustomerUser/LDAP.pm
line 124.

 For help, please send mail to the webmaster (webmaster@localhost), giving
this error message and the time and date of the error.

And this is my config.pm.
Because it's needed a user that has the permission to query the LDAP
directory, i put the user otrs_ldap in Builtin OU.
And Create 2 groups:
otrs_allow_C - for the clients
and otrs_allow_A for the agents
I put myself in this 2 groups, but i got the error when i try to connect.

Someone could help me?

Best Regards

Marcus Vinicius

package Kernel::Config;

sub Load {
    my $Self = shift;
    # ---------------------------------------------------- #
    # ---------------------------------------------------- #
    #                                                      #
    #         Start of your own config options!!!          #
    #                                                      #
    # ---------------------------------------------------- #
    # ---------------------------------------------------- #

    # ---------------------------------------------------- #
    # database settings                                    #
    # ---------------------------------------------------- #
    # DatabaseHost
    # (The database host.)
    $Self->{DatabaseHost} = 'localhost';
    # Database
    # (The database name.)
    $Self->{Database} = 'otrs';
    # DatabaseUser
    # (The database user.)
    $Self->{DatabaseUser} = 'otrs';
    # DatabasePw
    # (The password of database user. You also can use bin/CryptPassword.pl
    # for crypted passwords.)
    $Self->{DatabasePw} = '123123';
    # DatabaseDSN
    # (The database DSN for MySQL ==> more: "man DBD::mysql")
  # $Self->{DatabaseDSN} =
"DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost};";

    # (The database DSN for PostgreSQL ==> more: "man DBD::Pg")
    # if you want to use a local socket connection
#    $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};";
    # if you want to use a tcpip connection
    $Self->{DatabaseDSN} =
"DBI:Pg:dbname=$Self->{Database};host=$Self->{DatabaseHost};";

    # ---------------------------------------------------- #
    # fs root directory
    # ---------------------------------------------------- #
    $Self->{Home} = '/opt/otrs';

    # ---------------------------------------------------- #
    # insert your own config settings "here"               #
    # config settings taken from Kernel/Config/Defaults.pm #
    # ---------------------------------------------------- #
    # $Self->{SessionUseCookie} = 0;
    # $Self->{CheckMXRecord} = 0;

    # ---------------------------------------------------- #

    # ---------------------------------------------------- #
    # data inserted by installer                           #
    # ---------------------------------------------------- #
    # $DIBI$

############## Start of Config.pm  ################

    #we want to use LDAP for Auth#
    $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
    $Self->{'AuthModule::LDAP::Host'} = 'examplecompany.com.br';
    $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=examplecompany,dc=com,dc=br';
    $Self->{'AuthModule::LDAP::UID'} = 'uid';

    #The username and password of the user you setup to access LDAP
information in AD#
    $Self->{'AuthModule::LDAP::SearchUserDN'} =
'CN=otrs_ldap,CN=Users,DC=examplecompany,DC=com,DC=br';
    $Self->{'AuthModule::LDAP::SearchUserPw'} = '12345678';

    #We want our Customer/users to Auth using LDAP#
    $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';

    $Self->{'Customer::AuthModule::LDAP::Host'} = 'examplecompany.com.br';
    $Self->{'Customer::AuthModule::LDAP::BaseDN'} =
'CN=Users,DC=examplecompany,DC=com,DC=br';
    $Self->{'Customer::AuthModule::LDAP::UID'} = 'uid';
    $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} =
'CN=otrs_ldap,CN=Users,DC=examplecompany,DC=com,DC=br';
    $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = '12345678';

    $Self->{CustomerUser} = {
      Module => 'Kernel::System::CustomerUser::LDAP',
      Params => {
      Host => 'examplecompany.com.br',
      BaseDN => 'CN=Users,DC=examplecompany,DC=com,DC=br',
      SSCOPE => 'sub',
      UserDN =>'CN=otrs_ldap,CN=Users,DC=examplecompany,DC=com,DC=br',
      UserPw => '12345678',
    },
    CustomerKey => 'uid',
    CustomerID => 'userPrincipalName',
    CustomerUserListFields => ['displayName', 'userPrincipalName'],
    CustomerUserSearchFields => ['displayName', 'userPrincipalName'],
    CustomerUserPostMasterSearchFields => userPrincipalName,
    CustomerUserNameFields => ['givenName', 'sn'],

    #the following must map to valid fields in your AD
(givenname,sn,sAMAccountName,...)#
    Map => [
      [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
      [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
      [ 'UserLogin', 'Login', 'uid', 1, 1, 'var' ],
      [ 'UserEmail', 'Email', 'userPrincipalName', 1, 1, 'var' ],
      [ 'UserCustomerID', 'CustomerID', 'userPrincipalName', 0, 1, 'var' ],
    ],
  };

  #OK now lets have our agents use LDAP#
  $Self->{'AuthModule::LDAP::GroupDN'} =
'CN=otrs_allow_A,CN=Users,DC=examplecompany,DC=com,DC=br';
  $Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
  $Self->{'AuthModule::LDAP::UserAttr'} = 'DN';

  $Self->{'Customer::AuthModule::LDAP::GroupDN'} =
'CN=otrs_allow_C,CN=Users,DC=examplecompany,DC=com,DC=br';
  $Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
  $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN';

  # UserSyncLDAPMap#
  # (map if agent should create/synced from LDAP to DB after login must
match your AD)#
  $Self->{UserSyncLDAPMap} = {
  # DB -> LDAP#
     Firstname => 'givenName',
     Lastname => 'sn',
     Email => 'userPrincipalName',
  };

    # UserSyncLDAPGroups#
    # (If "LDAP" was selected for AuthModule, you can specify#
    # initial user groups for first login.)#
    $Self->{UserSyncLDAPGroups} = [
        'users',
    ];

#####################  End of Config.pm  ####################

    # ---------------------------------------------------- #
    # ---------------------------------------------------- #
    #                                                      #
    #           End of your own config options!!!          #
    #                                                      #
    # ---------------------------------------------------- #
    # ---------------------------------------------------- #
}

# ---------------------------------------------------- #
# needed system stuff (don't edit this)                #
# ---------------------------------------------------- #
use strict;
use warnings;

use vars qw(@ISA $VERSION);
use Kernel::Config::Defaults;
push (@ISA, 'Kernel::Config::Defaults');

use vars qw(@ISA $VERSION);
$VERSION = qw($Revision: 1.20 $)[1];

# -----------------------------------------------------#

1;

[otrs] problems with LDAP

Marcus Vinicius Barbato Gonzaga