Can some one have a look at this configuration please?
Regards,
./Ruben
From:
otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On Behalf Of Ruben
van Vloten
Sent: Tuesday, May 08, 2007 12:28 PM
To: otrs@otrs.org
Subject: [otrs] Can someone please helpwith this nightmare? Customer.pl
andActive DirectoryAuthentication problem
I
really hope someone can helpout here..
Trouble
with Authentication of Active directory in Customer.pl section
I
have tried almost any option I can think of to authenticate against Active
directory
What
works:
I
can authenticate against ldap in the agent section. This works. I use the
sAMAccount for authentication.
What
doesn’t work:
I
can’t authenticate against ldap in the customer section…
What
is going wrong??
By
using ethereal/wireshark I can see the ldap server is being used to in the
agent authentication. But in the customer section
I
see that although that ldap authenticates but doesn’t do a lookup for the
attempted login.
I
am trying to use the same details for the agent section and the customer Base DN
does this matter?
It should regardless do a lookup no?
Further
more I have create a local customer user named mike, and this user can still
authenticate.
Also
when I create a new user on customer.pl it does check the ldap and sees the
user exists when I use the sAMAccountName during registration.
Small
side question;
In
the agent ldap section we I need to make a mapping for name, lastname, email
for the mysql database.
I
am a little suppriced the customer section doesn’t have this option as such.
I
have posted my current config below,
Thanks
for helping out J
Ruben
# --------------------------------------------------- #
# authentication
settings
#
# (enable what you need, auth against otrs
db, #
# against LDAP directory, agains HTTP basic auth
#
# or against Radius
server)
#
# --------------------------------------------------- #
# This is the auth. module againt the otrs db
#
$Self->{'AuthModule'} = 'Kernel::System::Auth::DB';
#
$Self->{'AuthModule::DB::CryptType'} = 'crypt';
# (take care that Net::LDAP is installed!)
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = '172.30.2.3';
$Self->{'AuthModule::LDAP::BaseDN'} =
'ou=UserOffice,ou=COMPANYNAMEUsers,dc=nl,dc=COMPANYNAME,dc=local';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
#
# $Self->{'AuthModule::LDAP::GroupDN'} = '';
#
# $Self->{'AuthModule::LDAP::AccessAttr'} = '';
#
$Self->{'AuthModule::LDAP::UserAttr'} = 'UID';
#
$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'testuser';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'p@ssword';
$Self->{'AuthModule::LDAP::AlwaysFilter'} = '';
#
$Self->{'AuthModule::LDAP::UserSuffix'} = '@domain.com';
#
$Self->{'AuthModule::LDAP::UserLowerCase'} = 0;
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'AuthModule::LDAP::Params'} = {
port => 3268,
timeout => 120,
async => 0,
version => 3,
};
# UserSyncLDAPMap
# (map if agent should create/synced from LDAP to DB after login)
$Self->{UserSyncLDAPMap} = {
# DB -> LDAP
Firstname => 'givenName',
Lastname => 'sn',
Email => 'mail',
};
# --------------------------------------------------- #
# customer authentication
settings
#
# (enable what you need, auth against otrs db,
#
# against a LDAP directory, against HTTP
basic #
# authentication and against Radius
server) #
# --------------------------------------------------- #
# This is the auth. module againt the otrs db
#
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::DB';
#
$Self->{'Customer::AuthModule::DB::Table'} = 'customer_user';
#
$Self->{'Customer::AuthModule::DB::CustomerKey'} = 'login';
#
$Self->{'Customer::AuthModule::DB::CustomerPassword'} = 'pw';
#
$Self->{'Customer::AuthModule::DB::DSN'} =
"DBI:mysql:database=customerdb;host=customerdbhost";
#
$Self->{'Customer::AuthModule::DB::User'} = "some_user";
#
$Self->{'Customer::AuthModule::DB::Password'} = "some_password";
# This is an example configuration for an LDAP auth. backend.
# (take care that Net::LDAP is installed!)
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = '172.30.3.2';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} =
'ou=UserOffice,ou=COMPANYNAMEUsers,dc=nl,dc=COMPANYNAME,dc=local';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
#$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
# The following is valid but would only be necessary if the
# anonymous user do NOT have permission to read from the LDAP tree
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} =
'cn=testuser,ou=UserOffice,ou=COMPANYNAMEUsers,dc=nl,dc=COMPANYNAME,dc=local';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'p@ssword';
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter =>
'(objectclass=user)'
#
$Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '';
# in case you want to add a suffix to each customer login name, then
# you can use this option. e. g. user just want to use user but
# in your ldap directory exists user@domain.
#
$Self->{'Customer::AuthModule::LDAP::UserSuffix'} = '@domain.com';
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'Customer::AuthModule::LDAP::Params'} = {
port => 3268,
timeout => 120,
async => 0,
version => 3,
};
# This is example configuration to auth. agents against a radius server
#
$Self->{'Customer::AuthModule'} = 'Kernel::System::Auth::Radius';
#
$Self->{'Customer::AuthModule::Radius::Host'} = 'radiushost';
#
$Self->{'Customer::AuthModule::Radius::Password'} = 'radiussecret';
# --------------------------------------------------- #
#
#
# Start
of config
options!!!
#
#
CustomerUser
stuff
#
#
#
# --------------------------------------------------- #
#
# CustomerUser
#
# (customer user database backend and settings)
$Self->{CustomerUser} = {
Name => 'Database Backend',
Module => 'Kernel::System::CustomerUser::DB',
Params => {
#
# if you want to use an external database, add the
#
# required settings
##
DSN => 'DBI:odbc:yourdsn',
##
DSN => 'DBI:mysql:database=customerdb;host=customerdbhost',
##
User => '',
##
Password => '',
Table => 'customer_user',
},
#
# customer uniq id
CustomerKey => 'login',
# customer #
CustomerID => 'customer_id',
CustomerValid => 'valid_id',
CustomerUserListFields => ['first_name', 'last_name', 'email'],
#
CustomerUserListFields => ['login', 'first_name', 'last_name',
'customer_id', 'email'],
CustomerUserSearchFields => ['login', 'first_name', 'last_name',
'customer_id'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['email'],
CustomerUserNameFields => ['salutation', 'first_name', 'last_name'],
CustomerUserEmailUniqCheck => 1,
#
# show now own tickets in customer panel, CompanyTickets
#
CustomerUserExcludePrimaryCustomerID => 0,
#
# generate auto logins
AutoLoginCreation => 1,
# generate auto login prefix
AutoLoginCreationPrefix => 'auto',
#
# admin can change customer preferences
#
AdminSetPreferences => 1,
#
# just a read only source
#
ReadOnly => 1,
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown (1=always,2=lite), required, storage-type,
http-link, readonly
[ 'UserSalutation', 'Salutation', 'salutation', 1, 0, 'var', '', 0 ],
[ 'UserFirstname', 'Firstname', 'first_name', 1, 1, 'var',
'', 0 ],
[ 'UserLastname', 'Lastname', 'last_name',
1, 1, 'var', '', 0 ],
[ 'UserLogin', 'Username',
'login', 1, 1, 'var', '', 0 ],
[ 'UserPassword', 'Password',
'pw', 0, 0, 'var', '', 0
],
[ 'UserEmail',
'Email',
'email', 0, 1, 'var', '', 0 ],
[ 'UserEmail', 'Email',
'email', 1, 1,
'var',
'$Env{"CGIHandle"}?Action=AgentTicketCompose&ResponseID=1&TicketID=$Data{"TicketID"}&ArticleID=$Data{"ArticleID"}',
0 ],
[ 'UserCustomerID', 'CustomerID', 'customer_id', 0, 1, 'var', '', 0 ],
#
[ 'UserCustomerIDs', 'CustomerIDs', 'customer_ids', 1, 0, 'var', '', 0 ],
[ 'UserComment', 'Comment',
'comments', 1, 0, 'var', '', 0 ],
[ 'ValidID',
'Valid', 'valid_id', 0, 1, 'int', '',
0 ],
],
# default selections
Selections => {
#
UserSalutation => {
#
'Mr.' => 'Mr.',
#
'Mrs.' => 'Mrs.',
#
},
},
};
# CustomerUser
# (customer user ldap backend and settings)
$Self->{CustomerUser1} = {
Name => 'LDAP Backend',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
#
ldap host
Host => '172.30.2.3',
#
ldap base dn
BaseDN =>
'ou=UserTrading, ou=COMPANYNAMEUsers, dc=nl, dc=COMPANYNAME, dc=local',
#
search scope (one|sub)
SSCOPE => 'sub',
#
The following is valid but would only be necessary if the
#
anonymous user does NOT have permission to read from the LDAP tree
UserDN => 'cn=testuser, ou=UserOffice, ou=COMPANYNAMEUsers, dc=nl,
dc=COMPANYNAME, dc=local',
UserPw => 'p@ssword',
#
in case you want to add always one filter to each ldap query, use
#
this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter =>
'(objectclass=user)'
AlwaysFilter => '',
#
if your frontend is e. g. iso-8859-1 and the charset of your
#
ldap server is utf-8, use this options (if not, ignore it)
SourceCharset => 'utf-8',
DestCharset => 'iso-8859-1',
#
Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
Params => {
port => 3268,
timeout => 120,
async => 0,
version => 3,
},
},
#
customer uniq id
CustomerKey => 'sAMAccountName',
# customer #
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName','cn', 'mail'],
CustomerUserSearchFields => ['sAMAcountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
# show now own tickets in customer panel, CompanyTickets
#
CustomerUserExcludePrimaryCustomerID => 0,
#
# add a ldap filter for valid users (expert setting)
#
# CustomerUserValidFilter => '(!(description=gesperrt))',
#
# admin can't change customer preferences
#
AdminSetPreferences => 0,
Map => [
#
# note: Login, Email and CustomerID needed!
#
# var, frontend, storage, shown (1=always,2=lite), required, storage-type,
http-link, readonly
#
[ 'UserSalutation', 'Title',
'title', 1, 0,
'var', '', 0 ],
[ 'UserFirstname', 'Firstname',
'givenname', 1, 1, 'var', '', 0 ],
[ 'UserLastname', 'Lastname',
'sn',
1, 1, 'var', '', 0 ],
[ 'UserLogin', 'login',
'sAMAccountName', 1, 1, 'var', '', 0 ],
[ 'UserEmail',
'Email',
'mail', 1, 1,
'var', '', 0 ],
[ 'UserCustomerID', 'CustomerID',
'mail', 0, 1,
'var', '', 0 ],
#
[ 'UserPhone',
'Phone', 'telephonenumber', 1, 0, 'var', '', 0 ],
#
[ 'UserAddress', 'Address',
'postaladdress', 1, 0, 'var', '', 0 ],
#
[ 'UserComment', 'Comment',
'description', 1, 0, 'var', '', 0 ],
],
};