OTRS2 (Debian and LDAP) problems
Hi Team, I am just getting started with OTRS, and I'm trying to get the LDAP features to work... probably the firwst thing to ask is - how can I get a decent level of debugging (I've set apache to run as debug but this doesn't really tell me anything useful) - is there anything in OTRS itself? Following smoothly on - I've got it all running OK with Postgresql, but am having problems integrating LDAP for agents and customers (config attached)... I'm pretty sure its connecting alright, because if I say I've forgotten my password, it sends me a new one (that doesn't work either), and knows that the customers are stored in something called 'BEC Users' (and can't add new ones). If I activate the first bit (authmodule) then I can't log in as an agent; if I activate the second, I can't log in as a customer. Does anyone have any tips, opr could you send me a working Config.pm to compare please? thanks in advance Jim Potter Brislington Enterprise College $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self->{'AuthModule::LDAP::Host'} = 'ldap-master'; $Self->{'AuthModule::LDAP::BaseDN'} = 'ou=icttechnicians,ou=supportstaff,ou=staffusers,ou=users,dc=brislington,dc=bristol,dc=sch,dc=uk'; $Self->{'AuthModule::LDAP::UID'} = 'uid'; $Self->{'AuthModule::LDAP::GroupDN'} = ''; $Self->{'AuthModule::LDAP::AccessAttr'} = 'memberUid'; $Self->{'AuthModule::LDAP::UserAttr'} = 'UID'; $Self->{'AuthModule::LDAP::SearchUserDN'} = 'cn=otrs,ou=system,dc=brislington,dc=bristol,dc=sch.dc=uk'; $Self->{'AuthModule::LDAP::SearchUserPw'} = 'xxx'; $Self->{'AuthModule::LDAP::AlwaysFilter'} = ''; $Self->{'AuthModule::LDAP::Params'} = { port => 389, timeout => 120, async => 0, version => 3, }; $Self->{CustomerUser} = { Name => 'BEC Users', Module => 'Kernel::System::CustomerUser::LDAP', Params => { Host => 'ldap-master', BaseDN => 'ou=users,dc=brislington,dc=bristol,dc=sch,dc=uk', SSCOPE => 'sub', UserDN => 'cn=otrs,ou=system,dc=brislington,dc=bristol,dc=sch,dc=uk', UserPw => 'xxx', AlwaysFilter => '', Params => { port => 389, timeout => 120, async => 0, version => 3, }, }, CustomerKey => 'uid', CustomerID => 'mail', CustomerUserListFields => ['cn', 'mail'], CustomerUserSearchFields => ['uid', 'cn', 'mail'], CustomerUserSearchPrefix => '', CustomerUserSearchSuffix => '*', CustomerUserSearchListLimit => 250, CustomerUserPostMasterSearchFields => ['mail'], CustomerUserNameFields => ['givenname', 'sn'], CustomerUserExcludePrimaryCustomerID => 0, AdminSetPreferences => 0, Map => [ [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var', '', 0 ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var', '', 0 ], [ 'UserLogin', 'Username', 'uid', 1, 1, 'var', '', 0 ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var', '', 0 ], [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var', '', 0 ] ], }; -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Hey Jim,
features to work... probably the firwst thing to ask is - how can I get a decent level of debugging (I've set apache to run as debug but this
you can increase the log output by inserting $Self->{Debug} = 1; in Kernel/Config.pm. You can really make OTRS spill its guts by setting "my $Debug = 0; " to "my $Debug = 1;" instead. This setting is located in bin/cgi-bin/index.pl around line no 38 (OTRS 2.1.6).
Does anyone have any tips, opr could you send me a working Config.pm to compare please?
You can check the mailing list archives for that as this problem is not uncommon :-( Anyways, in your config is something missing. LDAP authentication has to be done in two parts for both agents and customers. Therefore you have to have, say, 4 content blocks: 1. Agent LDAP auth 2. Agent LDAP sync (missing in your config) 3. Customer LDAP auth (missing in your config) 4. Customer LDAP sync For 2. insert something like this (change to fit your needs): # UserSyncLDAPMap # (map if agent should create/synced from LDAP to DB after login) $Self->{UserSyncLDAPMap} = { # DB -> LDAP Firstname => 'givenName', Lastname => 'sn', Email => 'mail', }; For 3. insert (again, needs to be customized): # customer user authentication $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self->{'Customer::AuthModule::LDAP::Host'} = '<host>'; $Self->{'Customer::AuthModule::LDAP::BaseDN'} = '<dn>'; $Self->{'Customer::AuthModule::LDAP::UID'} = 'uid'; $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = '<dn>'; $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = '<pw>'; # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP) $Self->{'Customer::AuthModule::LDAP::Params'} = { port => 389, timeout => 120, async => 0, version => 3, }; OTRS needs to sync user information to its local database and needs the config blocks 2 and 4 for it. Blocks 1 and 3 are for authentication, which has to be set up for agents and customers separately. Hope this helps Tobias -- 50% of the high school graduates in this country graduated in the bottom half of their class.
Hi Tobias, got it all working great - thanks for your help. cheers Jim Potter
Hey Jim,
features to work... probably the firwst thing to ask is - how can I get a decent level of debugging (I've set apache to run as debug but this
you can increase the log output by inserting $Self->{Debug} = 1; in Kernel/Config.pm.
You can really make OTRS spill its guts by setting "my $Debug = 0; " to "my $Debug = 1;" instead.
This setting is located in bin/cgi-bin/index.pl around line no 38 (OTRS 2.1.6).
Does anyone have any tips, opr could you send me a working Config.pm to compare please?
You can check the mailing list archives for that as this problem is not uncommon :-(
Anyways, in your config is something missing. LDAP authentication has to be done in two parts for both agents and customers. Therefore you have to have, say, 4 content blocks:
1. Agent LDAP auth 2. Agent LDAP sync (missing in your config) 3. Customer LDAP auth (missing in your config) 4. Customer LDAP sync
For 2. insert something like this (change to fit your needs):
# UserSyncLDAPMap # (map if agent should create/synced from LDAP to DB after login) $Self->{UserSyncLDAPMap} = { # DB -> LDAP Firstname => 'givenName', Lastname => 'sn', Email => 'mail', };
For 3. insert (again, needs to be customized):
# customer user authentication $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self->{'Customer::AuthModule::LDAP::Host'} = '<host>'; $Self->{'Customer::AuthModule::LDAP::BaseDN'} = '<dn>'; $Self->{'Customer::AuthModule::LDAP::UID'} = 'uid';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = '<dn>'; $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = '<pw>';
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP) $Self->{'Customer::AuthModule::LDAP::Params'} = { port => 389, timeout => 120, async => 0, version => 3, };
OTRS needs to sync user information to its local database and needs the config blocks 2 and 4 for it. Blocks 1 and 3 are for authentication, which has to be set up for agents and customers separately.
Hope this helps Tobias
-- 50% of the high school graduates in this country graduated in the bottom half of their class. _______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support or consulting for your OTRS system? => http://www.otrs.com/
-- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
---------------------------------------------------------------------------------------- Brislington Enterprise College Mail System This e-mail and any attachements are intended solely for the use of the individual to whom it is addressed. Any views or opinions presented are solely those of the author and do not necessarily represent those of Brislington Enterprise College. If you are not the intended recipient, be advised that you have received this e-mail in error and that any use, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender. As internet communications are not secure, we do not accept legal responsibility for the contents of this message nor for any changes made after it was sent by the original sender. For information about Brislington Enterprise College, please visit http://www.because.org.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
participants (3)
-
Jim Potter -
jim@because.org.uk
-
Tobias Lütticke