Definitions for LDAP Authentication
Here is the story so far, I followed how to in the OTRS manual for how to set up LDAP to play nicely with Windows Active Directory. I just need to know if I provide you guys with the information for our configuration, can you tell me what the things like what BaseDN and ou can dc should be. Here is my information: Active Directory Server is @ 10.0.0.41 Active Directory's host name is: vdp-dc-003 Domain or Forest everyone is under is: VERNON_FR OTRS Active Directory User is: otrs_ldap OTRS Active Directory Password is: (You could just put stars so I know where to put it) Any help is greatly appreciated :-)
This works for me SSL connection to OpenLDAP directory. I imagine AD is something similar, you can follow the example tested 12-22-2007: ####################### 12-22-2007 $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self->{'AuthModule::LDAP::Host'} = 'ldaps://mblauth01.mbl.edu'; $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=mbl,dc=edu'; $Self->{'AuthModule::LDAP::UID'} = 'uid'; $Self->{'AuthModule::LDAP::GroupDN'} = 'cn=Information Services,ou=MBL,ou=Institutions,ou=Groups,dc=mbl,dc=edu'; $Self->{'AuthModule::LDAP::AccessAttr'} = 'memberUid'; $Self->{'AuthModule::LDAP::UserAttr'} = 'cn'; $Self->{'AuthModule::LDAP::SearchUserDN'} = 'uid=search,ou=users,dc=mbl,dc=edu'; $Self->{'AuthModule::LDAP::SearchUserPw'} = 'secret'; $Self->{'AuthModule::LDAP::Params'} = { # port => 636, timeout => 120, verify => 'require', cafile => '/etc/pki/tls/certs/mbl-ca.pem', # async => 0, # version => 3, }; $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self->{'Customer::AuthModule::LDAP::Host'} = 'ldaps://mblauth01.mbl.edu'; $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=users,dc=mbl,dc=edu'; $Self->{'Customer::AuthModule::LDAP::UID'} = 'uid'; $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'uid=search,ou=users,dc=mbl,dc=edu'; $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'secret'; $Self->{CustomerUser} = { Module => 'Kernel::System::CustomerUser::LDAP', Params => { Host => 'ldaps://mblauth01.mbl.edu', BaseDN => 'dc=mbl,dc=edu', SSCOPE => 'sub', UserDN => 'uid=search,ou=users,dc=mbl,dc=edu', UserPw => 'secret', }, CustomerKey => 'cn', CustomerID => '[customer_id]', CustomerUserListFields => ['cn', 'mail'], CustomerUserSearchFields => ['cn', 'mail'], CustomerUserPostMasterSearchFields => ['mail'], CustomerUserNameFields => ['givenname', 'sn'], Map => [ # var, frontend, storage, shown (1=always,2=lite), required,storage-type, http-link, readonly [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ], [ 'UserLogin', 'Login', 'cn', 1, 1, 'var' ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ], [ 'UserCustomerID', 'CustomerID', 'cn', 0, 1, 'var' ], ], }; $Self->{UserSyncLDAPMap} = { # DB -> LDAP UserFirstname => 'givenName', UserLastname => 'sn', UserEmail => 'mail', }; ####################### 12-22-2007 Kent On Wed, 2007-12-26 at 10:12 -0800, Justin Holt wrote:
Here is the story so far, I followed how to in the OTRS manual for how to set up LDAP to play nicely with Windows Active Directory. I just need to know if I provide you guys with the information for our configuration, can you tell me what the things like what BaseDN and ou can dc should be. Here is my information:
Active Directory Server is @ 10.0.0.41 Active Directory's host name is: vdp-dc-003 Domain or Forest everyone is under is: VERNON_FR OTRS Active Directory User is: otrs_ldap OTRS Active Directory Password is: (You could just put stars so I know where to put it)
Any help is greatly appreciated :-)
_______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support or consulting for your OTRS system? => http://www.otrs.com/
Well this makes things a little bit awkward. I guess IIS or Internet Informations Services which was built into Windows Server 2000 has taken over apache. This is a little off topic but does anyone know any possible solutions to this, I have tried to manually start apache but that crashes and I just don't know what to do. Justin
When my apache kept crashing I restarted the whole server and it fired up. Thank you, Ryan S. Stahl Casper, WY True IT Department IT Technician MCSA (307) 266-0249 From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On Behalf Of Justin Holt Sent: Wednesday, December 26, 2007 12:02 PM To: User questions and discussions about OTRS.org Subject: Re: [otrs] Definitions for LDAP Authentication Well this makes things a little bit awkward. I guess IIS or Internet Informations Services which was built into Windows Server 2000 has taken over apache. This is a little off topic but does anyone know any possible solutions to this, I have tried to manually start apache but that crashes and I just don't know what to do. Justin The information in this electronic mail message and any attached files is confidential and may be legally privileged. If you are not the intended recipient, delete this message and contact the sender immediately. Access to this message by anyone other than its intended recipient is unauthorized. You must not use or disseminate this information as it is proprietary property of the True companies. Communications on or through the True companies' computer systems may be monitored or recorded to secure effective system operation and for other lawful purposes. Thank you.
Alright, I have it all straightened out now. My question I guess is what do each one of those variables represent in the Windows 2000 or Windows 2003 environment. Does dc relate to what is in between the periods of a web address such as www.blahblah.com? Sorry if these are really ridiculous type questions, I'm just very new to Active Directory and Windows Servers in general. Justin
Hi again everyone, I have some new information for you if you care to listen. So far, when I adjust my config.pm file to work with LDAP Active Directory, I can get to the Customer log in page, but, I can not log in using a name that is the same in the OTRS db or the Windows Active Directory, the screen just comes up with red text saying: "Login Failed. Your username or password was entered incorrectly." Does that have something to do with syncing LDAP with the DB (I'm sorry but I have read through quite a bit of posts and I have little idea as to what to do.) I think this may also be a source of my problem. All users of the Active Directory that we plan on allowing to use this are in this location: \\ci.vernon.ct.us\Accnts\Client\Loctns\VDP I believe that is also the location of the user otrs_ldap that we are using to query the MS Active Directory. I am posting below what I have right now in the config.pm to use LDAP with the hopes that one of you may respond back with a proper fix to get this up and running for me because I have just run out of ideas. Thanks again to anyone who can help me out. Justin Holt Town of Vernon IT Intern
Hi again everyone, I have some new information for you if you care to listen. So far, when I adjust my config.pm file to work with LDAP Active Directory, I can get to the Customer log in page, but, I can not log in using a name that is the same in the OTRS db or the Windows Active Directory, the screen just comes up with red text saying: "Login Failed. Your username or password was entered incorrectly." Does that have something to do with syncing LDAP with the DB (I'm sorry but I have read through quite a bit of posts and I have little idea as to what to do.) I think this may also be a source of my problem. All users of the Active Directory that we plan on allowing to use this are in this location: \\ci.vernon.ct.us\Accnts\Client\Loctns\VDP I believe that is also the location of the user otrs_ldap that we are using to query the MS Active Directory. I am posting below what I have right now in the config.pm to use LDAP with the hopes that one of you may respond back with a proper fix to get this up and running for me because I have just run out of ideas. $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self->{'AuthModule::LDAP::Host'} = 'vdp-dc-003'; $Self->{'AuthModule::LDAP::BaseDN'} = 'ou=Domain Users, dc=vernon_fr'; $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self->{'AuthModule::LDAP::SearchUserDN'} = 'otrs_ldap'; $Self->{'AuthModule::LDAP::SearchUserPw'} = '1qaz2wsx'; $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self->{'Customer::AuthModule::LDAP::Host'} = 'vdp-dc-003'; $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=vernon_fr'; $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrs_ldap'; $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = '1qaz2wsx'; $Self->{CustomerUser} = { Module => 'Kernel::System::CustomerUser::LDAP', Params => { Host => 'vdp-dc-003', BaseDN => 'ou=Domain Users, dc=vernon_fr', SSCOPE => 'sub', UserDN => 'otrs_ldap', UserPw => '1qaz2wsx', }, CustomerKey => 'sAMAccountName', CustomerID => 'mail', CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'], CustomerUserPostMasterSearchFields => ['mail'], CustomerUserNameFields => ['givenname', 'sn'], Map => [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown, required, storage-type # [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ], [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ], [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ], [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ], # [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ], # [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ], # [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ], ], }; Thanks again to anyone who can help me out. Justin Holt Town of Vernon IT Intern (I appologize if this is a double email, I accidently hit send with out the config edit)
Justin, did you read my installation guide already, espessialy the windows LDAP query user part? http://trinityhome.org/Home/index.php?wpid=98&front_id=18 Regards, Bart ________________________________ Van: otrs-bounces@otrs.org namens Justin Holt Verzonden: do 27/12/2007 22:01 Aan: User questions and discussions about OTRS.org Onderwerp: Re: [otrs] Definitions for LDAP Authentication Hi again everyone, I have some new information for you if you care to listen. So far, when I adjust my config.pm file to work with LDAP Active Directory, I can get to the Customer log in page, but, I can not log in using a name that is the same in the OTRS db or the Windows Active Directory, the screen just comes up with red text saying: "Login Failed. Your username or password was entered incorrectly." Does that have something to do with syncing LDAP with the DB (I'm sorry but I have read through quite a bit of posts and I have little idea as to what to do.) I think this may also be a source of my problem. All users of the Active Directory that we plan on allowing to use this are in this location: \\ci.vernon.ct.us\Accnts\Client\Loctns\VDP file://ci.vernon.ct.us/Accnts/Client/Loctns/VDP I believe that is also the location of the user otrs_ldap that we are using to query the MS Active Directory. I am posting below what I have right now in the config.pm to use LDAP with the hopes that one of you may respond back with a proper fix to get this up and running for me because I have just run out of ideas. $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self->{'AuthModule::LDAP::Host'} = 'vdp-dc-003'; $Self->{'AuthModule::LDAP::BaseDN'} = 'ou=Domain Users, dc=vernon_fr'; $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self->{'AuthModule::LDAP::SearchUserDN'} = 'otrs_ldap'; $Self->{'AuthModule::LDAP::SearchUserPw'} = '1qaz2wsx'; $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self->{'Customer::AuthModule::LDAP::Host'} = 'vdp-dc-003'; $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=vernon_fr'; $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrs_ldap'; $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = '1qaz2wsx'; $Self->{CustomerUser} = { Module => 'Kernel::System::CustomerUser::LDAP', Params => { Host => 'vdp-dc-003', BaseDN => 'ou=Domain Users, dc=vernon_fr', SSCOPE => 'sub', UserDN => 'otrs_ldap', UserPw => '1qaz2wsx', }, CustomerKey => 'sAMAccountName', CustomerID => 'mail', CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'], CustomerUserPostMasterSearchFields => ['mail'], CustomerUserNameFields => ['givenname', 'sn'], Map => [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown, required, storage-type # [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ], [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ], [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ], [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ], # [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ], # [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ], # [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ], ], }; Thanks again to anyone who can help me out. Justin Holt Town of Vernon IT Intern (I appologize if this is a double email, I accidently hit send with out the config edit)
I did happen to read it Bart and I thank you for writing it, I'm just having a problem figuring out where stuff goes, like I said, totally newbie to OTRS and LDAP and Active Directory here. I was hired by the town of Vernon 4 weeks ago, and this has been my project since day 1. This is one of the last road blocks until we tell the users about it. I also need to find away to alert my co workers who will have blackberries of the work orders, but thats for another time. Thanks, Justin Holt Town of Vernon IT Intern
Looking back at that guide, I was able to figure out what I needed. Thanks again to everyone Justin
participants (4)
-
Bart Verstricht -
Justin Holt -
Kent Nasveschuk -
Ryan Stahl