Hi Jason, I'm pretty new to this too, but I've got the LDAP backend working - attached are my notes. Its basically what I did to Config.pm and what happened at each step. I'm using OpenLDAP/Samba so you may have to change the odd bit around... Any questions, email me. Jim Bristol UK Installing otrs2: - purge old copy: delete otrs from /etc, /usr/share, /var/lib drop db and user - add pg_hba line for 127.0.0.1 and 10.14.96.5 otrs2 (db), otrs (user) - passwd BThDf159WeyI6 - All works fine. First job - Agents log in via LDAP... (all paths rel. to /usr/share/otrs): - added this to config.pm (copied from defaults...) $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self->{'AuthModule::LDAP::Host'} = 'ldap-master'; $Self->{'AuthModule::LDAP::BaseDN'} = 'ou=users,dc=brislington,dc=bristol,dc=sch,dc=uk'; $Self->{'AuthModule::LDAP::UID'} = 'uid'; $Self->{'AuthModule::LDAP::GroupDN'} = 'cn=otrsAgents,ou=staffgroups,ou=groups,dc=brislington,dc=bristol,dc=sch,dc=uk'; $Self->{'AuthModule::LDAP::AccessAttr'} = 'memberUid'; $Self->{'AuthModule::LDAP::UserAttr'} = 'UID'; $Self->{'AuthModule::LDAP::SearchUserDN'} = 'cn=otrs,ou=system,dc=brislington,dc=bristol,dc=sch,dc=uk'; $Self->{'AuthModule::LDAP::SearchUserPw'} = 'xxx'; $Self->{'AuthModule::LDAP::AlwaysFilter'} = ''; $Self->{'AuthModule::LDAP::Params'} = { port => 389, timeout => 120, async => 0, version => 3, }; - restart apache... (do this after every change...) - login - bottom dialog disappears off web page - good - create group otrsagents, add jim - OK - root@localhost cannot log in... - log jim in: log file: [Notice][Kernel::System::Auth::LDAP::Auth] User: jim (uid=jim,ou=ICTTechnicians,ou=SupportStaff,ou=staffUsers,ou=Users,dc=brislington,dc=bristol,dc=sch,dc=uk) authentication ok (REMOTE_ADDR: 10.14.96.8). [Notice][Kernel::System::User::GetUserData] Panic! No UserData for user: 'jim'!!! - so: System::User... Add this: $Self->{UserSyncLDAPMap} = { Firstname => 'givenName', Lastname => 'sn', Email => 'mail', Works! Boom Boom! Make jim an admin: insert into group_user (user_id, group_id, permission_key, permission_value, create_time, create_by, change_time, change_by) select 2, group_id, permission_key, permission_value, create_time, create_by, change_time, change_by from group_user where user_id = 1; OK! - Now - add customers... - log in as jimthestudent - get: [Kernel::System::CustomerAuth::DB::Auth] CustomerUser: No auth record in 'customer_user' for 'jimthestudent' (REMOTE_ADDR: 10.14.96.8) - so - need to add System::CustomerAuth:LDAP bit... $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self->{'Customer::AuthModule::LDAP::Host'} = 'ldap-master'; $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=users,dc=brislington,dc=bristol,dc=sch,dc=uk'; $Self->{'Customer::AuthModule::LDAP::UID'} = 'uid'; $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=otrs,ou=system,dc=brislington,dc=bristol,dc=sch,dc=uk'; $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'xxx'; $Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = ''; $Self->{'Customer::AuthModule::LDAP::Params'} = { port => 389, timeout => 120, async => 0, version => 3, }; - sort of works - says auth'd in logs, but does not log you in... - look at cust prefs etc... $Self->{CustomerUser} = { Name => 'BEC Users', Module => 'Kernel::System::CustomerUser::LDAP', Params => { Host => 'ldap-master', BaseDN => 'dc=brislington,dc=bristol,dc=sch,dc=uk', SSCOPE => 'sub', UserDN => 'cn=otrs,ou=system,dc=brislington,dc=bristol,dc=sch,dc=uk', UserPw => 'xxx', AlwaysFilter => '', Params => { port => 389, timeout => 120, async => 0, version => 3, }, }, CustomerKey => 'uid', CustomerID => 'mail', CustomerUserListFields => ['cn', 'mail'], CustomerUserSearchFields => ['uid', 'cn', 'mail'], CustomerUserSearchListLimit => 250, CustomerUserPostMasterSearchFields => ['mail'], CustomerUserNameFields => ['givenname', 'sn'], CustomerUserExcludePrimaryCustomerID => 0, AdminSetPreferences => 0, Map => [ [ 'UserSalutation', 'Title', 'title', 1, 0, 'var', '', 0 ], [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var', '', 0 ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var', '', 0 ], [ 'UserLogin', 'Username', 'uid', 1, 1, 'var', '', 0 ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var', '', 0 ], [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var', '', 0 ], [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var', '', 0 ], [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var', '', 0 ], [ 'UserComment', 'Comment', 'description', 1, 0, 'var', '', 0 ], ], }; - Works!!

Greetings all;

We're trying to get OTRS 2.2 Beta4 configured to connect to our LDAP server to provide a listing of all the potential customers at the university. I'm not seeing any error messages in the apache error logs, or the OTRS error log.

When in the Phone Ticket dialog, entering a search item and clicking search customer returns nothing. I have included the Kernel/Config.pm file for reference.

Using netstat -tc I see two connections to the LDAP server startup, but there is no returned data to the webform.

I've also done some work in the web configuration section that mimics the information in Kernel/Config.pm . When I make changes from OTRS, I do not see any changes in Kernel/Config.pm . Could this also be part of the issue?

Thanks in advance for any help you can provide.

-Jason

------------------------------------- Kernel/Config.pm ------------------------------------- package Kernel::Config;

sub Load { my $Self = shift; # ---------------------------------------------------- # # ---------------------------------------------------- # # # # Start of your own config options!!! # # # # ---------------------------------------------------- # # ---------------------------------------------------- #

# ---------------------------------------------------- # # database settings # # ---------------------------------------------------- # # DatabaseHost # (The database host.) $Self->{DatabaseHost} = 'localhost';

# Database # (The database name.) $Self->{Database} = 'ob4';

# DatabaseUser # (The database user.) $Self->{DatabaseUser} = 'otrs';

# (The database DSN for PostgreSQL ==> more: "man DBD::Pg") # if you want to use a local socket connection $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};";

# ---------------------------------------------------- # # fs root directory # ---------------------------------------------------- # $Self->{Home} = '/opt/otrs';

# ---------------------------------------------------- # # insert your own config settings "here" # # config settings taken from Kernel/Config/Defaults.pm # # ---------------------------------------------------- # # $Self->{SessionUseCookie} = 0; # $Self->{CheckMXRecord} = 0;

# CustomerUser # (customer user ldap backend and settings) $Self->{CustomerUser} = { Name => 'LDAP', Module => 'Kernel::System::CustomerUser::LDAP', Params => {

# ldap host Host => 'ldap.example.com,

# ldap base dn BaseDN => 'dc=example,dc=com'

# search scope (one|sub) SSCOPE => 'sub', # The following is valid but would only be necessary if the # anonymous user does NOT have permission to read from the LDAP tree # UserDN => '', # UserPw => '',

# in case you want to add always one filter to each ldap query, use # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)' AlwaysFilter => '(objectclass=computer)',

# if your frontend is e. g. iso-8859-1 and the charset of your # ldap server is utf-8, use this options (if not, ignore it) # SourceCharset => 'utf-8', # DestCharset => 'iso-8859-1', # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP) Params => { port => 389, timeout => 120, async => 0, version => 3, }, },

# customer uniq id CustomerKey => 'uid',

# customer # CustomerID => 'mail', # CustomerUserListFields => ['cn', 'mail'], CustomerUserSearchFields => ['uid', 'mail'], CustomerUserSearchPrefix => '', CustomerUserSearchSuffix => '*', CustomerUserSearchListLimit => 250, CustomerUserPostMasterSearchFields => ['mail'], CustomerUserNameFields => ['givenName', 'sn'],

# show now own tickets in customer panel, CompanyTickets CustomerUserExcludePrimaryCustomerID => 0,

# add a ldap filter for valid users (expert setting) # CustomerUserValidFilter => '(!(description=gesperrt))', # admin can't change customer preferences AdminSetPreferences => 0,

# note: Login, Email and CustomerID needed! # var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var', '', 0 ], #[ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1, 0, 'var', '', 0 ], #[ 'UserComment', 'Comment', 'description', 1, 0, 'var', '', 0 ],

Map => [ [ 'UserFirstname', 'Firstname', 'givenName', 1, 1, 'var', '', 0 ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var', '', 0 ], [ 'UserLogin', 'Username', 'uid', 1, 1, 'var', '', 0 ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var', '', 0 ], [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var', '', 0 ], [ 'UserPhone', 'Phone', 'telephoneNumber', 1, 0, 'var', '', 0 ], [ 'UserAddress', 'Address', 'postalAddress', 1, 0, 'var', '', 0 ], ], };

$Self->{Debug}=0; # ---------------------------------------------------- #

# ---------------------------------------------------- # # data inserted by installer # # ---------------------------------------------------- # #

$Self->{FQDN}='fqdn.example.com'; $Self->{DefaultCharset}='utf-8'; $Self->{CheckMXRecord}=1;

$Self->{TicketNumberGenerator}='Kernel::System::Ticket::Number::AutoIncrement';

# ---------------------------------------------------- # # ---------------------------------------------------- # # # # End of your own config options!!! # # # # ---------------------------------------------------- # # ---------------------------------------------------- # }

# ---------------------------------------------------- # # needed system stuff (don't edit this) # # ---------------------------------------------------- # use strict; use vars qw(@ISA $VERSION); use Kernel::Config::Defaults; push (@ISA, 'Kernel::Config::Defaults'); $VERSION = '$Revision: 1.18 $'; $VERSION =~ s/^\$.*:\W(.*)\W.+?$/$1/; # -----------------------------------------------------#

1;

-- Jason Hill jahill@iastate.edu ISU Veterinary Teaching Hospital Ames, IA 50011

_______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support or consulting for your OTRS system? => http://www.otrs.com/

-- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.

---------------------------------------------------------------------------------------- Brislington Enterprise College Mail System This e-mail and any attachements are intended solely for the use of the individual to whom it is addressed. Any views or opinions presented are solely those of the author and do not necessarily represent those of Brislington Enterprise College. If you are not the intended recipient, be advised that you have received this e-mail in error and that any use, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender. As internet communications are not secure, we do not accept legal responsibility for the contents of this message nor for any changes made after it was sent by the original sender. For information about Brislington Enterprise College, please visit http://www.because.org.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.