Hi, Please assist - I am trying to integrate into AD. Firstly, can someone verify that I have the correct understanding of the process: - Created a user sajitk in OTRS - this is the same name as my AD account but the passwords are different. - Am I correct in assuming that I do not need to manually create all the users in OTRS and that they will be created when they logon for the first time (agent sync process)? I have placed the following code into the config.pm file $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self->{'AuthModule::LDAP::Host'} = 'devimon'; $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=rewards,dc=co,dc=za'; $Self->{'AuthModule::LDAP::UID'} = 'name'; $Self->{'AuthModule::LDAP::Charset'} = 'iso-8859-1'; $Self->{'AuthModule::LDAP::Params'} = { port => 389, timeout => 120, async => 0, version => 3, }; $Self->{UserSyncLDAPMap} = { DB -> LDAP UserFirstname => 'givenName', UserLastname => 'sn', UserEmail => 'mail', }; I am getting the following error in the log file: User: sajitk (DC=sajitk,DC=rewards.co.za,CN=MicrosoftDNS,CN=System,DC=rewards,DC=co,D C=za) authentication failed: '80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 525, v893 It appears to me that the user is being recognized in AD but it is not being authenticated. I am using the correct credentials. Please help - this is getting very frustrating. Thanks Sajit ##################################################################################### This e-mail message has been scanned for Viruses and Content and cleared by MailMarshal #####################################################################################
Sajit,
I guess there is no public access on the tree you are trying to read
from. You should consult your AD administrator to work this out.
You can use the following lines if you need to set up a service
account or so to read from AD:
# The following is valid but would only be necessary if the
# anonymous user do NOT have permission to read from the LDAP tree
$Self->{'AuthModule::LDAP::SearchUserDN'} = '';
$Self->{'AuthModule::LDAP::SearchUserPw'} = '';
As to the Agent Sync process; you should first set up an agent account
in OTRS before they can log in. After authentication certain
attributes can be copied from AD if you'd like to (the Agent Sync
process).
Only for Customer Users with AD it is true that you would not need to
add those to OTRS manually before they can log in.
Regards,
--
Michiel Beijen
Software Consultant
+31 6 - 457 42 418
Bee Free IT + http://beefreeit.nl
2008/12/19 Sajit Kalidas
Hi,
Please assist – I am trying to integrate into AD. Firstly, can someone verify that I have the correct understanding of the process:
- Created a user sajitk in OTRS – this is the same name as my AD account but the passwords are different.
- Am I correct in assuming that I do not need to manually create all the users in OTRS and that they will be created when they logon for the first time (agent sync process)?
I have placed the following code into the config.pm file
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'devimon';
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=rewards,dc=co,dc=za';
$Self->{'AuthModule::LDAP::UID'} = 'name';
$Self->{'AuthModule::LDAP::Charset'} = 'iso-8859-1';
$Self->{'AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
$Self->{UserSyncLDAPMap} = {
DB -> LDAP
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
I am getting the following error in the log file:
User: sajitk (DC=sajitk,DC=rewards.co.za,CN=MicrosoftDNS,CN=System,DC=rewards,DC=co,DC=za) authentication failed: '80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 525, v893
It appears to me that the user is being recognized in AD but it is not being authenticated. I am using the correct credentials.
Please help – this is getting very frustrating.
Thanks
Sajit
________________________________ This e-mail message has been scanned for Viruses and Content and cleared by MailMarshal ________________________________ _______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
participants (2)
-
Michiel Beijen -
Sajit Kalidas