I really hope someone can helpout here.. Trouble with Authentication of Active directory in Customer.pl section I have tried almost any option I can think of to authenticate against Active directory What works: I can authenticate against ldap in the agent section. This works. I use the sAMAccount for authentication. What doesn't work: I can't authenticate against ldap in the customer section... What is going wrong?? By using ethereal/wireshark I can see the ldap server is being used to in the agent authentication. But in the customer section I see that although that ldap authenticates but doesn't do a lookup for the attempted login. I am trying to use the same details for the agent section and the customer Base DN does this matter? It should regardless do a lookup no? Further more I have create a local customer user named mike, and this user can still authenticate. Also when I create a new user on customer.pl it does check the ldap and sees the user exists when I use the sAMAccountName during registration. Small side question; In the agent ldap section we I need to make a mapping for name, lastname, email for the mysql database. I am a little suppriced the customer section doesn't have this option as such. I have posted my current config below, Thanks for helping out :-) Ruben # --------------------------------------------------- # # authentication settings # # (enable what you need, auth against otrs db, # # against LDAP directory, agains HTTP basic auth # # or against Radius server) # # --------------------------------------------------- # # This is the auth. module againt the otrs db # $Self->{'AuthModule'} = 'Kernel::System::Auth::DB'; # $Self->{'AuthModule::DB::CryptType'} = 'crypt'; # (take care that Net::LDAP is installed!) $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self->{'AuthModule::LDAP::Host'} = '172.30.2.3'; $Self->{'AuthModule::LDAP::BaseDN'} = 'ou=UserOffice,ou=COMPANYNAMEUsers,dc=nl,dc=COMPANYNAME,dc=local'; $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName'; # # $Self->{'AuthModule::LDAP::GroupDN'} = ''; # # $Self->{'AuthModule::LDAP::AccessAttr'} = ''; # $Self->{'AuthModule::LDAP::UserAttr'} = 'UID'; # $Self->{'AuthModule::LDAP::UserAttr'} = 'DN'; $Self->{'AuthModule::LDAP::SearchUserDN'} = 'testuser'; $Self->{'AuthModule::LDAP::SearchUserPw'} = 'p@ssword'; $Self->{'AuthModule::LDAP::AlwaysFilter'} = ''; # $Self->{'AuthModule::LDAP::UserSuffix'} = '@domain.com'; # $Self->{'AuthModule::LDAP::UserLowerCase'} = 0; # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP) $Self->{'AuthModule::LDAP::Params'} = { port => 3268, timeout => 120, async => 0, version => 3, }; # UserSyncLDAPMap # (map if agent should create/synced from LDAP to DB after login) $Self->{UserSyncLDAPMap} = { # DB -> LDAP Firstname => 'givenName', Lastname => 'sn', Email => 'mail', }; # --------------------------------------------------- # # customer authentication settings # # (enable what you need, auth against otrs db, # # against a LDAP directory, against HTTP basic # # authentication and against Radius server) # # --------------------------------------------------- # # This is the auth. module againt the otrs db # $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::DB'; # $Self->{'Customer::AuthModule::DB::Table'} = 'customer_user'; # $Self->{'Customer::AuthModule::DB::CustomerKey'} = 'login'; # $Self->{'Customer::AuthModule::DB::CustomerPassword'} = 'pw'; # $Self->{'Customer::AuthModule::DB::DSN'} = "DBI:mysql:database=customerdb;host=customerdbhost"; # $Self->{'Customer::AuthModule::DB::User'} = "some_user"; # $Self->{'Customer::AuthModule::DB::Password'} = "some_password"; # This is an example configuration for an LDAP auth. backend. # (take care that Net::LDAP is installed!) $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self->{'Customer::AuthModule::LDAP::Host'} = '172.30.3.2'; $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=UserOffice,ou=COMPANYNAMEUsers,dc=nl,dc=COMPANYNAME,dc=local'; $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName'; #$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName'; # The following is valid but would only be necessary if the # anonymous user do NOT have permission to read from the LDAP tree $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=testuser,ou=UserOffice,ou=COMPANYNAMEUsers,dc=nl,dc=COMPANYNAME,dc=l ocal'; $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'p@ssword'; # in case you want to add always one filter to each ldap query, use # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)' # $Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = ''; # in case you want to add a suffix to each customer login name, then # you can use this option. e. g. user just want to use user but # in your ldap directory exists user@domain. # $Self->{'Customer::AuthModule::LDAP::UserSuffix'} = '@domain.com'; # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP) $Self->{'Customer::AuthModule::LDAP::Params'} = { port => 3268, timeout => 120, async => 0, version => 3, }; # This is example configuration to auth. agents against a radius server # $Self->{'Customer::AuthModule'} = 'Kernel::System::Auth::Radius'; # $Self->{'Customer::AuthModule::Radius::Host'} = 'radiushost'; # $Self->{'Customer::AuthModule::Radius::Password'} = 'radiussecret'; # --------------------------------------------------- # # # # Start of config options!!! # # CustomerUser stuff # # # # --------------------------------------------------- # # # CustomerUser # # (customer user database backend and settings) $Self->{CustomerUser} = { Name => 'Database Backend', Module => 'Kernel::System::CustomerUser::DB', Params => { # # if you want to use an external database, add the # # required settings ## DSN => 'DBI:odbc:yourdsn', ## DSN => 'DBI:mysql:database=customerdb;host=customerdbhost', ## User => '', ## Password => '', Table => 'customer_user', }, # # customer uniq id CustomerKey => 'login', # customer # CustomerID => 'customer_id', CustomerValid => 'valid_id', CustomerUserListFields => ['first_name', 'last_name', 'email'], # CustomerUserListFields => ['login', 'first_name', 'last_name', 'customer_id', 'email'], CustomerUserSearchFields => ['login', 'first_name', 'last_name', 'customer_id'], CustomerUserSearchPrefix => '', CustomerUserSearchSuffix => '*', CustomerUserSearchListLimit => 250, CustomerUserPostMasterSearchFields => ['email'], CustomerUserNameFields => ['salutation', 'first_name', 'last_name'], CustomerUserEmailUniqCheck => 1, # # show now own tickets in customer panel, CompanyTickets # CustomerUserExcludePrimaryCustomerID => 0, # # generate auto logins AutoLoginCreation => 1, # generate auto login prefix AutoLoginCreationPrefix => 'auto', # # admin can change customer preferences # AdminSetPreferences => 1, # # just a read only source # ReadOnly => 1, Map => [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly [ 'UserSalutation', 'Salutation', 'salutation', 1, 0, 'var', '', 0 ], [ 'UserFirstname', 'Firstname', 'first_name', 1, 1, 'var', '', 0 ], [ 'UserLastname', 'Lastname', 'last_name', 1, 1, 'var', '', 0 ], [ 'UserLogin', 'Username', 'login', 1, 1, 'var', '', 0 ], [ 'UserPassword', 'Password', 'pw', 0, 0, 'var', '', 0 ], [ 'UserEmail', 'Email', 'email', 0, 1, 'var', '', 0 ], [ 'UserEmail', 'Email', 'email', 1, 1, 'var', '$Env{"CGIHandle"}?Action=AgentTicketCompose&ResponseID=1&TicketID=$Data {"TicketID"}&ArticleID=$Data{"ArticleID"}', 0 ], [ 'UserCustomerID', 'CustomerID', 'customer_id', 0, 1, 'var', '', 0 ], # [ 'UserCustomerIDs', 'CustomerIDs', 'customer_ids', 1, 0, 'var', '', 0 ], [ 'UserComment', 'Comment', 'comments', 1, 0, 'var', '', 0 ], [ 'ValidID', 'Valid', 'valid_id', 0, 1, 'int', '', 0 ], ], # default selections Selections => { # UserSalutation => { # 'Mr.' => 'Mr.', # 'Mrs.' => 'Mrs.', # }, }, }; # CustomerUser # (customer user ldap backend and settings) $Self->{CustomerUser1} = { Name => 'LDAP Backend', Module => 'Kernel::System::CustomerUser::LDAP', Params => { # ldap host Host => '172.30.2.3', # ldap base dn BaseDN => 'ou=UserTrading, ou=COMPANYNAMEUsers, dc=nl, dc=COMPANYNAME, dc=local', # search scope (one|sub) SSCOPE => 'sub', # The following is valid but would only be necessary if the # anonymous user does NOT have permission to read from the LDAP tree UserDN => 'cn=testuser, ou=UserOffice, ou=COMPANYNAMEUsers, dc=nl, dc=COMPANYNAME, dc=local', UserPw => 'p@ssword', # in case you want to add always one filter to each ldap query, use # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)' AlwaysFilter => '', # if your frontend is e. g. iso-8859-1 and the charset of your # ldap server is utf-8, use this options (if not, ignore it) SourceCharset => 'utf-8', DestCharset => 'iso-8859-1', # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP) Params => { port => 3268, timeout => 120, async => 0, version => 3, }, }, # customer uniq id CustomerKey => 'sAMAccountName', # customer # CustomerID => 'mail', CustomerUserListFields => ['sAMAccountName','cn', 'mail'], CustomerUserSearchFields => ['sAMAcountName', 'cn', 'mail'], CustomerUserSearchPrefix => '', CustomerUserSearchSuffix => '*', CustomerUserSearchListLimit => 250, CustomerUserPostMasterSearchFields => ['mail'], CustomerUserNameFields => ['givenname', 'sn'], # show now own tickets in customer panel, CompanyTickets # CustomerUserExcludePrimaryCustomerID => 0, # # add a ldap filter for valid users (expert setting) # # CustomerUserValidFilter => '(!(description=gesperrt))', # # admin can't change customer preferences # AdminSetPreferences => 0, Map => [ # # note: Login, Email and CustomerID needed! # # var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly # [ 'UserSalutation', 'Title', 'title', 1, 0, 'var', '', 0 ], [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var', '', 0 ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var', '', 0 ], [ 'UserLogin', 'login', 'sAMAccountName', 1, 1, 'var', '', 0 ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var', '', 0 ], [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var', '', 0 ], # [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var', '', 0 ], # [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var', '', 0 ], # [ 'UserComment', 'Comment', 'description', 1, 0, 'var', '', 0 ], ], };