Hello, I'm trying to use an ldap directory for authentication. It seems to auth me correctly (I fiddled around a bit to see if it really does), however I cannot log in. This is what the otrs writes into the logfile: Nov 29 13:58:15 mail1 OTRS-CGI[25572]: [Notice][Kernel::System::Auth::LDAP::Auth] User: wwodecki logged in (REMOTE_ADDR: 192.168.154.150). Nov 29 13:58:15 mail1 OTRS-CGI[25572]: [Notice][Kernel::System::User::GetUserData] Panic! No UserData for user: 'wwodecki'!!! -- Regards, Wiktor Wodecki
Hi Wiktor, On Fri, Nov 29, 2002 at 02:04:56PM +0100, Wiktor Wodecki wrote:
I'm trying to use an ldap directory for authentication. It seems to auth me correctly (I fiddled around a bit to see if it really does), however I cannot log in. This is what the otrs writes into the logfile:
The AuthModule just checks the authentication. You still need to create the user 'wwodecki' via the OTRS admin interface bevor.
Nov 29 13:58:15 mail1 OTRS-CGI[25572]: [Notice][Kernel::System::Auth::LDAP::Auth] User: wwodecki logged in (REMOTE_ADDR: 192.168.154.150).
This means: authentication OK!
Nov 29 13:58:15 mail1 OTRS-CGI[25572]: [Notice][Kernel::System::User::GetUserData] Panic! No UserData for user: 'wwodecki'!!!
This means: Oh sorry, can't find otrs user wwodecki!
Wiktor Wodecki
Martin -- Martin Edenhofer - <martin at edenhofer.de> - http://martin.edenhofer.de/ -- "The number of Unix installations has grown to 10, with more expected." The Unix Programmer's Manual, 2nd Edition, June 1972
Hello Martin, thanks for the quick response.
The AuthModule just checks the authentication. You still need to create the user 'wwodecki' via the OTRS admin interface bevor.
hmmm, what a pitty. We already have username, email, charset, etc. in our ldap directory. Would have been nice to use this as well. By the way, is there no official way to delete a user? I don't see a button, ang going directly to Postgre seems a bit harsh to me. Keep up the excellent work! -- Regards, Wiktor Wodecki
On Fri, Nov 29, Wiktor Wodecki wrote:
By the way, is there no official way to delete a user? I don't see a button, ang going directly to Postgre seems a bit harsh to me.
You don't wanna delete a user in the OTRS. Because he/she could have created or changed tickets. So you need the user for the history. What you can do is to disable the user. But you can not delete him/her. take care Stefan Wintermeyer -- Stefan Wintermeyer [preparing to marry Apu and Manjula] Well, Christ is Christ. Plus I consulted a Hindu website. (Reverend Lovejoy) "The Simpsons"
Hi Wiktor, On Fri, Nov 29, 2002 at 02:32:43PM +0100, Wiktor Wodecki wrote:
The AuthModule just checks the authentication. You still need to create the user 'wwodecki' via the OTRS admin interface bevor.
hmmm, what a pitty. We already have username, email, charset, etc. in our ldap directory. Would have been nice to use this as well.
Ok. At the moment there are no preferences backend modules. If we split this (e. g. database and ldap) you could use your LDAP directory for user preferences. But what you still need to do is to add a user to OTRS. -=> You can use 'bin/otrs.addUser' as cmd program. Or write an own wich import all users from your LDAP directory to the OTRS database.
By the way, is there no official way to delete a user? I don't see a button, ang going directly to Postgre seems a bit harsh to me.
Ja, because OTRS is working with database id references. If you would delete a user (or queue, ...) from the database, your delete the reference info. Important infos like owner or queue. Anyway, you can delete users with "DELETE FROM system_user WHERE id = ?" ( if you know what you do :).
Wiktor Wodecki
Martin -- Martin Edenhofer - <martin at edenhofer.de> - http://martin.edenhofer.de/ -- Old programmers never die. They just branch to a new address.
Hi there, Martin Edenhofer wrote:
Ja, because OTRS is working with database id references. If you would delete a user (or queue, ...) from the database, your delete the reference info. Important infos like owner or queue.
Stefan Wintermeyer wrote:
You don't wanna delete a user in the OTRS. Because he/she could have created or changed tickets. So you need the user for the history. What you can do is to disable the user. But you can not delete him/her.
okay, I understand the problem. What if we move it none theless to the LDAP and create a DB entry on-delete. This would save all references and give us the benefit of LDAP. What I would like to do is to make otrs completely independant from it's db user auth. what do you think about this approach? -- Regards, Wiktor Wodecki
Hi Wiktor, On Fri, Nov 29, 2002 at 04:24:32PM +0100, Wiktor Wodecki wrote:
Martin Edenhofer wrote:
Ja, because OTRS is working with database id references. If you would delete a user (or queue, ...) from the database, your delete the reference info. Important infos like owner or queue.
Stefan Wintermeyer wrote:
You don't wanna delete a user in the OTRS. Because he/she could have created or changed tickets. So you need the user for the history. What you can do is to disable the user. But you can not delete him/her.
okay, I understand the problem. What if we move it none theless to the LDAP and create a DB entry on-delete. This would save all references and give us the benefit of LDAP. What I would like to do is to make otrs completely independant from it's db user auth.
I know what you want! :)
what do you think about this approach?
I think this should be the way. But unfortunately it's a lot of work (need to rework/check all functions where user are used). -=> The "fastest" solution would be a sync-script "LDAP -> OTRS user table". What Do you think?
Wiktor Wodecki
Martin -- Martin Edenhofer - <martin at edenhofer.de> - http://martin.edenhofer.de/ -- "Security is a process, not a product." - Bruce Schneider
Hello Martin, sorry for the dalayed response, I wasn't in office for last couple of days... On Sun, Dec 01, 2002 at 02:23:13PM +0100, Martin Edenhofer wrote:
-=> The "fastest" solution would be a sync-script "LDAP -> OTRS user table". What Do you think?
will probably do this. However I'm going to code an customer database ldap module. Should be ready by next week and tested. Do you want me to send it to you for inclusion? -- Regards, Wiktor Wodecki
Hi Wiktor, On Thu, Dec 05, 2002 at 10:48:25AM +0100, Wiktor Wodecki wrote:
-=> The "fastest" solution would be a sync-script "LDAP -> OTRS user table". What Do you think?
will probably do this. However I'm going to code an customer database ldap module. Should be ready by next week and tested. Do you want me to send it to you for inclusion?
Of course! We appreciate your help!
Wiktor Wodecki
Martin -- Martin Edenhofer - <martin at edenhofer.de> - http://martin.edenhofer.de/ -- "Security is a process, not a product." - Bruce Schneider
participants (3)
-
Martin Edenhofer -
Stefan Wintermeyer -
Wiktor Wodecki