Customer-Authentication via Novell eDirectory
Hello! I´m trying to configure customer-authentication via Novell eDirectory but it works only with some users. The following error is reported via otrs System Log: error OTRS-CGI-1 Sizelimit exceeded What does it mean? Here´s my configuration: #CustomerUser #CustomerUser LDAP-Backend $Self->{CustomerUser} = { Module => 'Kernel::System::CustomerUser::LDAP', Params => { Host => 'klipanwcn01', BaseDN => 'o=kli_pa', SSCOPE => 'sub', UserDN => 'cn=ldap,o=kli_pa', UserPW => 'pw', }, CustomerKey => 'cn', CustomerID => 'mail', CustomerUserListFields => ['cn', 'mail'], CustomerUserSearchFields => ['cn', 'mail'], CustomerUserPostMasterSearchFields => ['mail'], CustomerUserNameFields => ['givenName', 'sn'], Map => [ ['UserSalutation', 'Title', 'title', 1, 0,'var'], ['UserFirstname', 'Firstname', 'givenName', 1, 1, 'var'], ['UserLastname', 'Lastname', 'sn', 1, 1, 'var'], ['UserLogin', 'Login', 'cn', 1, 1, 'var'], ['UserEmail', 'Email', 'mail', 1, 1, 'var'], ['UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var'], ['UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var'], ['UserAddress', 'Address', 'postaladdress', 1, 0, 'var'], ['UserComment', 'Comment', 'description', 1, 0, 'var'], ], }; Regards Guenther
Am Mit, 2003-09-17 um 07.37 schrieb Guenther Rasch:
I´m trying to configure customer-authentication via Novell eDirectory but it works only with some users.
What are the exact differences between accepted and rejected users? Could you post some (constructed) examples that would fail and that would pass? Which error messages can you find in syslog, provided that's your OTRS logging mechanism. Find details of your logging mecvhanism in Kernel/Config.pm or Kernel/Config/Defaults.pm.
The following error is reported via otrs System Log:
error OTRS-CGI-1 Sizelimit exceeded
What does it mean?
Basically, it means that you're running OTRS as a CGI app, I think. Try using the mod_perl version, if possible. Which environment do you use?
#CustomerUser #CustomerUser LDAP-Backend $Self->{CustomerUser} = { Module => 'Kernel::System::CustomerUser::LDAP', Params => { Host => 'klipanwcn01', BaseDN => 'o=kli_pa', SSCOPE => 'sub', UserDN => 'cn=ldap,o=kli_pa', UserPW => 'pw', }, CustomerKey => 'cn', CustomerID => 'mail', CustomerUserListFields => ['cn', 'mail'], CustomerUserSearchFields => ['cn', 'mail'], CustomerUserPostMasterSearchFields => ['mail'], CustomerUserNameFields => ['givenName', 'sn'], Map => [ ['UserSalutation', 'Title', 'title', 1, 0,'var'], ['UserFirstname', 'Firstname', 'givenName', 1, 1, 'var'], ['UserLastname', 'Lastname', 'sn', 1, 1, 'var'], ['UserLogin', 'Login', 'cn', 1, 1, 'var'], ['UserEmail', 'Email', 'mail', 1, 1, 'var'], ['UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var'], ['UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var'], ['UserAddress', 'Address', 'postaladdress', 1, 0, 'var'], ['UserComment', 'Comment', 'description', 1, 0, 'var'], ], };
What I could think of is being the 'description' field too long in the case of some of your users. Regards, Robert Kehl
Hi Robert, Robert Kehl wrote:
Am Mit, 2003-09-17 um 07.37 schrieb Guenther Rasch:
I´m trying to configure customer-authentication via Novell eDirectory but it works only with some users.
What are the exact differences between accepted and rejected users? Could you post some (constructed) examples that would fail and that would pass?
Which error messages can you find in syslog, provided that's your OTRS logging mechanism. Find details of your logging mecvhanism in Kernel/Config.pm or Kernel/Config/Defaults.pm.
I can not find out the differences. We´ve 430 eDirectory-Users, but in otrs i can see 10-20 users... Here´s the error message from syslog: Sep 17 07:48:50 otrs OTRS-CGI-1[31687]: [Error][Kernel::System::CustomerUser::LDAP::CustomerSearch][Line:158]: Sizelimit exceeded
The following error is reported via otrs System Log:
error OTRS-CGI-1 Sizelimit exceeded
What does it mean?
Basically, it means that you're running OTRS as a CGI app, I think. Try using the mod_perl version, if possible. Which environment do you use?
ok, I´ll try mod_perl
#CustomerUser #CustomerUser LDAP-Backend $Self->{CustomerUser} = { Module => 'Kernel::System::CustomerUser::LDAP', Params => { Host => 'klipanwcn01', BaseDN => 'o=kli_pa', SSCOPE => 'sub', UserDN => 'cn=ldap,o=kli_pa', UserPW => 'pw', }, CustomerKey => 'cn', CustomerID => 'mail', CustomerUserListFields => ['cn', 'mail'], CustomerUserSearchFields => ['cn', 'mail'], CustomerUserPostMasterSearchFields => ['mail'], CustomerUserNameFields => ['givenName', 'sn'], Map => [ ['UserSalutation', 'Title', 'title', 1, 0,'var'], ['UserFirstname', 'Firstname', 'givenName', 1, 1, 'var'], ['UserLastname', 'Lastname', 'sn', 1, 1, 'var'], ['UserLogin', 'Login', 'cn', 1, 1, 'var'], ['UserEmail', 'Email', 'mail', 1, 1, 'var'], ['UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var'], ['UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var'], ['UserAddress', 'Address', 'postaladdress', 1, 0, 'var'], ['UserComment', 'Comment', 'description', 1, 0, 'var'], ], };
What I could think of is being the 'description' field too long in the case of some of your users.
without description, the same error occours
Regards,
Robert Kehl
_______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? =http://www.otrs.de/
Am Mit, 2003-09-17 um 08.44 schrieb Guenther Rasch:
Robert Kehl wrote:
Am Mit, 2003-09-17 um 07.37 schrieb Guenther Rasch:
What are the exact differences between accepted and rejected users? Could you post some (constructed) examples that would fail and that would pass?
I can not find out the differences. We´ve 430 eDirectory-Users, but in otrs i can see 10-20 users...
Is the problem reproducable, ie. does it always happen with the same user accounts, or is it randomly changing? What you could do to see if it's a problem with the structure of your LDAP tree is as follows: a) Find a failing and a non-failing user. b) Copy the failing user and ensure the copy fails, too. c) Change *one* field in the failing user account, using the content from the non-failing account. Never change more than one attribute! d) There must be one change after that the user does no longer fail. If this doesn't happen, it's no problem with the data structure. hth, Robert Kehl
Hi Robert,
Am Mit, 2003-09-17 um 08.44 schrieb Guenther Rasch:
Robert Kehl wrote:
Am Mit, 2003-09-17 um 07.37 schrieb Guenther Rasch:
What are the exact differences between accepted and rejected users? Could you post some (constructed) examples that would fail and that would pass?
I can not find out the differences. We´ve 430 eDirectory-Users, but in otrs i can see 10-20 users...
I can always see the same users.
Is the problem reproducable, ie. does it always happen with the same user accounts, or is it randomly changing?
What you could do to see if it's a problem with the structure of your LDAP tree is as follows:
I don´t think there´s a structure problem. Another application using the same perl-ldap-modules is working very well: #! /usr/bin/perl # NDS-LDAP-Reader und Konvertierprogramm für mysql use Net::LDAP qw(:all); use Net::LDAP::Schema qw(all); @wsattrs = ( ["wMNAMEDNS","Workstation","PCName",1], ["zENINVComputerModel","Workstation","ComputerModell",0], ["zENINVSerialNumber","Workstation","Seriennummer",0], ["zENINVMemorySize","Workstation","RAM",0], ["zENINVDiskInfo","Workstation","Festplatten",0], ["wMNAMEOS","Workstation","OSVersion",0], ["zENINVBIOSType","Workstation","BiosVersion",0], ["zENINVNovellClientVersion","Workstation","NovellClient",0], ["zENINVIPAddress","Workstation","IPAdresse",0], ["zenwmMACAddress","Workstation","MACAdresse",0], ["wMUserHistory","Userhistorie","UserHistorie",0], ["wMNAMEUser","Workstation","User",0], ["wMLastRegisteredTime","Workstation","LetzteAnmeldung",0] ); @userattrs = ( ["cn","User","Loginname",1], ["fullName","User","VollstaendigerName",0], ["zenwmLoggedInWorkstation","Loggedinworkstations","Loggedinworkstation",0], ["mail","User","Mailadresse",0], ["loginDisabled","User","Userdeaktiviert",0], ["loginExpirationTime","User","begrenzteAnmeldungen",0], ["appAssociations","Anwendungen","Anwendungen",0], ["loginTime","User","LoginTime",0], ["groupMembership","Gruppenmitgliedschaften","Gruppenmitgliedschaften",0] ); sub ReadLDAP { ($base,$object,@sicherattrs) = @_; if ($object eq "Workstation") {print "# Workstations : $object\n";} if ($object eq "User") {print "# User : $object";} @attrs = @sicherattrs; if ($ldap = Net::LDAP->new('172.24.4.210')) {} else { $ldap = Net::LDAP->new('172.24.4.205') or die "Konnektierung failed!\n"; } $r=$ldap->bind("cn=ldap,o=kli_pa",password=>"<password>"); $mesg = $ldap->search( base => "$base", scope => 'subtree', filter => "objectclass=$object" # filter => "cn=*" ); my $max = $mesg->count; print "\n# Anzahl Suchergebnisse: $max\n"; for( my $index = 0 ; $index < $max ; $index++) { undef %datensatz; $count=0; my $entry = $mesg->entry($index); my $dn = $entry->dn; # Obtain DN of this entry print "# Objektname : $dn\n"; while ($arref = shift(@attrs)) { ($var,$table,$mysqlattr,$key) = (@$arref); $attr = $entry->get_value( $var, asref => 1 ); if ( defined($attr) ) { foreach my $value ( @$attr ) { $value =~ s/ä/ä/g; $value =~ s/ü/ü/g; $value =~ s/ö/ö/g; if ($key) { $keyname = $mysqlattr; $keyvalue = $value; $normaltable = $table; } if ($table ne $normaltable) { print FH "INSERT into $table ($keyname,$mysqlattr) VALUES(\"$keyvalue\",\"$value\");\n"; } else { $datensatz{"$mysqlattr"}=$value; $count++; } } } } $datensatz{"dn"}=$dn; @attrs = @sicherattrs; $count2=0; while(($mykey,$myval)=each(%datensatz)) { if ($count2==0) { $mykeys = "$mykey"; $myvals = "\"$myval\""; } else { $mykeys .=",$mykey"; $myvals .=",\"$myval\""; } $count2++; } print FH "INSERT into $object ($mykeys) VALUES ($myvals);\n"; } } open FH,">/etc/cronjobs/transferfile"; print FH "DELETE from User;\n"; print FH "DELETE from Workstation;\n"; print FH "DELETE from Userhistorie;\n"; print FH "DELETE from Anwendungen;\n"; print FH "DELETE from Gruppenmitgliedschaften;\n"; print FH "DELETE from Loggedinworkstations;\n"; #ReadLDAP("ou=WORKSTATION,ou=Informatik,o=kli_pa","Workstation",@wsattrs); ReadLDAP("o=kli_pa","Workstation",@wsattrs); ReadLDAP("o=kli_pa","User",@userattrs); #ReadLDAP("ou=WORKSTATION,ou=Chir,o=kli_pa","Workstation",@wsattrs); #ReadLDAP("ou=Informatik,o=kli_pa","User",@userattrs); close (FH); `/usr/bin/mysql -h testweb -u root -p"<password>" inventory < /etc/cronjobs/transferfile`;
It's pretty hard solving this without examples. Could you create a failing and a non-failing user account and post/email it? Robert
Ok, I´ll post it asap. Guenther Robert Kehl schrieb:
It's pretty hard solving this without examples.
Could you create a failing and a non-failing user account and post/email it?
Robert
_______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? => http://www.otrs.de/
participants (2)
-
Guenther Rasch -
Robert Kehl