Hello,
My config : Linux CentOS 7 - otrs-5.0.13-01 (from rpm) - OpenLDAP 2.4
I have configured OTRS to use LDAP for the Agents authentification. It is OK.
I want to do the same for the Consumers. I read many examples, but without success.
1/ in the Administration/Consumers panel, I see all my LDAP users like :
jjma2 jma2 jma2 jma2@jma2.com jma2@jma2.com
2/ when I try to login with an LDAP id, I get these message
Panic, user authenticated but no user data can be found in OTRS DB!! Perhaps the user is invalid.
3/ and in /var/log/httpd/error.log, I get
ERROR: OTRS-CGI-38 Perl: 5.16.3 OS: linux Time: Fri Nov 4 10:40:31 2016
Message: No UserID found for 'jjma2'!
RemoteAddress: 109.190.22.197
RequestURI: /otrs/index.pl
Traceback (19414):
Module: Kernel::System::User::UserLookup Line: 935
Module: Kernel::System::Auth::Auth Line: 206
Module: Kernel::System::Web::InterfaceAgent::Run Line: 228
Module: ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_ 2dbin_index_2epl::handler Line: 40
Module: (eval) (v1.99) Line: 207
Module: ModPerl::RegistryCooker::run (v1.99) Line: 207
Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 173
Module: ModPerl::Registry::handler (v1.99) Line: 32
ERROR: OTRS-CGI-38 Perl: 5.16.3 OS: linux Time: Fri Nov 4 10:40:31 2016
Message: No UserID found for 'jjma2'!
RemoteAddress: 109.190.22.197
RequestURI: /otrs/index.pl
Traceback (19414):
Module: Kernel::System::User::UserLookup Line: 935
Module: Kernel::System::Auth::Auth Line: 305
Module: Kernel::System::Web::InterfaceAgent::Run Line: 228
Module: ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_ 2dbin_index_2epl::handler Line: 40
Module: (eval) (v1.99) Line: 207
Module: ModPerl::RegistryCooker::run (v1.99) Line: 207
Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 173
Module: ModPerl::Registry::handler (v1.99) Line: 32
My config is below.
Where is my mistake ?
Thanks a lot for any suggestion.
Joel Marchand
$Self->{CustomerUser} = {
Name => 'LDAP Backend',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
# ldap host
Host => 'ldaps://ldapr1.huma-num.fr:636/ ',
# ldap base dn
BaseDN => 'dc=huma-num,dc=fr',
# search scope (one|sub)
SSCOPE => 'sub',
# The following is valid but would only be necessary if the
# anonymous user does NOT have permission to read from the LDAP tree
UserDN => 'cn=otrs,ou=dsa,dc=huma-num,dc=fr',
UserPw => 'xxxx',
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
AlwaysFilter => '(objectclass=posixAccount)',
# if the charset of your ldap server is iso-8859-1, use this:
# SourceCharset => 'iso-8859-1',
# die if backend can't work, e. g. can't connect to server
Die => 1,
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
Params => {
port => 636,
timeout => 120,
async => 0,
version => 3,
cafile => '/etc/ssl/certs/star_huma-num_fr-intermediate.pem',
clientcert => '/etc/ssl/certs/star_huma-num_fr.pem',
clientkey => '/etc/ssl/private/star_huma-num_fr.key',
},
},
# customer unique id
CustomerKey => 'uid',
# customer #
CustomerID => 'mail',
CustomerUserListFields => ['cn', 'mail'],
CustomerUserSearchFields => ['uid', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
# show now own tickets in customer panel, CompanyTickets
CustomerUserExcludePrimaryCustomerID => 0,
# add a ldap filter for valid users (expert setting)
# CustomerUserValidFilter => '(!(description=gesperrt))',
# admin can't change customer preferences
AdminSetPreferences => 0,
# cache time to live in sec. - cache any ldap queries
CacheTTL => 0,
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly
[ 'UserTitle', 'Title', 'title', 1, 0, 'var', '', 0 ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var', '', 0 ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var', '', 0 ],
[ 'UserLogin', 'Username', 'uid', 1, 1, 'var', '', 0 ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var', '', 0 ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var', '', 0 ],
# [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1, 0, 'var', '', 0 ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var', '', 0 ],
[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var', '', 0 ],
[ 'UserComment', 'Comment', 'description', 1, 0, 'var', '', 0 ],
],
};
PS : I try also
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth: :LDAP';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=otrs,ou=dsa,dc=huma-num, dc=fr';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'xxx';
$Self->{'Customer::AuthModule::LDAP::Host'} = ['ldaps://ldapr1.huma-num.fr: 636/ ','ldaps://ldapr2.huma-num.fr:636/' ];
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=huma-num,dc=fr';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'uid';
$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID';
$Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '(objectclass=posixAccount)';
$Self->{'Customer::AuthModule::LDAP::Params'} = {
port => 636,
timeout => 120,
async => 0,
version => 3,
cafile => '/etc/ssl/certs/star_huma-num_fr-intermediate.pem',
clientcert => '/etc/ssl/certs/star_huma-num_fr.pem',
clientkey => '/etc/ssl/private/star_huma-num_fr.key',
};
-> with this configuration, I don't see the LDAP accounts in the Administration/Customers panel.
--
Très Grande Infrastructure de Recherche Huma-Num - CNRS UMS 3598
3ème étage - bureau 303 - CS n°71345
196 avenue de France - 75648 PARIS CEDEX 13
Tél : 01 49 54 83 09 - http://www.huma-num.fr/personne/joel-marchand
------------------------------------------------------------ ---------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/mailman/listinfo/otrs