Re: [otrs] LDAP auth problem - Changed

12 Jul 2007

      Greg Horne írta:

Greg,

Thank you for the response. I double checked everything but I can't 
figure out what's the problem.
I reinstalled a new 2.2.1 with the default settings (mysql, utf8 and so 
one).
I followed the 2.2 documentation and pasted the required section into my 
Config.pm
Changed it as needed but the result is the same. Here is the relevant part.

  # This is an example configuration for an LDAP auth. backend.
    # (take care that Net::LDAP is installed!)

    $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
    $Self->{'AuthModule::LDAP::Host'} = 'localhost';
    $Self->{'AuthModule::LDAP::BaseDN'} = 
'ou=Staff,dc=office,dc=bluesystem,dc=hu';
    $Self->{'AuthModule::LDAP::UID'} = 'uid';
    $Self->{'AuthModule::LDAP::SearchUserDN'} = '';
    $Self->{'AuthModule::LDAP::SearchUserPw'} = '';
    $Self->{'AuthModule::LDAP::AlwaysFilter'} = '';
    $Self->{'AuthModule::LDAP::Params'} = {
        port => 389,
        timeout => 120,
        async => 0,
        version => 3,
    };
    $Self->{UserSyncLDAPMap} = {
        # DB -> LDAP
        Firstname => 'givenName',
        Lastname => 'sn',
        Email => 'mail',
    };
    $Self->{UserSyncLDAPGroups} = [
        'users',
    ];

    # UserTable
    $Self->{DatabaseUserTable} = 'system_user';
    $Self->{DatabaseUserTableUserID} = 'id';
    $Self->{DatabaseUserTableUserPW} = 'pw';
    $Self->{DatabaseUserTableUser} = 'login';

And the log.

[Thu Jul 12 14:10:42 2007][Notice][Kernel::System::Auth::LDAP::Auth] 
User: sfeher (uid=sfeher,ou=Staff,dc=office,dc=bluesystem,dc=hu) 
authentication ok (REMOTE_ADDR: 192.168.1.11).
[Thu Jul 12 14:10:42 2007][Notice][Kernel::System::User::GetUserData] 
Panic! No UserData for user: 'sfeher'!!!
[Thu Jul 12 14:10:42 2007][Error][Kernel::System::User::UserAdd][229] 
Need UserFirstname!
[Thu Jul 12 14:10:42 2007][Error][Kernel::System::Auth::LDAP::Auth][385] 
Can't create user 'sfeher' 
(uid=sfeher,ou=Staff,dc=office,dc=bluesystem,dc=hu) in RDBMS!
[Thu Jul 12 14:10:42 2007][Notice][Kernel::System::User::GetUserData] 
Panic! No UserData for user: 'sfeher'!!!

And the LDAP entry:

dn: uid=sfeher,ou=Staff,dc=office,dc=bluesystem,dc=hu
objectClass: posixAccount
objectClass: top
objectClass: inetOrgPerson
objectClass: shadowAccount
gidNumber: 65534
givenName: Sandor
sn: Feher
displayName: Sandor Feher
uid: sfeher
homeDirectory: /home/sfeher
loginShell: /bin/bash
shadowFlag: 0
shadowMin: 0
shadowMax: 99999
shadowWarning: 0
shadowInactive: 99999
shadowLastChange: 12011
shadowExpire: 99999
mail: sfeher@bluesystem.hu
cn: Sandor Feher
uidNumber: 17261
structuralObjectClass: inetOrgPerson
entryUUID: 2f008b44-c3da-102b-93cc-b53af2a69bad
creatorsName: cn=admin,dc=office,dc=bluesystem,dc=hu
createTimestamp: 20070711090933Z
userPassword:: e1NIQX03MnErRUswSUxBSVZsSUdjVVdKcmsxVEtQL2M9
entryCSN: 20070711091036Z#000000#00#000000
modifiersName: cn=admin,dc=office,dc=bluesystem,dc=hu
modifyTimestamp: 20070711091036Z

Regards., Sandor
...
Sándor,
Sorry its still early here (US), searched the web for UserSyncLDAPMap and
found that The DB line is normally commented out.  So would not think that
is you issue. I searched my 2.2 config and found that I do not have a
UserSyncLDAPMap in it.  When I did my 2.2 LDAP, I started from the default
Config.pm and worked my way through using the 2.2 HTML manual from the
website.
Again, in the past when I have seen the Panic statement I have found the
problem to be in the Map command.  Following is a cut and paste from mine.
        Map => [
            # note: Login, Email and CustomerID needed!
            # var, frontend, storage, shown (1=always,2=lite), required,
storage-type, http-link, readonly
            [ 'UserSalutation', 'Title',      'title',           1, 0,
'var', '', 0 ],
            [ 'UserFirstname',  'Firstname',  'givenname',       1, 1,
'var', '', 0 ],
            [ 'UserLastname',   'Lastname',   'sn',              1, 1,
'var', '', 0 ],
            [ 'UserLogin',      'Username',   'uid',             1, 1,
'var', '', 0 ],
            [ 'UserEmail',      'Email',      'mail',            1, 1,
'var', '', 0 ],
            [ 'UserCustomerID', 'CustomerID', 'confirm',            0, 1,
'var', '', 0 ],
#            [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1,
0, 'var', '', 0 ],
            [ 'UserPhone',      'Phone',      'telephonenumber', 1, 0,
'var', '', 0 ],
            [ 'UserAddress',    'Address',    'postaladdress',   1, 0,
'var', '', 0 ],
            [ 'UserComment',    'Comment',    'description',     1, 0,
'var', '', 0 ],
        ],
    };
If I recieved the message I would verify that in my example, givenname was
actually in LDAP and contained the first name of the user.  You may want to
post the entire LDAP section from your Config.pm with any usernames/password
changed.
Sorry everyone for the poor prior post, again its early here :)
Have Fun.
Greg Horne
geh
gehorne
-----Original Message-----
From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org]On Behalf Of
Sándor Fehér
Sent: Thursday, July 12, 2007 2:00 AM
To: User questions and discussions about OTRS.org
Subject: Re: [otrs] LDAP auth problem
Sándor Fehér írta:
Some additional info. I downgraded to 2.1.6 and it works fine with that.
Here is the relevant part of my Config.pm
# $DIBI$
    $Self->{'SystemID'} = 10;
    $Self->{'SecureMode'} = 1;
    $Self->{'Organization'} = 'Blue System ';
    $Self->{'LogModule::LogFile'} = '/opt/otrs/var/otrs.log';
    $Self->{'LogModule'} = 'Kernel::System::Log::SysLog';
    $Self->{'FQDN'} = 'mail.office.bluesystem.hu';
    $Self->{'DefaultLanguage'} = 'hu';
    $Self->{'DefaultCharset'} = 'iso-8859-2';
    $Self->{'AdminEmail'} = 'sfeher@bluesystem.hu';
    $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
    $Self->{'AuthModule::LDAP::Host'} = '192.168.1.9';
    $Self->{'AuthModule::LDAP::BaseDN'} =
'ou=Staff,dc=office,dc=bluesystem,dc=hu';
    $Self->{'AuthModule::LDAP::UID'} = 'uid';
    $Self->{'AuthModule::LDAP::UserAttr'} = 'uid';
    $Self->{'AuthModule::LDAP::Params'} = {
        port => 389,
        timeout => 120,
        async => 0,
        version => 3,
    };
$Self->{UserSyncLDAPMap} = {
                # DB -> LDAP
                Firstname => 'givenName',
                Lastname => 'sn',
                Email => 'mail',
       };
$Self->{UserSyncLDAPGroups} = [
                    'users',
          ];
$Self->{DatabaseUserTable} = 'system_user';
    $Self->{DatabaseUserTableUserID} = 'id';
    $Self->{DatabaseUserTableUserPW} = 'pw';
    $Self->{DatabaseUserTableUser} = 'login';
And the log I get.
[Thu Jul 12 07:55:28 2007][Notice][Kernel::System::Auth::LDAP::Auth]
User: sfeher (uid=sfeher,ou=St
[Thu Jul 12 07:55:28 2007][Notice][Kernel::System::User::GetUserData]
Panic! No UserData for user:
[Thu Jul 12 07:55:28 2007][Error][Kernel::System::User::UserAdd][229]
Need UserFirstname!
[Thu Jul 12 07:55:28 2007][Error][Kernel::System::Auth::LDAP::Auth][385]
Can't create user 'sfeher'
[Thu Jul 12 07:55:28 2007][Notice][Kernel::System::User::GetUserData]
Panic! No UserData for user:
Regards., Sandor
...
Hi,
I had a well working otrs config so far with the following parts:
- Apache 2.2.3 with mod_perl
- OTRS 2.1.6
- Oracle 10.2.0.1
- Openldap 2.3.35
The authetication worked perfectly from LDAP. Today I decided to build
a new config with otrs 2.2.1.
I backed up my Config.pm and installed a new otrs 2.2.1. Ran the
oracle database scripts as well.
Everything is fine except the authentication (I can log in with
root@localhost).
The result is the same either I use mysql backend.
Thank you in advance.
Regards., Sandor
ERROR: OTRS-CGI-10 Perl: 5.8.8 OS: linux Time: Wed Jul 11 11:10:39 2007
Message: Can't create user 'sfeher'
(uid=sfeher,ou=Staff,dc=office,dc=bluesystem,dc=hu) in RDBMS!
Traceback (8276):
  Module: Kernel::System::Auth::LDAP::Auth (v1.37) Line: 385
  Module: Kernel::System::Auth::Auth (v1.23) Line: 120
  Module: Kernel::System::Web::InterfaceAgent::Run (v1.22) Line: 192
  Module:
ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_index_2epl::handler
...
(v) Line: 4
  Module: (eval) (v1.81) Line: 203
  Module: ModPerl::RegistryCooker::run (v1.81) Line: 203
  Module: ModPerl::RegistryCooker::default_handler (v1.81) Line: 169
  Module: ModPerl::Registry::handler (v1.99) Line: 30
--
Üdvözlettel, Fehér Sándor
...Fehér Sándor...            ---    ....Sandor Feher....
 fejlesztési vezető           ---     development manager
 Blue System Kft.             ---      Blue System Ltd.
mailto:sfeher@bluesystem.hu  http://www.bluesystem.hu
                    [ - real men don't click - ]
_______________________________________________
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support or consulting for your OTRS system?
=> http://www.otrs.com/
_______________________________________________
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support or consulting for your OTRS system?
=> http://www.otrs.com/
_______________________________________________
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support or consulting for your OTRS system?
=> http://www.otrs.com/
-- 
Üdvözlettel, Fehér Sándor

...Fehér Sándor...            ---    ....Sandor Feher.... 
 fejlesztési vezető           ---     development manager
 Blue System Kft.             ---      Blue System Ltd.

        mailto:sfeher@bluesystem.hu  http://www.bluesystem.hu
                    [ - real men don't click - ]