Re: [otrs] Active Directory and 2.4.3 issues

David, you would be my hero if you did that! Please please please post your current template! Thanks Much! Justin Holt On Wed, Aug 26, 2009 at 9:13 AM, David Holder wrote:

Hi Chaps,

I've managed to get OTRS 2.4.3 working with Microsoft AD.

I've just had a quick browse of your config and notice that there is no AuthSyncModule code in there, you need to sync your agent data to OTRS's database. For example:

# Now sync data with OTRS DB $Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP'; $Self->{'AuthSyncModule::LDAP::Host'} = 'servername.companyname.local'; $Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=companyname, dc=local'; $Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName'; $Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'cn=OTRS Searcher,ou=OTRS LDAP Searcher,dc=companyname,dc=local'; $Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'searcherpassword'; $Self->{'AuthSyncModule::LDAP::UserSyncMap'} = { # DB -> LDAP UserFirstname => 'givenName', UserLastname => 'sn', UserEmail => 'mail', };

# AuthSyncModule::LDAP::UserSyncInitialGroups # (sync following group with rw permission after initial create of first agent # login) $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [ 'users', ];

If you want I can post my complete LDAP template, which has allowed Agents to authenticate against AD (as a requirement, must belong to a particular AD group) and customers to log on too.

Regards,

David

On Tue, Aug 25, 2009 at 10:03 PM, Justin Holt wrote:

...

Sorry to keep flooding you guys with emails, but disregard that last email. It didn't work. I only managed to log in because I had created an account for myself with the same password and it worked, stupid me. So does anyone know how to get agents to authenticate and to get incoming emails turned into tickets?

Thank you so much to everyone, Justin Holt

On Tue, Aug 25, 2009 at 4:52 PM, Justin Holt wrote:

...

Well, just for laughs, I decided to export my settings through SysConfig and re-import them to the new setup. I gasped in awe as it actually worked. My other question, if I exported settings that allowed the old system to consider emails sent to its email address as tickets, should those settings come over and work just the same as well?

Thanks Justin

On Tue, Aug 25, 2009 at 4:07 PM, Justin Holt wrote:

...

I had it fully working in 2.3.4 and made a full backup of the 2.3.4 otrs folder. I then uninstalled 2.3.4 and installed 2.4.3. I tried first to copy and past my whole config.pm file from 2.3.4 to 2.4.3 and that did not work. I tried just the segment I have below and that still did not work. Is it somewhere in the documentation and I'm missing it or can you give me a portion of your config.pm and just have me fill in my stuff?

Thanks, Justin

On Tue, Aug 25, 2009 at 3:53 PM, Cook, Julian wrote:

...

Justin, I just dealt with this headache myself. Did you have it working and then it quit or is it a simple question of agent authentication? -- Julian Cook Securities and Exchange Commission Operations Center DMZ Ops

On 8/25/09 3:49 PM, "Justin Holt" wrote:

Is there even a way for the Agent to authenticate over LDAP anymore? It looks like it has been taken out. I've been going through SysConfig and can't find anything on it. Anything I also try to throw at it by manually editing Config.pm leaves the system broken. I've also uninstalled and reinstalled a few times now.

Justin

On Tue, Aug 25, 2009 at 12:18 PM, wrote:

Hi,

same problem here, but only with one of 200: I have tested it, with case-sensitive typed username, it works - but no problem with case-sensitive for all the others...

Günther

-------- Original-Nachricht --------

...

Datum: Tue, 25 Aug 2009 12:12:17 -0400 Von: Justin Holt An: otrs@otrs.org Betreff: [otrs] Active Directory and 2.4.3 issues

...

I finally went to make the jump to 2.4.3 from 2.3.4 and am having a bit of an issue. Customers still authenticate against our Active Directory Server just fine, but when an agent tries to authenticate, it all blows up.

"Panic, user authenticated but no user data can be found in OTRS DB!! Perhaps the user is invalid."

Here is the whole LDAP configuration part from my config.pm < http://config.pm> that I just copied and pasted out of the config.pm http://config.pm for 2.3.4. I have seen that there

...

are others with this same issue but there have been no responses. This is all running on a windows 2003 server with a regurlar install of OTRS. Any Ideas? #-----------------------Customer Data------------------------------------------------

#Enable LDAP authentication for Customers / Users $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self->{'Customer::AuthModule::LDAP::Host'} = 'vdp-dc-003'; $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=ci, dc=vernon, dc=ct, dc=us'; $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';

#The following is valid but would only be necessary if the #anonymous user do NOT have permission to read from the LDAP tree $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrs_ldap'; $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = '1qaz2wsx';

#CustomerUser #(customer user database backend and settings) $Self->{CustomerUser} = { Module => 'Kernel::System::CustomerUser::LDAP', Params => { Host => 'vdp-dc-003', BaseDN => 'dc=ci, dc=vernon, dc=ct, dc=us', SSCOPE => 'sub', UserDN =>'otrs_ldap', UserPw => '1qaz2wsx', }, # customer unique id CustomerKey => 'sAMAccountName', # customer # CustomerID => 'mail', CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchPrefix => '', CustomerUserSearchSuffix => '*', CustomerUserSearchListLimit => 250, CustomerUserPostMasterSearchFields => ['mail'], CustomerUserNameFields => ['givenname', 'sn'], Map => [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown, required, storage-type #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ], [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ], [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ], [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ], [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ], #[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ], #[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ], ], }; # -------------------------End Customer data-----------------------------

#------------------------------Agent Data---------------------------------

#Enable LDAP authentication for Customers / Users $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self->{'AuthModule::LDAP::Host'} = 'vdp-dc-003'; $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=ci, dc=vernon, dc=ct, dc=us'; $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';

#The following is valid but would only be necessary if the #anonymous user do NOT have permission to read from the LDAP tree $Self->{'AuthModule::LDAP::SearchUserDN'} = 'otrs_ldap'; $Self->{'AuthModule::LDAP::SearchUserPw'} = '1qaz2wsx';

# UserSyncLDAPMap # (map if agent should create/synced from LDAP to DB after login) $Self->{UserSyncLDAPMap} = { # DB -> LDAP UserFirstname => 'givenName', UserLastname => 'sn', UserEmail => 'mail', };

# UserSyncLDAPGroups # (If "LDAP" was selected="selected" for AuthModule, you can specify # initial user groups for first login.) $Self->{UserSyncLDAPGroups} = [ 'users', ];

# UserTable $Self->{DatabaseUserTable} = 'users'; $Self->{DatabaseUserTableUserID} = 'id'; $Self->{DatabaseUserTableUserPW} = 'pw'; $Self->{DatabaseUserTableUser} = 'login';

#Add the following lines when only users are allowed to login if they reside in the spicified security group #Remove these lines if you want to provide login to all users specified in the User Base DN $Self->{'AuthModule::LDAP::GroupDN'} ='CN=otrs_ldap_allow_A,CN=Builtin,DC=ci,DC=vernon,DC=ct,DC=us'; $Self->{'AuthModule::LDAP::AccessAttr'} = 'member'; $Self->{'AuthModule::LDAP::UserAttr'} = 'DN';

#---------------------------End Agent Data--------------------------------

-- GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT! Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01 --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/

------------------------------ --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/

--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/

--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/

--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/