Do you
have a MAP Array configured in Config.pm?
They
have a sample config section as shown below in part, the part of this that
I would look at is the map array :
",
Map =>
[
# note:
Login, Email and CustomerID
needed!
#
var, frontend, storage, shown (1=always,2=lite), required, storage-type,
http-link,
readonly
[
'UserSalutation', 'Title',
'title', 1, 0,
'var', '', 0
],
[
'UserFirstname', 'Firstname',
'givenname', 1, 1, 'var', '', 0
],
[
'UserLastname', 'Lastname',
'sn',
1, 1, 'var', '', 0
],
[
'UserLogin', 'Username',
'uid',
1, 1, 'var', '', 0
],
[
'UserEmail',
'Email',
'mail', 1, 1,
'var', '', 0
],
[
'UserCustomerID', 'CustomerID',
'mail', 0, 1,
'var', '', 0
],
# [
'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1, 0, 'var', '', 0
],
[
'UserPhone',
'Phone', 'telephonenumber', 1, 0, 'var', '', 0
],
[
'UserAddress', 'Address',
'postaladdress', 1, 0, 'var', '', 0
],
[
'UserComment', 'Comment',
'description', 1, 0, 'var', '', 0
],
],
};
" ##### End of Map Array
Have
Fun
Greg
Horne
geh
gehorne
# CustomerUser
# (customer
user ldap backend and settings)
$Self->{CustomerUser} =
{
Name => 'LDAP
Datenquelle',
Module =>
'Kernel::System::CustomerUser::LDAP',
Params =>
{
# ldap
host
Host
=>
'bay.csuhayward.edu',
# ldap base
dn
BaseDN
=>
'ou=seas,o=csuh',
# search scope
(one|sub)
SSCOPE =>
'sub',
# #
The following is valid but would only be necessary if
the
# #
anonymous user does NOT have permission to read from the LDAP
tree
UserDN =>
'',
UserPw
=> '',
# in case you want to add always one filter to each ldap query,
use
# this
option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter =>
'(objectclass=user)'
AlwaysFilter =>
'',
# if
your frontend is e. g. iso-8859-1 and the charset of
your
#
ldap server is utf-8, use this options (if not, ignore
it)
#
SourceCharset =>
'utf-8',
#
DestCharset =>
'iso-8859-1',
# Net::LDAP new params (if needed - for more info see perldoc
Net::LDAP)
Params =>
{
port =>
389,
timeout =>
120,
async =>
0,
version =>
3,
},
},
# customer uniq
id
CustomerKey =>
'uid',
# customer
#
CustomerID =>
'mail',
CustomerUserListFields
=> ['cn', 'mail'],
CustomerUserSearchFields => ['uid', 'cn',
'mail'],
CustomerUserSearchPrefix
=> '',
CustomerUserSearchSuffix
=> '*',
CustomerUserSearchListLimit =>
250,
CustomerUserPostMasterSearchFields =>
['mail'],
CustomerUserNameFields
=> ['givenname', 'sn'],
# show
now own tickets in customer panel,
CompanyTickets
CustomerUserExcludePrimaryCustomerID =>
0,
# add a ldap filter for valid
users (expert setting)
#
CustomerUserValidFilter =>
'(!(description=gesperrt))',
#
admin can't change customer
preferences
AdminSetPreferences
=> 0,
Map =>
[
# note:
Login, Email and CustomerID
needed!
#
var, frontend, storage, shown (1=always,2=lite), required, storage-type,
http-link,
readonly
[
'UserSalutation', 'Title',
'title', 1, 0,
'var', '', 0
],
[
'UserFirstname', 'Firstname',
'givenname', 1, 1, 'var', '', 0
],
[
'UserLastname', 'Lastname',
'sn',
1, 1, 'var', '', 0
],
[
'UserLogin', 'Username',
'uid',
1, 1, 'var', '', 0
],
[
'UserEmail',
'Email',
'mail', 1, 1,
'var', '', 0
],
[
'UserCustomerID', 'CustomerID',
'mail', 0, 1,
'var', '', 0
],
# [
'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1, 0, 'var', '', 0
],
[
'UserPhone',
'Phone', 'telephonenumber', 1, 0, 'var', '', 0
],
[
'UserAddress', 'Address',
'postaladdress', 1, 0, 'var', '', 0
],
[
'UserComment', 'Comment',
'description', 1, 0, 'var', '', 0
],
],
};
Greg Horne írta:
Greg,
Thank you for
the response. I double checked everything but I can't figure out what's the
problem.
I reinstalled a new 2.2.1 with the default settings (mysql, utf8
and so one).
I followed the 2.2 documentation and pasted the required
section into my Config.pm
Changed it as needed but the result is the same.
Here is the relevant part.
# This is an example configuration
for an LDAP auth. backend.
# (take care that Net::LDAP
is installed!)
$Self->{'AuthModule'} =
'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} =
'localhost';
$Self->{'AuthModule::LDAP::BaseDN'} =
'ou=Staff,dc=office,dc=bluesystem,dc=hu';
$Self->{'AuthModule::LDAP::UID'} = 'uid';
$Self->{'AuthModule::LDAP::SearchUserDN'} = '';
$Self->{'AuthModule::LDAP::SearchUserPw'} = '';
$Self->{'AuthModule::LDAP::AlwaysFilter'} = '';
$Self->{'AuthModule::LDAP::Params'} =
{
port =>
389,
timeout =>
120,
async =>
0,
version =>
3,
};
$Self->{UserSyncLDAPMap}
= {
# DB ->
LDAP
Firstname =>
'givenName',
Lastname =>
'sn',
Email =>
'mail',
};
$Self->{UserSyncLDAPGroups} =
[
'users',
];
# UserTable
$Self->{DatabaseUserTable} = 'system_user';
$Self->{DatabaseUserTableUserID} = 'id';
$Self->{DatabaseUserTableUserPW} = 'pw';
$Self->{DatabaseUserTableUser} = 'login';
And the
log.
[Thu Jul 12 14:10:42 2007][Notice][Kernel::System::Auth::LDAP::Auth] User: sfeher
(uid=sfeher,ou=Staff,dc=office,dc=bluesystem,dc=hu) authentication ok
(REMOTE_ADDR: 192.168.1.11).
[Thu Jul 12 14:10:42
2007][Notice][Kernel::System::User::GetUserData] Panic! No UserData for user:
'sfeher'!!!
[Thu Jul 12 14:10:42
2007][Error][Kernel::System::User::UserAdd][229] Need UserFirstname!
[Thu
Jul 12 14:10:42 2007][Error][Kernel::System::Auth::LDAP::Auth][385] Can't
create user 'sfeher' (uid=sfeher,ou=Staff,dc=office,dc=bluesystem,dc=hu) in
RDBMS!
[Thu Jul 12 14:10:42
2007][Notice][Kernel::System::User::GetUserData] Panic! No UserData for user:
'sfeher'!!!
And the LDAP entry:
dn:
uid=sfeher,ou=Staff,dc=office,dc=bluesystem,dc=hu
objectClass:
posixAccount
objectClass: top
objectClass: inetOrgPerson
objectClass:
shadowAccount
gidNumber: 65534
givenName: Sandor
sn:
Feher
displayName: Sandor Feher
uid: sfeher
homeDirectory:
/home/sfeher
loginShell: /bin/bash
shadowFlag: 0
shadowMin:
0
shadowMax: 99999
shadowWarning: 0
shadowInactive:
99999
shadowLastChange: 12011
shadowExpire: 99999
mail: sfeher@bluesystem.hu
cn: Sandor
Feher
uidNumber: 17261
structuralObjectClass:
inetOrgPerson
entryUUID:
2f008b44-c3da-102b-93cc-b53af2a69bad
creatorsName:
cn=admin,dc=office,dc=bluesystem,dc=hu
createTimestamp:
20070711090933Z
userPassword::
e1NIQX03MnErRUswSUxBSVZsSUdjVVdKcmsxVEtQL2M9
entryCSN:
20070711091036Z#000000#00#000000
modifiersName:
cn=admin,dc=office,dc=bluesystem,dc=hu
modifyTimestamp:
20070711091036Z
Regards., Sandor
Sándor,
Sorry its still early here (US), searched the web for UserSyncLDAPMap and
found that The DB line is normally commented out. So would not think that
is you issue. I searched my 2.2 config and found that I do not have a
UserSyncLDAPMap in it. When I did my 2.2 LDAP, I started from the default
Config.pm and worked my way through using the 2.2 HTML manual from the
website.
Again, in the past when I have seen the Panic statement I have found the
problem to be in the Map command. Following is a cut and paste from mine.
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown (1=always,2=lite), required,
storage-type, http-link, readonly
[ 'UserSalutation', 'Title', 'title', 1, 0,
'var', '', 0 ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1,
'var', '', 0 ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1,
'var', '', 0 ],
[ 'UserLogin', 'Username', 'uid', 1, 1,
'var', '', 0 ],
[ 'UserEmail', 'Email', 'mail', 1, 1,
'var', '', 0 ],
[ 'UserCustomerID', 'CustomerID', 'confirm', 0, 1,
'var', '', 0 ],
# [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1,
0, 'var', '', 0 ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0,
'var', '', 0 ],
[ 'UserAddress', 'Address', 'postaladdress', 1, 0,
'var', '', 0 ],
[ 'UserComment', 'Comment', 'description', 1, 0,
'var', '', 0 ],
],
};
If I recieved the message I would verify that in my example, givenname was
actually in LDAP and contained the first name of the user. You may want to
post the entire LDAP section from your Config.pm with any usernames/password
changed.
Sorry everyone for the poor prior post, again its early here :)
Have Fun.
Greg Horne
geh
gehorne
-----Original Message-----
From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org]On Behalf Of
Sándor Fehér
Sent: Thursday, July 12, 2007 2:00 AM
To: User questions and discussions about OTRS.org
Subject: Re: [otrs] LDAP auth problem
Sándor Fehér írta:
Some additional info. I downgraded to 2.1.6 and it works fine with that.
Here is the relevant part of my Config.pm
# $DIBI$
$Self->{'SystemID'} = 10;
$Self->{'SecureMode'} = 1;
$Self->{'Organization'} = 'Blue System ';
$Self->{'LogModule::LogFile'} = '/opt/otrs/var/otrs.log';
$Self->{'LogModule'} = 'Kernel::System::Log::SysLog';
$Self->{'FQDN'} = 'mail.office.bluesystem.hu';
$Self->{'DefaultLanguage'} = 'hu';
$Self->{'DefaultCharset'} = 'iso-8859-2';
$Self->{'AdminEmail'} = 'sfeher@bluesystem.hu';
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = '192.168.1.9';
$Self->{'AuthModule::LDAP::BaseDN'} =
'ou=Staff,dc=office,dc=bluesystem,dc=hu';
$Self->{'AuthModule::LDAP::UID'} = 'uid';
$Self->{'AuthModule::LDAP::UserAttr'} = 'uid';
$Self->{'AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
$Self->{UserSyncLDAPMap} = {
# DB -> LDAP
Firstname => 'givenName',
Lastname => 'sn',
Email => 'mail',
};
$Self->{UserSyncLDAPGroups} = [
'users',
];
$Self->{DatabaseUserTable} = 'system_user';
$Self->{DatabaseUserTableUserID} = 'id';
$Self->{DatabaseUserTableUserPW} = 'pw';
$Self->{DatabaseUserTableUser} = 'login';
And the log I get.
[Thu Jul 12 07:55:28 2007][Notice][Kernel::System::Auth::LDAP::Auth]
User: sfeher (uid=sfeher,ou=St
[Thu Jul 12 07:55:28 2007][Notice][Kernel::System::User::GetUserData]
Panic! No UserData for user:
[Thu Jul 12 07:55:28 2007][Error][Kernel::System::User::UserAdd][229]
Need UserFirstname!
[Thu Jul 12 07:55:28 2007][Error][Kernel::System::Auth::LDAP::Auth][385]
Can't create user 'sfeher'
[Thu Jul 12 07:55:28 2007][Notice][Kernel::System::User::GetUserData]
Panic! No UserData for user:
Regards., Sandor
Hi,
I had a well working otrs config so far with the following parts:
- Apache 2.2.3 with mod_perl
- OTRS 2.1.6
- Oracle 10.2.0.1
- Openldap 2.3.35
The authetication worked perfectly from LDAP. Today I decided to build
a new config with otrs 2.2.1.
I backed up my Config.pm and installed a new otrs 2.2.1. Ran the
oracle database scripts as well.
Everything is fine except the authentication (I can log in with
root@localhost).
The result is the same either I use mysql backend.
Thank you in advance.
Regards., Sandor
ERROR: OTRS-CGI-10 Perl: 5.8.8 OS: linux Time: Wed Jul 11 11:10:39 2007
Message: Can't create user 'sfeher'
(uid=sfeher,ou=Staff,dc=office,dc=bluesystem,dc=hu) in RDBMS!
Traceback (8276):
Module: Kernel::System::Auth::LDAP::Auth (v1.37) Line: 385
Module: Kernel::System::Auth::Auth (v1.23) Line: 120
Module: Kernel::System::Web::InterfaceAgent::Run (v1.22) Line: 192
Module:
ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_index_2epl::handler
(v) Line: 4
Module: (eval) (v1.81) Line: 203
Module: ModPerl::RegistryCooker::run (v1.81) Line: 203
Module: ModPerl::RegistryCooker::default_handler (v1.81) Line: 169
Module: ModPerl::Registry::handler (v1.99) Line: 30
--
Üdvözlettel, Fehér Sándor
...Fehér Sándor... --- ....Sandor Feher....
fejlesztési vezető --- development manager
Blue System Kft. --- Blue System Ltd.
mailto:sfeher@bluesystem.hu http://www.bluesystem.hu
[ - real men don't click - ]
_______________________________________________
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support or consulting for your OTRS system?
=> http://www.otrs.com/
_______________________________________________
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support or consulting for your OTRS system?
=> http://www.otrs.com/
_______________________________________________
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support or consulting for your OTRS system?
=> http://www.otrs.com/
--
Üdvözlettel, Fehér Sándor
...Fehér Sándor... --- ....Sandor Feher....
fejlesztési vezető --- development manager
Blue System Kft. --- Blue System Ltd.
mailto:sfeher@bluesystem.hu http://www.bluesystem.hu
[ - real men don't click - ]