Another painful LDAPS problem

Hi all, I've been trying to set up a LDAPS backend for customer auth, but haven't had much luck. I had a working setup with our old domain using plaintext ldap, but new requirements are forcing us to go with LDAPS. The customer list in the Customer Admin section populates correctly, but trying to log in results in "OTRS-CGI-10[1239]: [Error][Kernel::System::User::UserLookup][Line:922]: No UserID found for 'Test.User'!" Running "openssl s_client -connect" results in success but does throw this warning "Verify return code: 21 (unable to verify the first certificate)". All certs are selfsigned, and AD is run on a Win2012 DC. Agents are using the local database. I've tried the Config.pm parameters a few different ways (including versions from OTRS 3 and 4 documentation) with the same results. I've repeated the ldaps://:port in the host directive and in net:ldap parameters, but have tried both independently with the same results. I'm on OTRS 5.0.7 installed via the built-in Ubuntu repositories. I can also install manually if you guys think that might help. $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self->{'Customer::AuthModule::LDAP::Host'} = 'ldaps://domaincontroller.fqdn.com:636'; $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=xxxx,dc=com'; $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN'; $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'service_acct@domain.com'; $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'xxx'; '(objectclass=user)' $Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '(objectclass=user)'; $Self->{'Customer::AuthModule::LDAP::UserSuffix'} = '@domain.com'; # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP) $Self->{'Customer::AuthModule::LDAP::Params'} = { port => 636, timeout => 120, async => 0, version => 3, scheme => 'ldaps', onerror => 'warn', verify => 'none', scope => 'subtree', }; # CustomerUser # (customer ldap backend and settings) $Self->{CustomerUser} = { Name => 'LDAP Data Source', Module => 'Kernel::System::CustomerUser::LDAP', Params => { # ldap host Host => 'ldaps://domaincontroller.fqdn.com:636', # ldap base dn BaseDN => 'dc=xxxx,dc=com', # search scope (one|sub) SSCOPE => 'sub', # The following is valid but would only be necessary if the # anonymous user does NOT have permission to read from the LDAP tree UserDN => 'service_acct@domain.com', UserPw => 'xxx', # in case you want to add always one filter to each ldap query, use # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)' AlwaysFilter => '(objectclass=user)', # if the charset of your ldap server is iso-8859-1, use this: # SourceCharset => 'iso-8859-1', # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP) Params => { port => 636, timeout => 120, async => 0, version => 3, scheme => 'ldaps', onerror => 'warn', verify => 'none', scope => 'subtree', }, }, # customer unique id CustomerKey => 'sAMaccountName', # customer # CustomerID => 'mail', CustomerUserListFields => ['cn', 'mail'], CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchPrefix => '', CustomerUserSearchSuffix => '*', CustomerUserSearchListLimit => 250, CustomerUserPostMasterSearchFields => ['mail'], CustomerUserNameFields => ['givenname', 'sn'], # show not own tickets in customer panel, CompanyTickets CustomerUserExcludePrimaryCustomerID => 0, # add an ldap filter for valid users (expert setting) # CustomerUserValidFilter => '(!(description=locked))', # administrator can't change customer preferences AdminSetPreferences => 0, # # cache time to live in sec. - cache any database queries # CacheTTL => 0, Map => [ # note: Login, Email and CustomerID are mandatory! # var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly, http-link-target, link class(es) [ 'UserTitle', 'Title', 'title', 1, 0, 'var', '', 0 ], [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var', '', 0 ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var', '', 0 ], [ 'UserLogin', 'Username', 'sAMAccountName', 1, 1, 'var', '', 0 ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var', '', 0 ], [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var', '', 0 ], # [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1, 0, 'var', '', 0 ], [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var', '', 0 ], [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var', '', 0 ], [ 'UserComment', 'Comment', 'description', 1, 0, 'var', '', 0 ], ], }; Let me know if you need any other files or info, and thanks a million!!! -- --- Evan Spangler Systems Administrator TEK Fusion Global, Inc This e-mail may contain confidential or privileged information. This communication and any attached documents may also contain data subject to the International Traffic in Arms Regulations or U.S. Export Administration Regulations and cannot be disseminated, distributed or copied to foreign nationals, residing in the U.S. or abroad, without the prior approval of the U.S. Department of State or appropriate export licensing authority. If you are not the intended recipient, please notify the sender immediately by return e-mail with a copy to: IT@tekfusioninc.com and delete this e-mail and all copies and attachments. Opinions, conclusions and other information in this message that do not relate to the official business of Tek Fusion Global, Inc., shall be understood as neither given nor endorsed by it.

Hi Evan, Is this the same config you’re using on your other system?
On Jun 30, 2017, at 9:08 PM, Evan Spangler
wrote: $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'Customer::AuthModule::LDAP::UserSuffix'} = '@domain.com';
Looks weird to me to add the domain to the sAMAccountName. AFAIK know sAMAccountName plus the domain is mostly the userPrincipalName. Did you tried it without the UserSuffix when the customer enter the sAMAccountName? - Roy

Hi Roy, Thanks for looking at my config! I hadn't considered using the UPN instead of the sAMAccountName. No luck, unfortunately. The old and new installations are on two different VMs, and I used the same syntax and similar parameters with the exception of switching to LDAPS instead of plaintext LDAP. I didn't have to specify the port and protocol in the Net::LDAP or hostname fields. Besides that, nothing has changed. They weren't rolled out to production yet so are/were stock (besides this LDAP auth) with no tickets except for test tickets. I've switched sAMAccountname to userPrincipalName in the relevant fields and commented out the appending UserSuffix line. The customer fields repopulated using the UPN as username and customer ID, but same error. Syslog: OTRS-CGI-10[3833]: [Error][Kernel::System::User::UserLookup][Line:922]: No UserID found for 'Test.User@tekfusioninc.com'! OTRS-CGI-10[3832]: [Error][Kernel::System::User::UserLookup][Line:922]: No UserID found for 'test.user'! Apache error.log: ERROR: OTRS-CGI-10 Perl: 5.22.1 OS: linux Time: Fri Jun 30 17:20:15 2017 Message: No UserID found for 'Test.User@tekfusioninc.com'! RemoteAddress: 192.168.0.61 RequestURI: /otrs/index.pl Traceback (3833): Module: Kernel::System::User::UserLookup Line: 922 Module: Kernel::System::Auth::Auth Line: 241 Module: Kernel::System::Web::InterfaceAgent::Run Line: 226 Module: ModPerl::ROOT::ModPerl::Registry::usr_share_otrs_bin_cgi_2dbin_index_2e pl::handler Line: 40 Module: (eval) (v1.99) Line: 207 Module: ModPerl::RegistryCooker::run (v1.99) Line: 207 Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 173 Module: ModPerl::Registry::handler (v1.99) Line: 32 ERROR: OTRS-CGI-10 Perl: 5.22.1 OS: linux Time: Fri Jun 30 17:20:20 2017 Message: No UserID found for 'test.user'! RemoteAddress: 192.168.0.61 RequestURI: /otrs/index.pl Traceback (3832): Module: Kernel::System::User::UserLookup Line: 922 Module: Kernel::System::Auth::Auth Line: 241 Module: Kernel::System::Web::InterfaceAgent::Run Line: 226 Module: ModPerl::ROOT::ModPerl::Registry::usr_share_otrs_bin_cgi_2dbin_index_2e pl::handler Line: 40 Module: (eval) (v1.99) Line: 207 Module: ModPerl::RegistryCooker::run (v1.99) Line: 207 Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 173 Module: ModPerl::Registry::handler (v1.99) Line: 32 Thanks! -- --- Evan Spangler Systems Administrator TEK Fusion Global, Inc On Fri, 2017-06-30 at 22:27 +0200, Roy Kaldung wrote:
Hi Evan,
Is this the same config you’re using on your other system?
On Jun 30, 2017, at 9:08 PM, Evan Spangler
wrote: $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'Customer::AuthModule::LDAP::UserSuffix'} = '@domain.com';
Looks weird to me to add the domain to the sAMAccountName. AFAIK know sAMAccountName plus the domain is mostly the userPrincipalName. Did you tried it without the UserSuffix when the customer enter the sAMAccountName?
- Roy
This e-mail may contain confidential or privileged information. This communication and any attached documents may also contain data subject to the International Traffic in Arms Regulations or U.S. Export Administration Regulations and cannot be disseminated, distributed or copied to foreign nationals, residing in the U.S. or abroad, without the prior approval of the U.S. Department of State or appropriate export licensing authority. If you are not the intended recipient, please notify the sender immediately by return e-mail with a copy to: IT@tekfusioninc.com and delete this e-mail and all copies and attachments. Opinions, conclusions and other information in this message that do not relate to the official business of Tek Fusion Global, Inc., shall be understood as neither given nor endorsed by it.

To clarify, I've tried both with and without the domain suffix, using both UPN and sAMAccountname (with and without the default domain suffix option) Same error message on all. To me, it looks like OTRS is successfully authenticating and pulling ldap info (otherwise it wouldn't populate the customers, and anonymous ldap queries are disabled) but is trying to authenticate customers to the local DB at the logon portal. -- --- Evan Spangler Systems Administrator TEK Fusion Global, Inc On Fri, 2017-06-30 at 17:24 -0400, Evan Spangler wrote:
[This sender failed our fraud detection checks and may not be who they appear to be. Learn about spoofing at http://aka.ms/LearnAboutSp oofing]
Hi Roy,
Thanks for looking at my config! I hadn't considered using the UPN instead of the sAMAccountName. No luck, unfortunately.
The old and new installations are on two different VMs, and I used the same syntax and similar parameters with the exception of switching to LDAPS instead of plaintext LDAP. I didn't have to specify the port and protocol in the Net::LDAP or hostname fields. Besides that, nothing has changed. They weren't rolled out to production yet so are/were stock (besides this LDAP auth) with no tickets except for test tickets.
I've switched sAMAccountname to userPrincipalName in the relevant fields and commented out the appending UserSuffix line.
The customer fields repopulated using the UPN as username and customer ID, but same error.
Syslog:
OTRS-CGI-10[3833]: [Error][Kernel::System::User::UserLookup][Line:922]: No UserID found for 'Test.User@tekfusioninc.com'! OTRS-CGI-10[3832]: [Error][Kernel::System::User::UserLookup][Line:922]: No UserID found for 'test.user'!
Apache error.log:
ERROR: OTRS-CGI-10 Perl: 5.22.1 OS: linux Time: Fri Jun 30 17:20:15 2017
Message: No UserID found for 'Test.User@tekfusioninc.com'!
RemoteAddress: 192.168.0.61 RequestURI: /otrs/index.pl
Traceback (3833): Module: Kernel::System::User::UserLookup Line: 922 Module: Kernel::System::Auth::Auth Line: 241 Module: Kernel::System::Web::InterfaceAgent::Run Line: 226 Module: ModPerl::ROOT::ModPerl::Registry::usr_share_otrs_bin_cgi_2dbin_index_ 2e pl::handler Line: 40 Module: (eval) (v1.99) Line: 207 Module: ModPerl::RegistryCooker::run (v1.99) Line: 207 Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 173 Module: ModPerl::Registry::handler (v1.99) Line: 32
ERROR: OTRS-CGI-10 Perl: 5.22.1 OS: linux Time: Fri Jun 30 17:20:20 2017
Message: No UserID found for 'test.user'!
RemoteAddress: 192.168.0.61 RequestURI: /otrs/index.pl
Traceback (3832): Module: Kernel::System::User::UserLookup Line: 922 Module: Kernel::System::Auth::Auth Line: 241 Module: Kernel::System::Web::InterfaceAgent::Run Line: 226 Module: ModPerl::ROOT::ModPerl::Registry::usr_share_otrs_bin_cgi_2dbin_index_ 2e pl::handler Line: 40 Module: (eval) (v1.99) Line: 207 Module: ModPerl::RegistryCooker::run (v1.99) Line: 207 Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 173 Module: ModPerl::Registry::handler (v1.99) Line: 32
Thanks!
-- ---
Evan Spangler Systems Administrator
TEK Fusion Global, Inc
On Fri, 2017-06-30 at 22:27 +0200, Roy Kaldung wrote:
Hi Evan,
Is this the same config you’re using on your other system?
On Jun 30, 2017, at 9:08 PM, Evan Spangler
wrote: $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'Customer::AuthModule::LDAP::UserSuffix'} = '@domain.com' ;
Looks weird to me to add the domain to the sAMAccountName. AFAIK know sAMAccountName plus the domain is mostly the userPrincipalName. Did you tried it without the UserSuffix when the customer enter the sAMAccountName?
- Roy
This e-mail may contain confidential or privileged information. This communication and any attached documents may also contain data subject to the International Traffic in Arms Regulations or U.S. Export Administration Regulations and cannot be disseminated, distributed or copied to foreign nationals, residing in the U.S. or abroad, without the prior approval of the U.S. Department of State or appropriate export licensing authority. If you are not the intended recipient, please notify the sender immediately by return e-mail with a copy to: IT@tekfusioninc.com and delete this e-mail and all copies and attachments. Opinions, conclusions and other information in this message that do not relate to the official business of Tek Fusion Global, Inc., shall be understood as neither given nor endorsed by it. --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/mailman/listinfo/otrs This e-mail may contain confidential or privileged information. This communication and any attached documents may also contain data subject to the International Traffic in Arms Regulations or U.S. Export Administration Regulations and cannot be disseminated, distributed or copied to foreign nationals, residing in the U.S. or abroad, without the prior approval of the U.S. Department of State or appropriate export licensing authority. If you are not the intended recipient, please notify the sender immediately by return e-mail with a copy to: IT@tekfusioninc.com and delete this e-mail and all copies and attachments. Opinions, conclusions and other information in this message that do not relate to the official business of Tek Fusion Global, Inc., shall be understood as neither given nor endorsed by it.

Hi Evan, this is my working config on a test system: $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self->{'Customer::AuthModule::LDAP::Host'} = 'ldaps://xxx'; $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=domain,dc=tld'; $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrsbinduser@domain.tld'; $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = ‘xxx'; $Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '(mail=*)’; $Self->{CustomerUser} = { Name => 'LDAP Backend', Module => 'Kernel::System::CustomerUser::LDAP', Params => { Host => 'ldaps://xxx', BaseDN => 'dc=domain,dc=tld', SSCOPE => 'sub', UserDN => 'otrsbinduser@domain.tld', UserPw => ‘xx', AlwaysFilter => '(mail=*)', SourceCharset => 'utf-8', DestCharset => 'utf-8', Die => 0, Params => { verify => 'none', timeout => 30, async => 0, version => 3, }, }, # customer unique id CustomerKey => 'sAMAccountName', # customer # CustomerID => 'mail’, … hth, Roy

Thanks Roy,
Your config file was helpful in cutting out the unnecessary directives in my old one. Unfortunately, no luck either.
Jun 30 21:50:34 tfg-lv-ticket-p OTRS-CGI-10[1226]: [Error][Kernel::System::User::UserLookup][Line:922]: No UserID found for 'Test.User@domain.tld'!
Jun 30 21:50:42 tfg-lv-ticket-p OTRS-CGI-10[1225]: [Error][Kernel::System::User::UserLookup][Line:922]: No UserID found for 'test.user@domain.tld'!
Jun 30 21:50:58 tfg-lv-ticket-p OTRS-CGI-10[1225]: [Error][Kernel::System::User::UserLookup][Line:922]: No UserID found for 'test.user'!
Jun 30 21:51:03 tfg-lv-ticket-p OTRS-CGI-10[1225]: [Error][Kernel::System::User::UserLookup][Line:922]: No UserID found for 'Test.User'!
And again, all users are present in the user list. tcpdump shows that the server is definitely talking LDAPS to the DC, but I'm not sure whether it's actually trying to authenticate the users or just pulling the list. Will see if I can get some more detailed debugging from the DC.
I have no idea why OTRS would be trying to use the local DB instead of LDAPS, except that the agent accounts are local. Still shouldn't matter, the config file should be working.
Did you install otrs from source or from a repository? If it was manual, then I'll do a manual installation on another VM and try with the same config I have here. If it works then, it might be a bug.
--
---
Evan Spangler
Systems Administrator
TEK Fusion Global, Inc
________________________________
From: Roy Kaldung

Hi, My environment : CentOS 7 / OTRS 5.0.19 / OpenLDAP 2.4 with SSL. My configuration in OTRS is at this end of this message. Thanks a lot to all posts found in this forum ! Hope that helps. Regards, Joel Marchand # ---------------------------------------------------- # # Paramètres LDAP communs # ---------------------------------------------------- # my $MyLDAPSearchUserDN = 'cn=otrs,ou=dsa,dc=xxxx,dc=fr'; my $MyLDAPSearchUserPw = 'xxxx'; my $MyLDAPHost = ['ldaps://ldapr1.xxx.fr:636/','ldaps://ldapr2.xxxx.fr:636/']; my $MyLDAPBase = 'dc=xxx,dc=fr'; my $MyLDAPFilter = '(objectclass=posixAccount)'; my $MyLDAPParams = { port => 636, timeout => 120, async => 0, version => 3, cafile => '/etc/ssl/certs/star_xxxx_fr-intermediate.pem', clientcert => '/etc/ssl/certs/star_xxxx_fr.pem', clientkey => '/etc/ssl/private/star_xxxx_fr.key', }; # ---------------------------------------------------- # # Pour les Operateurs = Agents # ---------------------------------------------------- # # --------------------------------------------------- # # authentication settings # # (enable what you need, auth against otrs db, # # against LDAP directory, against HTTP basic auth # # or against Radius server) # # --------------------------------------------------- # # This is an example configuration for an LDAP auth. backend. # (take care that Net::LDAP is installed!) $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self->{'AuthModule::LDAP::Host'} = $MyLDAPHost; $Self->{'AuthModule::LDAP::BaseDN'} = $MyLDAPBase; $Self->{'AuthModule::LDAP::UID'} = 'uid'; # Check if the user is allowed to auth in a posixGroup # (e. g. user needs to be in a group xyz to use otrs) # $Self->{'AuthModule::LDAP::GroupDN'} = 'cn=otrsallow,ou=posixGroups,dc=example,dc=com'; # $Self->{'AuthModule::LDAP::AccessAttr'} = 'memberUid'; # for ldap posixGroups objectclass (just uid) $Self->{'AuthModule::LDAP::UserAttr'} = 'uid'; # for non ldap posixGroups objectclass (with full user dn) # $Self->{'AuthModule::LDAP::UserAttr'} = 'DN'; # The following is valid but would only be necessary if the # anonymous user do NOT have permission to read from the LDAP tree $Self->{'AuthModule::LDAP::SearchUserDN'} = $MyLDAPSearchUserDN; $Self->{'AuthModule::LDAP::SearchUserPw'} = $MyLDAPSearchUserPw; # in case you want to add always one filter to each ldap query, use # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)' # or if you want to filter with a locigal OR-Expression, like AlwaysFilter => '(|(mail=*abc.com)(mail=*xyz.com))' $Self->{'AuthModule::LDAP::AlwaysFilter'} = $MyLDAPFilter; # in case you want to add a suffix to each login name, then # you can use this option. e. g. user just want to use user but # in your ldap directory exists user@domain. # $Self->{'AuthModule::LDAP::UserSuffix'} = '@domain.com'; # In case you want to convert all given usernames to lower letters you # should activate this option. It might be helpful if databases are # in use that do not distinguish selects for upper and lower case letters # (Oracle, postgresql). User might be synched twice, if this option # is not in use. # $Self->{'AuthModule::LDAP::UserLowerCase'} = 0; # In case you need to use OTRS in iso-charset, you can define this # by using this option (converts utf-8 data from LDAP to iso). # $Self->{'AuthModule::LDAP::Charset'} = 'iso-8859-1'; # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP) $Self->{'AuthModule::LDAP::Params'} = $MyLDAPParams; # Die if backend can't work, e. g. can't connect to server. $Self->{'AuthModule::LDAP::Die'} = 1; # UserTable $Self->{DatabaseUserTable} = 'users'; $Self->{DatabaseUserTableUserID} = 'id'; $Self->{DatabaseUserTableUserPW} = 'pw'; $Self->{DatabaseUserTableUser} = 'login'; # ---------------------------------------------------- # # Pour les Clients = Customers # ---------------------------------------------------- # # --------------------------------------------------- # # customer authentication settings # # (enable what you need, auth against otrs db, # # against a LDAP directory, against HTTP basic # # authentication and against Radius server) # # --------------------------------------------------- # # This is an example configuration for an LDAP auth. backend. # (take care that Net::LDAP is installed!) $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self->{'Customer::AuthModule::LDAP::Host'} = $MyLDAPHost; $Self->{'Customer::AuthModule::LDAP::BaseDN'} = $MyLDAPBase; $Self->{'Customer::AuthModule::LDAP::UID'} = 'uid'; # Check if the user is allowed to auth in a posixGroup # (e. g. user needs to be in a group xyz to use otrs) # $Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'cn=otrsallow,ou=posixGroups,dc=example,dc=com'; # $Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'memberUid'; # for ldap posixGroups objectclass (just uid) $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'uid'; # for non ldap posixGroups objectclass (full user dn) # $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN'; # The following is valid but would only be necessary if the # anonymous user do NOT have permission to read from the LDAP tree $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = $MyLDAPSearchUserDN; $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = $MyLDAPSearchUserPw; # in case you want to add always one filter to each ldap query, use # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)' $Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = $MyLDAPFilter; # in case you want to add a suffix to each customer login name, then # you can use this option. e. g. user just want to use user but # in your ldap directory exists user@domain. # $Self->{'Customer::AuthModule::LDAP::UserSuffix'} = '@domain.com'; # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP) $Self->{'Customer::AuthModule::LDAP::Params'} = $MyLDAPParams; # Die if backend can't work, e. g. can't connect to server. $Self->{'Customer::AuthModule::LDAP::Die'} = 1;
participants (3)
-
Evan Spangler
-
Joel Marchand
-
Roy Kaldung