Re: [otrs] OTRS LDAP Agent Authentication

3 Aug 2009


      You'd need to also configure LDAPSync (and, map attributes from LDAP to
OTRS) in order for the accounts to automatically synchronize. See the part
under "AuthSyncModule" in the Manual:

http://doc.otrs.org/2.4/en/html/x1826.html

Kind regards,
--
Michiel Beijen
Software Consultant
+31 6 - 457 42 418
Bee Free IT + http://beefreeit.nl


On Mon, Aug 3, 2009 at 21:06, David Holder  wrote:
...
Hi Chaps,
I'm trying to authenticate agents on my OTRS implementation (OTRSforwin) by
adopting the LDAP template like so: (Windows Server 2003 Active Directory
domain controller)
########## Start of LDAP Config ##########
# This is an example configuration for an LDAP auth. backend.
    # (take care that Net::LDAP is installed!)
    $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
    $Self->{'AuthModule::LDAP::Host'} = 'myserver.domain.local';
    $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=domain,dc=local';
    $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
# Check if the user is allowed to auth in a posixGroup
    # (e. g. user needs to be in a group xyz to use otrs)
    $Self->{'AuthModule::LDAP::GroupDN'} = 'cn=OTRS_Agents,ou=OTRS
Admins,dc=domain,dc=local';
    $Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
# for ldap posixGroups objectclass (just uid)
    #$Self->{'AuthModule::LDAP::UserAttr'} = 'UID';
    # for non ldap posixGroups objectclass (with full user dn)
    $Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
# The following is valid but would only be necessary if the
    # anonymous user do NOT have permission to read from the LDAP tree
    $Self->{'AuthModule::LDAP::SearchUserDN'} = 'cn=OTRS Searcher,ou=OTRS
LDAP Searcher,dc=domain,dc=local';
    $Self->{'AuthModule::LDAP::SearchUserPw'} = 'myotrspassword';
# in case you want to add always one filter to each ldap query, use
    # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter =>
'(objectclass=user)'
    $Self->{'AuthModule::LDAP::AlwaysFilter'} = '';
# in case you want to add a suffix to each login name, then
    # you can use this option. e. g. user just want to use user but
    # in your ldap directory exists user@domain.
    #$Self->{'AuthModule::LDAP::UserSuffix'} = '@domain.com';
# Net::LDAP new params (if needed - for more info see perldoc
Net::LDAP)
    $Self->{'AuthModule::LDAP::Params'} = {
        port => 389,
        timeout => 120,
        async => 0,
        version => 3,
    };
Output from Log File:
[Mon Aug  3 19:51:40 2009][Notice][Kernel::System::Auth::LDAP::Auth] User:
David Holder (CN=David Holder,OU=IT,DC=domain,DC=local) authentication ok
(REMOTE_ADDR: 127.0.0.1).
[Mon Aug  3 19:51:40 2009][Error][Kernel::System::User::UserLookup][680] No
UserID found for 'David Holder'!
[Mon Aug  3 19:51:40 2009][Error][Kernel::System::User::UserLookup][680] No
UserID found for 'David Holder'!
[Mon Aug  3 19:51:40 2009][Notice][Kernel::System::User::GetUserData]
Panic! No UserData for user: 'David Holder'!!!
Does anyone have any ideas what is wrong with my config?
Your help is most appreciated.
David
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/