Hi all, Please help me with following problem. I've enabled LDAP authentication for agents. Some of our agents can access to OTRS properly, but some of them cannot access to it. Am sending log entries for that: Also there are 2 types of problem. 1. User authenticated but No user data. Oct 28 14:58:19 otrs OTRS-CGI-10[58313]: [Notice][Kernel::System::Auth::LDAP::Auth] User: user_name (CN=user_name,OU=Internal,OU=DEP,OU=DIV,DC=xxx,DC=com) authentication ok (REMOTE_ADDR: 192.168.1.55). Oct 28 14:58:19 otrs OTRS-CGI-10[58313]: [Notice][Kernel::System::User::GetUserData] Panic! No UserData for user: 'user_name'!!! Oct 28 14:58:19 otrs OTRS-CGI-10[58313]: [Error][Kernel::System::Auth::Sync::LDAP::Sync][Line:261]: Can't create user 'user_name' (CN=user_name,OU=Internal,OU=DEP,OU=DIV,DC=xxx,DC=com) in RDBMS! I think OTRS copies and saves user data from LDAP when user logged into OTRS in first time. But in this case it cannot do that. 2. Cannot search thorough corresponding organizational unit. Oct 28 11:09:19 otrs OTRS-CGI-10[57322]: [Notice][Kernel::System::Auth::LDAP::Auth] User: user_name (CN=USER_NAME,CN=Computers,DC=xxx,DC=com) authentication failed: '80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece Oct 28 11:09:19 otrs OTRS-CGI-10[57322]: [Error][Kernel::System::User::UserLookup][Line:696]: No UserID found for 'user_name'! OTRS should search thorough OUs but in this case it cannot. I've checked all data on AD and found no difference between users. So I do not figure out that why some search can go thorough OU (correct) some of them cannot. I have to solve these problems urgently. Also I did not find anything to help for that. Please, help me guys. -- Altangerel Ganbold
Hi Altangerel, we're using MS ADS (Windows 2003 servers) as LDAP backend for OTRS very successfully. I'm sending the appropriate section of our configuration, which we haven't have any problems yet with, like you described. $Self->{CustomerUser} = { Name => 'LDAP Backend', Module => 'Kernel::System::CustomerUser::LDAP', Params => { Host => 'mdname.firma.com', BaseDN => 'dc=firma,dc=com', SSCOPE => 'sub', UserDN => 'domain\username', UserPw => 'userpass', AlwaysFilter => '(objectclass=user)', Die => 1, Params => { raw => qr/(?i:^jpegPhoto|;binary)/, }, }, CustomerKey => 'cn', CustomerID => 'mail', CustomerUserListFields => ['cn', 'mail'], CustomerUserSearchFields => ['cn', 'sn', 'mail'], CustomerUserPostMasterSearchFields => ['mail', 'cn', 'sn'], CustomerUserNameFields => ['givenname', 'sn'], Map => [ [ 'UserSalutation', 'Title', 'title', 1, 0, 'var', '', 0 ], [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var', '', 0 ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var', '', 0 ], [ 'UserLogin', 'Login', 'cn', 1, 1, 'var', '', 0 ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var', '', 0 ], [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var', '', 0 ], [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var', '', 0 ], [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var', '', 0 ], [ 'UserComment', 'Comment', 'description', 1, 0, 'var', '', 0 ], [ 'UserLocation', 'Location', 'l', 1, 0, 'var', '', 0 ], ], }; Have you already searched with ldapsearch? Have you seen any differences between the data of users, who can be found and who cannot? Which perl-ldap package are you using? We're using 0.34. Mit freundlichen Grüßen / Kind Regards Hermann Maurer
Hi Maurer, Thank you for your reply :). I am using LDAP backend for customer users successfully too. My problem is in LDAP backend for agents. Some agents can log in OTRS successfully. LDAP search is working properly for some agents and OTRS stored user information on local db. I've not seen any differences. Can you send me your configuration for agents? I'm using perl-ldap package 0.39. Also my OTRS is running on FreeBSD. BR, Altangerel Ganbold Maurer, Hermann wrote:
Hi Altangerel,
we're using MS ADS (Windows 2003 servers) as LDAP backend for OTRS very successfully. I'm sending the appropriate section of our configuration, which we haven't have any problems yet with, like you described.
Have you already searched with ldapsearch? Have you seen any differences between the data of users, who can be found and who cannot? Which perl-ldap package are you using? We're using 0.34.
Mit freundlichen Grüßen / Kind Regards Hermann Maurer ---------------------------------------------------------------------
Hi, sorry, I cannot help you with this issue, because our agents are using a SSO solution to login and therefore: $Self->{'AuthModule'} = 'Kernel::System::Auth::HTTPBasicAuth'; What does ldapsearch say for agents, who can login and who cannot? Please use ldapsearch as with the same parameters (basedn etc.) as you are having in the configuration file. Mit freundlichen Grüßen / Kind Regards ________________________________________________ Hermann Maurer ITIS -----Original Message----- From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On Behalf Of Altangerel Sent: Mittwoch, 28. Oktober 2009 09:33 To: User questions and discussions about OTRS. Subject: Re: [otrs] LDAP authentication problem (Urgent) Hi Maurer, Thank you for your reply :). I am using LDAP backend for customer users successfully too. My problem is in LDAP backend for agents. Some agents can log in OTRS successfully. LDAP search is working properly for some agents and OTRS stored user information on local db. I've not seen any differences. Can you send me your configuration for agents? I'm using perl-ldap package 0.39. Also my OTRS is running on FreeBSD. BR, Altangerel Ganbold
Maurer, Hermann wrote:
Hi,
sorry, I cannot help you with this issue, because our agents are using a SSO solution to login and therefore: $Self->{'AuthModule'} = 'Kernel::System::Auth::HTTPBasicAuth';
What does ldapsearch say for agents, who can login and who cannot? Please use ldapsearch as with the same parameters (basedn etc.) as you are having in the configuration file.
LDAP search usually says authentication ok (saw from log). And find all data from AD. But in next line, No user data!!! It seems OTRS cannot sync LDAP to local DB. Unfortunately, I don't know what wrong is.
participants (2)
-
Altangerel -
Maurer, Hermann