Edmond,
When I change the UserDN (in config.pm) I can no longer search for
customers and I get errors in the log file relating to LDAP bind
failure. However, if I use UserDN =>'domain\otrsagent' then I can search
for customers. I did try changing the sync script from 'domain\otrstest'
to "cn=otrsagent,ou=users,dc=domain,dc=org" but it still didn't work
cause I still receive the following error when customers attempt to
log-in using their AD credentials.
Search failed!000004DC: LdapErr: DSID-0C0906DD, comment: In order to
perform this operation a successful bind must be completed on the
connection., data 0, v1772?
Thanks for the suggestion! I was thinking and I would like to know if
there is a way that I could check the local database used by OTRS to
ensure that the sync script is working? Or to even check to see if there
are values in the customer users password fields (since the agent
interface shows a "-" under the valid/invalid field for customer users)?
Ryan Miguel
----------------------------------------------------------------------
Message: 1
Date: Sat, 24 Apr 2010 19:08:05 +0800
From: Edmond Chan <ccedmond@gmail.com>
Subject: Re: [otrs] customer users cant login
To: "User questions and discussions about OTRS." <otrs@otrs.org>
Message-ID:
<o2w157d91881004240408ma3b7bc0ob0eaa14f31c4a06@mail.gmail.com>
Content-Type: text/plain; charset="windows-1252"
Hi Ryan,
DN should be a value looks like
"cn=otrsagent,ou=users,dc=domain,dc=org",
instead of "domain\otrsagent".
The following 2 values need be updated to a correct DN.
UserDN =>'domain\otrsagent'
my $LDAPBindDN = 'domain\otrstest';
On Sat, Apr 24, 2010 at 8:11 AM, Ryan Miguel <rmiguel@rcskids.org>
wrote:
I am able to see customer users, search for them, add them to tickets
and even send e-mails to them but they can?t login through the
customer.pl page. Whenever customers try to login they receive an
error message saying that their username or password has been entered
incorrectly. When I look in the OTRS logs I see a message like this:
?[Fri Apr 23 16:35:40
2010][Error][Kernel::System::CustomerAuth::LDAP::Auth][220] Search
failed!
000004DC: LdapErr: DSID-0C0906DD, comment: In order to perform this
operation a successful bind must be completed on the connection., data
0, v1772?
I have tried using the sync-ldap2db.pl script because I have read that
the user data has to be copied to the MSQL DB for users to be able to
login but I am unsure of how I would verify that the data was copied
over correctly. I have also read that some people have been able to
use some extra settings in their config to copy the data of a first
time customer user logging in. My settings are shown below. Any help
would be appreciated.
Thanks,
Ryan
##############config.pm#######################
#Enable LDAP authentication for Customers a.k.a non-IT employees
$Self->{'Customer::AuthModule'} =
'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'server.domain.org';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} =
'ou=users,dc=domain,dc=org';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
#CustomerUser
#(customer user database backend and settings)
$Self->{CustomerUser} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'server.domain.org',
BaseDN => 'OU=staff,DC=domain,DC=org',
SSCOPE => 'sub',
UserDN =>'domain\otrsagent',
UserPw => 'secret',
},
# customer unique id
CustomerKey => 'sAMAccountName',
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName', 'mail'],
CustomerUserSearchFields => ['sAMAccountName','givenname','sn' ],
CustomerUserSearchPrefix => '*',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail', 'givenname', 'sn'],
CustomerUserNameFields => ['cn', 'sn'],
Map => [
# var,frontend,storage,shown,required,storage-type, http-link,
readonly
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var', '',0
],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var', '',0],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var', '',0],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var', '',0],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var', '',0],
# [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var', '',0],
],
};
###############sync-ldap2db.pl##################
my $UidLDAP = 'domain\otrsagent';
my $UidDB = 'otrs';
my %Map = (
# db => ldap
email => 'mail',
customer_id => 'mail',
first_name => 'givenname',
last_name => 'sn',
pw => 'password',
);
my $LDAPHost = 'server.domain.org';
my %LDAPParams = ();
my $LDAPBaseDN = 'ou=users,dc=domain,dc=org';
my $LDAPBindDN = 'domain\otrstest';
my $LDAPBindPW = 'secret';
my $LDAPScope = 'sub';
my $LDAPCharset = 'utf-8';
#my $LDAPFilter = '';
my $LDAPFilter = '(ObjectClass=*)';
my $DBCharset = 'iso-8859-1';
my $DBTable = 'customer_user';
______________________________________________________________________
This email has been scanned by the Rebekah Children's Services Email
Security System.
**** Confidentiality Notice *****
The information contained in this e-mail, and any attachment, is
private and confidential and is the property of Rebekah Children's
Services. The information is intended only for the use of the intended
recipient. If you are not the intended recipient, you are hereby
notified that any disclosure, copying, distribution, or taking of any
action in reliance on the contents of the information is strictly
prohibited. If you have received this e-mail in error, please
immediately notify the sender and destroy all copies of the original
message.
All reasonable precautions have been taken to ensure no viruses are
present in this e-mail. We do not accept responsibility for any loss
or damage arising from the use of this e-mail or attachments. We
recommend that you subject these to your virus checking procedures
prior to use.
______________________________________________________________________
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/
--
Best regards,
Edmond Chan
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.otrs.org/pipermail/otrs/attachments/20100424/2cabf214/atta
chment.html>
------------------------------
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/
End of otrs Digest, Vol 19, Issue 89
************************************
______________________________________________________________________
This email has been scanned by the Rebekah Children's Services Email
Security System.
______________________________________________________________________
______________________________________________________________________
This email has been scanned by the Rebekah Children's Services Email Security System.
**** Confidentiality Notice *****
The information contained in this e-mail, and any attachment, is private and confidential and is the property of Rebekah Children's Services. The information is intended only for the use of the intended recipient. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or taking of any action in reliance on the contents of the information is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and destroy all copies of the original message.
All reasonable precautions have been taken to ensure no viruses are present in this e-mail. We do not accept responsibility for any loss or damage arising from the use of this e-mail or attachments. We recommend that you subject these to your virus checking procedures prior to use.
______________________________________________________________________
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/