Hi, I have some trouble with my LDAP config for auth otrs Customers with windows AD. My Config.pm #---------------------------------------- #Enable LDAP authentication for Customers / Users $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self->{'Customer::AuthModule::LDAP::Host'} = 'X.X.X.X'; $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=serveur,dc=local'; $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName'; #The following is valid but would only be necessary if the #anonymous user do NOT have permission to read from the LDAP tree $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=Administrateur,Ou=Administrateurs,dc=serveur,dc=local'; $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'PASSWORD'; #CustomerUser #(customer user database backend and settings) $Self->{CustomerUser} = { Module => 'Kernel::System::CustomerUser::LDAP', Params => { Host => 'X.X.X.X', BaseDN => 'DC=serveur,DC=local', SSCOPE => 'sub', UserDN =>'cn=Administrateur,Ou=Administrateurs,dc=serveur,dc=local', UserPw => 'PASSWORD', }, # customer unique id CustomerKey => 'sAMAccountName', # customer # CustomerID => 'mail', CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchPrefix => '', CustomerUserSearchSuffix => '*', CustomerUserSearchListLimit => 250, CustomerUserPostMasterSearchFields => ['mail'], CustomerUserNameFields => ['givenname', 'sn'], Map => [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown, required, storage-type #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ], [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ], [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ], [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ], [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ], #[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ], #[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ], ], }; #---------------------------------------- I have no error and in my otrs admin page, i see all Customer users when i search *. But i can't connect Client in customer page : User unknown or wrong password :( Anybody can help me? Best Regards, PS : Sorry for my English ! Vincent
I can't guarantee that this will work, but the only difference I see between your config that isn't working and mine that is - is this: #CustomerUser #(customer user database backend and settings) $Self->{CustomerUser} = { Module => 'Kernel::System::CustomerUser::LDAP', Params => { Host => 'X.X.X.X', BaseDN => 'DC=serveur,DC=local', SSCOPE => 'sub', UserDN =>'cn=Administrateur,Ou=Administrateurs,dc=serveur,dc=local', UserPw => 'PASSWORD', }, For the HOST => value in this section, instead of the IP address, use the FQDN (servername.domain) You can keep the IP for the first definition of the LDAP host here: $Self->{'Customer::AuthModule::LDAP::Host'} = 'X.X.X.X'; Like I said, that is kind of shot in the dark but you never know. Also, have you looked at the log file - there may be some additional information in there as to why it is failing. Good luck! Nathan Campbell Dallas Symphony Orchestra -----Original Message----- From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On Behalf Of COLAS Vincent Sent: Friday, October 02, 2009 9:23 AM To: otrs@otrs.org Subject: [otrs] otrs LDAP AD Hi, I have some trouble with my LDAP config for auth otrs Customers with windows AD. My Config.pm #---------------------------------------- #Enable LDAP authentication for Customers / Users $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self->{'Customer::AuthModule::LDAP::Host'} = 'X.X.X.X'; $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=serveur,dc=local'; $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName'; #The following is valid but would only be necessary if the #anonymous user do NOT have permission to read from the LDAP tree $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=Administrateur,Ou=Administrateurs,dc=serveur,dc=local'; $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'PASSWORD'; #CustomerUser #(customer user database backend and settings) $Self->{CustomerUser} = { Module => 'Kernel::System::CustomerUser::LDAP', Params => { Host => 'X.X.X.X', BaseDN => 'DC=serveur,DC=local', SSCOPE => 'sub', UserDN =>'cn=Administrateur,Ou=Administrateurs,dc=serveur,dc=local', UserPw => 'PASSWORD', }, # customer unique id CustomerKey => 'sAMAccountName', # customer # CustomerID => 'mail', CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchPrefix => '', CustomerUserSearchSuffix => '*', CustomerUserSearchListLimit => 250, CustomerUserPostMasterSearchFields => ['mail'], CustomerUserNameFields => ['givenname', 'sn'], Map => [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown, required, storage-type #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ], [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ], [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ], [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ], [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ], #[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ], #[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ], ], }; #---------------------------------------- I have no error and in my otrs admin page, i see all Customer users when i search *. But i can't connect Client in customer page : User unknown or wrong password :( Anybody can help me? Best Regards, PS : Sorry for my English ! Vincent
Hi, I try with FQDN and is the same but I find error in syslog ! OTRS-CGI-10[2432]: [Notice][Kernel::System::CustomerAuth::LDAP::Auth] CustomerUser: TESTUSER authentification failed, no LDAP group entry foundGroupDN='ou=Utilisateurs,dc=serveur,dc=local', Filter='(memberof=TESTUSER)'! I add this lignes in my config : $Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'cn=Administration,Ou=Utilisateurs,dc=Administration,dc=Arcnam'; $Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'memberof'; And now I have this error: OTRS-CGI-10[2437]: [Error][Kernel::System::CustomerAuth::LDAP::Auth][Line:280]: Search failed! base='cn=Administration,Ou=Utilisateurs,dc=serveur,dc=Local', filter='(memberof=USERTEST)', Success I try with different GroupDN but don't work. Best regards, Vincent -----Message d'origine----- De : otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] De la part de Nathan Campbell Envoyé : vendredi 2 octobre 2009 17:12 À : User questions and discussions about OTRS. Objet : Re: [otrs] otrs LDAP AD I can't guarantee that this will work, but the only difference I see between your config that isn't working and mine that is - is this: #CustomerUser #(customer user database backend and settings) $Self->{CustomerUser} = { Module => 'Kernel::System::CustomerUser::LDAP', Params => { Host => 'X.X.X.X', BaseDN => 'DC=serveur,DC=local', SSCOPE => 'sub', UserDN =>'cn=Administrateur,Ou=Administrateurs,dc=serveur,dc=local', UserPw => 'PASSWORD', }, For the HOST => value in this section, instead of the IP address, use the FQDN (servername.domain) You can keep the IP for the first definition of the LDAP host here: $Self->{'Customer::AuthModule::LDAP::Host'} = 'X.X.X.X'; Like I said, that is kind of shot in the dark but you never know. Also, have you looked at the log file - there may be some additional information in there as to why it is failing. Good luck! Nathan Campbell Dallas Symphony Orchestra -----Original Message----- From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On Behalf Of COLAS Vincent Sent: Friday, October 02, 2009 9:23 AM To: otrs@otrs.org Subject: [otrs] otrs LDAP AD Hi, I have some trouble with my LDAP config for auth otrs Customers with windows AD. My Config.pm #---------------------------------------- #Enable LDAP authentication for Customers / Users $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self->{'Customer::AuthModule::LDAP::Host'} = 'X.X.X.X'; $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=serveur,dc=local'; $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName'; #The following is valid but would only be necessary if the #anonymous user do NOT have permission to read from the LDAP tree $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=Administrateur,Ou=Administrateurs,dc=serveur,dc=local'; $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'PASSWORD'; #CustomerUser #(customer user database backend and settings) $Self->{CustomerUser} = { Module => 'Kernel::System::CustomerUser::LDAP', Params => { Host => 'X.X.X.X', BaseDN => 'DC=serveur,DC=local', SSCOPE => 'sub', UserDN =>'cn=Administrateur,Ou=Administrateurs,dc=serveur,dc=local', UserPw => 'PASSWORD', }, # customer unique id CustomerKey => 'sAMAccountName', # customer # CustomerID => 'mail', CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchPrefix => '', CustomerUserSearchSuffix => '*', CustomerUserSearchListLimit => 250, CustomerUserPostMasterSearchFields => ['mail'], CustomerUserNameFields => ['givenname', 'sn'], Map => [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown, required, storage-type #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ], [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ], [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ], [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ], [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ], #[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ], #[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ], ], }; #---------------------------------------- I have no error and in my otrs admin page, i see all Customer users when i search *. But i can't connect Client in customer page : User unknown or wrong password :( Anybody can help me? Best Regards, PS : Sorry for my English ! Vincent --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
Hi, OTRS using ADS for user data look-up and authentication. The principal is the same, just the parts - which you already have - of the Defaults.pm are different. On Oct 2, 2009, at 4:22 PM, COLAS Vincent wrote:
Hi,
I have some trouble with my LDAP config for auth otrs Customers with windows AD.
My Config.pm
#---------------------------------------- #Enable LDAP authentication for Customers / Users $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self->{'Customer::AuthModule::LDAP::Host'} = 'X.X.X.X'; $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=serveur,dc=local'; $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
#The following is valid but would only be necessary if the #anonymous user do NOT have permission to read from the LDAP tree $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=Administrateur,Ou=Administrateurs,dc=serveur,dc=local'; $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'PASSWORD';
#CustomerUser #(customer user database backend and settings) $Self->{CustomerUser} = { Module => 'Kernel::System::CustomerUser::LDAP', Params => { Host => 'X.X.X.X', BaseDN => 'DC=serveur,DC=local', SSCOPE => 'sub', UserDN =>'cn=Administrateur,Ou=Administrateurs,dc=serveur,dc=local', UserPw => 'PASSWORD', }, # customer unique id CustomerKey => 'sAMAccountName', # customer # CustomerID => 'mail', CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchPrefix => '', CustomerUserSearchSuffix => '*', CustomerUserSearchListLimit => 250, CustomerUserPostMasterSearchFields => ['mail'], CustomerUserNameFields => ['givenname', 'sn'], Map => [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown, required, storage-type #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ], [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ], [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ], [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ], [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ], #[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ], #[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ], ], }; #----------------------------------------
I have no error and in my otrs admin page, i see all Customer users when i search *.
But i can't connect Client in customer page : User unknown or wrong password :(
Anybody can help me?
Best Regards,
PS : Sorry for my English !
Vincent
--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
-- Shawn Beasley Senior Software Engineer ((otrs))::OTRS Inc.,19925 Stevens Creek Blvd.,Cupertino,CA 95014-2358 Fon: +1 (408) 725 7501 :: Fax: +1 (408) 725 8885 http://www.otrs.com/ :: Communication with success! NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
Hi,
I finally found how to work with Auth 2K3 windows AD (LDAP)
I just add number a the last AuthModule,Host,BaseDn etc. and he work !
3 days for find this :(
DONT WORK :
-------------------------------------------------------------------
#Enable LDAP authentication for Customers / Users
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'XX.XX.XX.XX';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=Local,dc=com';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} =
'cn=Administrateur,Ou=Administrateurs,dc=Local,dc=com';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'PASSWORD';
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
-------------------------------------------------------------------
WORK :
#Enable LDAP authentication for Customers / Users
$Self->{'Customer::AuthModule2'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host2'} = 'XX.XX.XX.XX';
$Self->{'Customer::AuthModule::LDAP::BaseDN2'} = 'dc=Local,dc=com';
$Self->{'Customer::AuthModule::LDAP::UID2'} = 'sAMAccountName';
#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
$Self->{'Customer::AuthModule::LDAP::SearchUserDN2'} =
'cn=Administrateur,Ou=Administrateurs,dc=Local,dc=com';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw2'} = 'PASSWORD';
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'AuthModule::LDAP::Params2'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
Best regards,
Vincent
________________________________________
De : otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] De la part de
Shawn Beasley
Envoyé : vendredi 2 octobre 2009 19:46
À : User questions and discussions about OTRS.
Objet : Re: [otrs] otrs LDAP AD
Hi,
OTRS using ADS for user data look-up and authentication.
The principal is the same, just the parts - which you already have - of the
Defaults.pm are different.
On Oct 2, 2009, at 4:22 PM, COLAS Vincent wrote:
Hi,
I have some trouble with my LDAP config for auth otrs Customers with windows
AD.
My Config.pm
#----------------------------------------
#Enable LDAP authentication for Customers / Users
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'X.X.X.X';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=serveur,dc=local';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} =
'cn=Administrateur,Ou=Administrateurs,dc=serveur,dc=local';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'PASSWORD';
#CustomerUser
#(customer user database backend and settings)
$Self->{CustomerUser} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'X.X.X.X',
BaseDN => 'DC=serveur,DC=local',
SSCOPE => 'sub',
UserDN =>'cn=Administrateur,Ou=Administrateurs,dc=serveur,dc=local',
UserPw => 'PASSWORD',
},
# customer unique id
CustomerKey => 'sAMAccountName',
# customer #
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
#[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
#[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
#[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
#----------------------------------------
I have no error and in my otrs admin page, i see all Customer users when i
search *.
But i can't connect Client in customer page :
User unknown or wrong password :(
Anybody can help me?
Best Regards,
PS : Sorry for my English !
Vincent
participants (3)
-
COLAS Vincent -
Nathan Campbell -
Shawn Beasley