Tim,
How do you have your user’s logging
in?
When I go through and try to log myself
into OTRS with;
mpietersen
mpietersen@allstatefastener.local
ASFCORP\mpietersen
My bind isn’t working properly
according to my httpd log which is pumping out
ERROR: OTRS-CGI-10 Perl: 5.8.6 OS: linux
Time: Wed Nov 22 11:50:27 2006
Message: First bind failed! 80090308:
LdapErr: DSID-0C09030F, comment:
Traceback (24085):
Module:
Kernel::System::CustomerUser::LDAP::new (v1.29) Line: 71
Module:
Kernel::System::CustomerUser::new (v1.28) Line: 91
Module: Kernel::System::Ticket::new
(v1.229) Line: 121
Module:
Kernel::System::Web::InterfaceAgent::Run (v1.17) Line: 173
Module:
ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_inde
Module: (eval) (v1.81) Line: 203
Module: ModPerl::RegistryCooker::run
(v1.81) Line: 203
Module:
ModPerl::RegistryCooker::default_handler (v1.81) Line: 169
Module: ModPerl::Registry::handler
(v1.99) Line: 30
ERROR: OTRS-CGI-10 Perl: 5.8.6 OS: linux
Time: Wed Nov 22 11:50:36 2006
Message: First bind failed! 80090308:
LdapErr: DSID-0C09030F, comment:
Traceback (24086):
Module:
Kernel::System::CustomerUser::LDAP::new (v1.29) Line: 71
Module:
Kernel::System::CustomerUser::new (v1.28) Line: 91
Module: Kernel::System::Ticket::new
(v1.229) Line: 121
Module:
Kernel::System::Web::InterfaceAgent::Run (v1.17) Line: 173
Module:
ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_inde
Module: (eval) (v1.81) Line: 203
Module: ModPerl::RegistryCooker::run
(v1.81) Line: 203
Module: ModPerl::RegistryCooker::default_handler
(v1.81) Line: 169
Module: ModPerl::Registry::handler
(v1.99) Line: 30
Every time I try and log in.
Have you experienced any problems when
implementing your AD auth?
BTW, it’s running on FC4
Thanks,
IT (586) 498-1388
From:
otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On Behalf Of Miller, Tim
Sent: Wednesday, November 22, 2006
9:44 AM
To: User questions and discussions
about OTRS.org
Subject: RE: [otrs] LDAP
Authentication
I am no expert in giving
a step by step, but here is a copy of my config.pm file which is working
for customer LDAP auth via my Windows AD domain... hope it helps:
As always, make a backup
copy of the original Config.pm file before you start modifying....
I created a user account
in AD called "otrs ldap" and use that account to authenticate the
LDAP query from otrs. Windows AD will not allow anonymous lookups so this
is a necessary step...
# This is an
example configuration for an LDAP auth. backend.
# (take care that Net::LDAP is installed!)
$Self->{'Customer::AuthModule'} =
'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} =
'10.xxx.xxx.xx';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=domain,dc=local';
$Self->{'Customer::AuthModule::LDAP::UID'} =
'sAMAccountName';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} =
'CN=otrs ldap,OU=Users,DC=domain,DC=local';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} =
'password';
The section below is for
the customer lookups via the Phone Ticket/Email Ticket screen to add a new
ticket for a customer. It allows the agent type a piece of the customer
info and search AD for the user... The system must be able to verify the
customer in AD before it will let you enter a ticket.
# (customer user ldap
backend and settings)
$Self->{CustomerUser1} = {
Name =>'LDAP Backend',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
# ldap host
Host =>
'10.xxx.xxx.xx',
# ldap base
dn
BaseDN =>
'dc=domain,dc=local',
# search
scope (one|sub)
SSCOPE =>
'sub',
# The
following is valid but would only be necessary if the
# anonymous
user does NOT have permission to read from the LDAP tree
UserDN =>
'CN=otrs ldap,OU=Users,DC=domain,DC=local',
UserPw =>
'password',
AlwaysFilter
=> '',
#SourceCharset
=> 'utf-8',
#DestCharset =>
'iso-8859-1',
},
# customer uniq id
CustomerKey => 'sAMAccountName',
# customer #
CustomerID => 'mail',
CustomerUserListFields =>
['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields =>
['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit =>
250,
CustomerUserPostMasterSearchFields
=> ['mail'],
CustomerUserNameFields =>
['givenname', 'sn'],
Map => [
# note:
Login, Email and CustomerID needed!
# var,
frontend, storage, shown, required, storage-type
#[
'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[
'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[
'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[
'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[
'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[
'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
[
'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
#[
'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
#[
'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
With Best Regards,
Tim Miller
Network Administrator
DBT America, Inc.
Houston, PA
From:
otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On Behalf Of VI - Mario Tonin
Sent: Wednesday, November 22, 2006
6:30 AM
To:
Subject: [otrs] LDAP
Authentication
Is there anyone who can give me a step-by-step
guide to configure ldap autentiation for costumers?
I’ve added this entry:
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'vidc2.battistolligroup.it';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=battistolligroup,dc=it';
. . . . . . . . . . . .
. . . . . . .
B.T.V.
s.p.a.– Sistemi Informativi
Via Luca della Robbia
60
36100 – Vicenza
– Italy