Can someone please helpwith this nightmare? Customer.pl and Active DirectoryAuthentication problem
I really hope someone can helpout here.. Trouble with Authentication of Active directory in Customer.pl section I have tried almost any option I can think of to authenticate against Active directory What works: I can authenticate against ldap in the agent section. This works. I use the sAMAccount for authentication. What doesn't work: I can't authenticate against ldap in the customer section... What is going wrong?? By using ethereal/wireshark I can see the ldap server is being used to in the agent authentication. But in the customer section I see that although that ldap authenticates but doesn't do a lookup for the attempted login. I am trying to use the same details for the agent section and the customer Base DN does this matter? It should regardless do a lookup no? Further more I have create a local customer user named mike, and this user can still authenticate. Also when I create a new user on customer.pl it does check the ldap and sees the user exists when I use the sAMAccountName during registration. Small side question; In the agent ldap section we I need to make a mapping for name, lastname, email for the mysql database. I am a little suppriced the customer section doesn't have this option as such. I have posted my current config below, Thanks for helping out :-) Ruben # --------------------------------------------------- # # authentication settings # # (enable what you need, auth against otrs db, # # against LDAP directory, agains HTTP basic auth # # or against Radius server) # # --------------------------------------------------- # # This is the auth. module againt the otrs db # $Self->{'AuthModule'} = 'Kernel::System::Auth::DB'; # $Self->{'AuthModule::DB::CryptType'} = 'crypt'; # (take care that Net::LDAP is installed!) $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self->{'AuthModule::LDAP::Host'} = '172.30.2.3'; $Self->{'AuthModule::LDAP::BaseDN'} = 'ou=UserOffice,ou=COMPANYNAMEUsers,dc=nl,dc=COMPANYNAME,dc=local'; $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName'; # # $Self->{'AuthModule::LDAP::GroupDN'} = ''; # # $Self->{'AuthModule::LDAP::AccessAttr'} = ''; # $Self->{'AuthModule::LDAP::UserAttr'} = 'UID'; # $Self->{'AuthModule::LDAP::UserAttr'} = 'DN'; $Self->{'AuthModule::LDAP::SearchUserDN'} = 'testuser'; $Self->{'AuthModule::LDAP::SearchUserPw'} = 'p@ssword'; $Self->{'AuthModule::LDAP::AlwaysFilter'} = ''; # $Self->{'AuthModule::LDAP::UserSuffix'} = '@domain.com'; # $Self->{'AuthModule::LDAP::UserLowerCase'} = 0; # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP) $Self->{'AuthModule::LDAP::Params'} = { port => 3268, timeout => 120, async => 0, version => 3, }; # UserSyncLDAPMap # (map if agent should create/synced from LDAP to DB after login) $Self->{UserSyncLDAPMap} = { # DB -> LDAP Firstname => 'givenName', Lastname => 'sn', Email => 'mail', }; # --------------------------------------------------- # # customer authentication settings # # (enable what you need, auth against otrs db, # # against a LDAP directory, against HTTP basic # # authentication and against Radius server) # # --------------------------------------------------- # # This is the auth. module againt the otrs db # $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::DB'; # $Self->{'Customer::AuthModule::DB::Table'} = 'customer_user'; # $Self->{'Customer::AuthModule::DB::CustomerKey'} = 'login'; # $Self->{'Customer::AuthModule::DB::CustomerPassword'} = 'pw'; # $Self->{'Customer::AuthModule::DB::DSN'} = "DBI:mysql:database=customerdb;host=customerdbhost"; # $Self->{'Customer::AuthModule::DB::User'} = "some_user"; # $Self->{'Customer::AuthModule::DB::Password'} = "some_password"; # This is an example configuration for an LDAP auth. backend. # (take care that Net::LDAP is installed!) $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self->{'Customer::AuthModule::LDAP::Host'} = '172.30.3.2'; $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=UserOffice,ou=COMPANYNAMEUsers,dc=nl,dc=COMPANYNAME,dc=local'; $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName'; #$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName'; # The following is valid but would only be necessary if the # anonymous user do NOT have permission to read from the LDAP tree $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=testuser,ou=UserOffice,ou=COMPANYNAMEUsers,dc=nl,dc=COMPANYNAME,dc=l ocal'; $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'p@ssword'; # in case you want to add always one filter to each ldap query, use # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)' # $Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = ''; # in case you want to add a suffix to each customer login name, then # you can use this option. e. g. user just want to use user but # in your ldap directory exists user@domain. # $Self->{'Customer::AuthModule::LDAP::UserSuffix'} = '@domain.com'; # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP) $Self->{'Customer::AuthModule::LDAP::Params'} = { port => 3268, timeout => 120, async => 0, version => 3, }; # This is example configuration to auth. agents against a radius server # $Self->{'Customer::AuthModule'} = 'Kernel::System::Auth::Radius'; # $Self->{'Customer::AuthModule::Radius::Host'} = 'radiushost'; # $Self->{'Customer::AuthModule::Radius::Password'} = 'radiussecret'; # --------------------------------------------------- # # # # Start of config options!!! # # CustomerUser stuff # # # # --------------------------------------------------- # # # CustomerUser # # (customer user database backend and settings) $Self->{CustomerUser} = { Name => 'Database Backend', Module => 'Kernel::System::CustomerUser::DB', Params => { # # if you want to use an external database, add the # # required settings ## DSN => 'DBI:odbc:yourdsn', ## DSN => 'DBI:mysql:database=customerdb;host=customerdbhost', ## User => '', ## Password => '', Table => 'customer_user', }, # # customer uniq id CustomerKey => 'login', # customer # CustomerID => 'customer_id', CustomerValid => 'valid_id', CustomerUserListFields => ['first_name', 'last_name', 'email'], # CustomerUserListFields => ['login', 'first_name', 'last_name', 'customer_id', 'email'], CustomerUserSearchFields => ['login', 'first_name', 'last_name', 'customer_id'], CustomerUserSearchPrefix => '', CustomerUserSearchSuffix => '*', CustomerUserSearchListLimit => 250, CustomerUserPostMasterSearchFields => ['email'], CustomerUserNameFields => ['salutation', 'first_name', 'last_name'], CustomerUserEmailUniqCheck => 1, # # show now own tickets in customer panel, CompanyTickets # CustomerUserExcludePrimaryCustomerID => 0, # # generate auto logins AutoLoginCreation => 1, # generate auto login prefix AutoLoginCreationPrefix => 'auto', # # admin can change customer preferences # AdminSetPreferences => 1, # # just a read only source # ReadOnly => 1, Map => [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly [ 'UserSalutation', 'Salutation', 'salutation', 1, 0, 'var', '', 0 ], [ 'UserFirstname', 'Firstname', 'first_name', 1, 1, 'var', '', 0 ], [ 'UserLastname', 'Lastname', 'last_name', 1, 1, 'var', '', 0 ], [ 'UserLogin', 'Username', 'login', 1, 1, 'var', '', 0 ], [ 'UserPassword', 'Password', 'pw', 0, 0, 'var', '', 0 ], [ 'UserEmail', 'Email', 'email', 0, 1, 'var', '', 0 ], [ 'UserEmail', 'Email', 'email', 1, 1, 'var', '$Env{"CGIHandle"}?Action=AgentTicketCompose&ResponseID=1&TicketID=$Data {"TicketID"}&ArticleID=$Data{"ArticleID"}', 0 ], [ 'UserCustomerID', 'CustomerID', 'customer_id', 0, 1, 'var', '', 0 ], # [ 'UserCustomerIDs', 'CustomerIDs', 'customer_ids', 1, 0, 'var', '', 0 ], [ 'UserComment', 'Comment', 'comments', 1, 0, 'var', '', 0 ], [ 'ValidID', 'Valid', 'valid_id', 0, 1, 'int', '', 0 ], ], # default selections Selections => { # UserSalutation => { # 'Mr.' => 'Mr.', # 'Mrs.' => 'Mrs.', # }, }, }; # CustomerUser # (customer user ldap backend and settings) $Self->{CustomerUser1} = { Name => 'LDAP Backend', Module => 'Kernel::System::CustomerUser::LDAP', Params => { # ldap host Host => '172.30.2.3', # ldap base dn BaseDN => 'ou=UserTrading, ou=COMPANYNAMEUsers, dc=nl, dc=COMPANYNAME, dc=local', # search scope (one|sub) SSCOPE => 'sub', # The following is valid but would only be necessary if the # anonymous user does NOT have permission to read from the LDAP tree UserDN => 'cn=testuser, ou=UserOffice, ou=COMPANYNAMEUsers, dc=nl, dc=COMPANYNAME, dc=local', UserPw => 'p@ssword', # in case you want to add always one filter to each ldap query, use # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)' AlwaysFilter => '', # if your frontend is e. g. iso-8859-1 and the charset of your # ldap server is utf-8, use this options (if not, ignore it) SourceCharset => 'utf-8', DestCharset => 'iso-8859-1', # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP) Params => { port => 3268, timeout => 120, async => 0, version => 3, }, }, # customer uniq id CustomerKey => 'sAMAccountName', # customer # CustomerID => 'mail', CustomerUserListFields => ['sAMAccountName','cn', 'mail'], CustomerUserSearchFields => ['sAMAcountName', 'cn', 'mail'], CustomerUserSearchPrefix => '', CustomerUserSearchSuffix => '*', CustomerUserSearchListLimit => 250, CustomerUserPostMasterSearchFields => ['mail'], CustomerUserNameFields => ['givenname', 'sn'], # show now own tickets in customer panel, CompanyTickets # CustomerUserExcludePrimaryCustomerID => 0, # # add a ldap filter for valid users (expert setting) # # CustomerUserValidFilter => '(!(description=gesperrt))', # # admin can't change customer preferences # AdminSetPreferences => 0, Map => [ # # note: Login, Email and CustomerID needed! # # var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly # [ 'UserSalutation', 'Title', 'title', 1, 0, 'var', '', 0 ], [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var', '', 0 ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var', '', 0 ], [ 'UserLogin', 'login', 'sAMAccountName', 1, 1, 'var', '', 0 ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var', '', 0 ], [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var', '', 0 ], # [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var', '', 0 ], # [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var', '', 0 ], # [ 'UserComment', 'Comment', 'description', 1, 0, 'var', '', 0 ], ], };
Can some one have a look at this configuration please? Regards, ./Ruben From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On Behalf Of Ruben van Vloten Sent: Tuesday, May 08, 2007 12:28 PM To: otrs@otrs.org Subject: [otrs] Can someone please helpwith this nightmare? Customer.pl andActive DirectoryAuthentication problem I really hope someone can helpout here.. Trouble with Authentication of Active directory in Customer.pl section I have tried almost any option I can think of to authenticate against Active directory What works: I can authenticate against ldap in the agent section. This works. I use the sAMAccount for authentication. What doesn't work: I can't authenticate against ldap in the customer section... What is going wrong?? By using ethereal/wireshark I can see the ldap server is being used to in the agent authentication. But in the customer section I see that although that ldap authenticates but doesn't do a lookup for the attempted login. I am trying to use the same details for the agent section and the customer Base DN does this matter? It should regardless do a lookup no? Further more I have create a local customer user named mike, and this user can still authenticate. Also when I create a new user on customer.pl it does check the ldap and sees the user exists when I use the sAMAccountName during registration. Small side question; In the agent ldap section we I need to make a mapping for name, lastname, email for the mysql database. I am a little suppriced the customer section doesn't have this option as such. I have posted my current config below, Thanks for helping out J Ruben # --------------------------------------------------- # # authentication settings # # (enable what you need, auth against otrs db, # # against LDAP directory, agains HTTP basic auth # # or against Radius server) # # --------------------------------------------------- # # This is the auth. module againt the otrs db # $Self->{'AuthModule'} = 'Kernel::System::Auth::DB'; # $Self->{'AuthModule::DB::CryptType'} = 'crypt'; # (take care that Net::LDAP is installed!) $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self->{'AuthModule::LDAP::Host'} = '172.30.2.3'; $Self->{'AuthModule::LDAP::BaseDN'} = 'ou=UserOffice,ou=COMPANYNAMEUsers,dc=nl,dc=COMPANYNAME,dc=local'; $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName'; # # $Self->{'AuthModule::LDAP::GroupDN'} = ''; # # $Self->{'AuthModule::LDAP::AccessAttr'} = ''; # $Self->{'AuthModule::LDAP::UserAttr'} = 'UID'; # $Self->{'AuthModule::LDAP::UserAttr'} = 'DN'; $Self->{'AuthModule::LDAP::SearchUserDN'} = 'testuser'; $Self->{'AuthModule::LDAP::SearchUserPw'} = 'p@ssword'; $Self->{'AuthModule::LDAP::AlwaysFilter'} = ''; # $Self->{'AuthModule::LDAP::UserSuffix'} = '@domain.com'; # $Self->{'AuthModule::LDAP::UserLowerCase'} = 0; # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP) $Self->{'AuthModule::LDAP::Params'} = { port => 3268, timeout => 120, async => 0, version => 3, }; # UserSyncLDAPMap # (map if agent should create/synced from LDAP to DB after login) $Self->{UserSyncLDAPMap} = { # DB -> LDAP Firstname => 'givenName', Lastname => 'sn', Email => 'mail', }; # --------------------------------------------------- # # customer authentication settings # # (enable what you need, auth against otrs db, # # against a LDAP directory, against HTTP basic # # authentication and against Radius server) # # --------------------------------------------------- # # This is the auth. module againt the otrs db # $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::DB'; # $Self->{'Customer::AuthModule::DB::Table'} = 'customer_user'; # $Self->{'Customer::AuthModule::DB::CustomerKey'} = 'login'; # $Self->{'Customer::AuthModule::DB::CustomerPassword'} = 'pw'; # $Self->{'Customer::AuthModule::DB::DSN'} = "DBI:mysql:database=customerdb;host=customerdbhost"; # $Self->{'Customer::AuthModule::DB::User'} = "some_user"; # $Self->{'Customer::AuthModule::DB::Password'} = "some_password"; # This is an example configuration for an LDAP auth. backend. # (take care that Net::LDAP is installed!) $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self->{'Customer::AuthModule::LDAP::Host'} = '172.30.3.2'; $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=UserOffice,ou=COMPANYNAMEUsers,dc=nl,dc=COMPANYNAME,dc=local'; $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName'; #$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName'; # The following is valid but would only be necessary if the # anonymous user do NOT have permission to read from the LDAP tree $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=testuser,ou=UserOffice,ou=COMPANYNAMEUsers,dc=nl,dc=COMPANYNAME,dc=l ocal'; $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'p@ssword'; # in case you want to add always one filter to each ldap query, use # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)' # $Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = ''; # in case you want to add a suffix to each customer login name, then # you can use this option. e. g. user just want to use user but # in your ldap directory exists user@domain. # $Self->{'Customer::AuthModule::LDAP::UserSuffix'} = '@domain.com'; # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP) $Self->{'Customer::AuthModule::LDAP::Params'} = { port => 3268, timeout => 120, async => 0, version => 3, }; # This is example configuration to auth. agents against a radius server # $Self->{'Customer::AuthModule'} = 'Kernel::System::Auth::Radius'; # $Self->{'Customer::AuthModule::Radius::Host'} = 'radiushost'; # $Self->{'Customer::AuthModule::Radius::Password'} = 'radiussecret'; # --------------------------------------------------- # # # # Start of config options!!! # # CustomerUser stuff # # # # --------------------------------------------------- # # # CustomerUser # # (customer user database backend and settings) $Self->{CustomerUser} = { Name => 'Database Backend', Module => 'Kernel::System::CustomerUser::DB', Params => { # # if you want to use an external database, add the # # required settings ## DSN => 'DBI:odbc:yourdsn', ## DSN => 'DBI:mysql:database=customerdb;host=customerdbhost', ## User => '', ## Password => '', Table => 'customer_user', }, # # customer uniq id CustomerKey => 'login', # customer # CustomerID => 'customer_id', CustomerValid => 'valid_id', CustomerUserListFields => ['first_name', 'last_name', 'email'], # CustomerUserListFields => ['login', 'first_name', 'last_name', 'customer_id', 'email'], CustomerUserSearchFields => ['login', 'first_name', 'last_name', 'customer_id'], CustomerUserSearchPrefix => '', CustomerUserSearchSuffix => '*', CustomerUserSearchListLimit => 250, CustomerUserPostMasterSearchFields => ['email'], CustomerUserNameFields => ['salutation', 'first_name', 'last_name'], CustomerUserEmailUniqCheck => 1, # # show now own tickets in customer panel, CompanyTickets # CustomerUserExcludePrimaryCustomerID => 0, # # generate auto logins AutoLoginCreation => 1, # generate auto login prefix AutoLoginCreationPrefix => 'auto', # # admin can change customer preferences # AdminSetPreferences => 1, # # just a read only source # ReadOnly => 1, Map => [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly [ 'UserSalutation', 'Salutation', 'salutation', 1, 0, 'var', '', 0 ], [ 'UserFirstname', 'Firstname', 'first_name', 1, 1, 'var', '', 0 ], [ 'UserLastname', 'Lastname', 'last_name', 1, 1, 'var', '', 0 ], [ 'UserLogin', 'Username', 'login', 1, 1, 'var', '', 0 ], [ 'UserPassword', 'Password', 'pw', 0, 0, 'var', '', 0 ], [ 'UserEmail', 'Email', 'email', 0, 1, 'var', '', 0 ], [ 'UserEmail', 'Email', 'email', 1, 1, 'var', '$Env{"CGIHandle"}?Action=AgentTicketCompose&ResponseID=1&TicketID=$Data {"TicketID"}&ArticleID=$Data{"ArticleID"}', 0 ], [ 'UserCustomerID', 'CustomerID', 'customer_id', 0, 1, 'var', '', 0 ], # [ 'UserCustomerIDs', 'CustomerIDs', 'customer_ids', 1, 0, 'var', '', 0 ], [ 'UserComment', 'Comment', 'comments', 1, 0, 'var', '', 0 ], [ 'ValidID', 'Valid', 'valid_id', 0, 1, 'int', '', 0 ], ], # default selections Selections => { # UserSalutation => { # 'Mr.' => 'Mr.', # 'Mrs.' => 'Mrs.', # }, }, }; # CustomerUser # (customer user ldap backend and settings) $Self->{CustomerUser1} = { Name => 'LDAP Backend', Module => 'Kernel::System::CustomerUser::LDAP', Params => { # ldap host Host => '172.30.2.3', # ldap base dn BaseDN => 'ou=UserTrading, ou=COMPANYNAMEUsers, dc=nl, dc=COMPANYNAME, dc=local', # search scope (one|sub) SSCOPE => 'sub', # The following is valid but would only be necessary if the # anonymous user does NOT have permission to read from the LDAP tree UserDN => 'cn=testuser, ou=UserOffice, ou=COMPANYNAMEUsers, dc=nl, dc=COMPANYNAME, dc=local', UserPw => 'p@ssword', # in case you want to add always one filter to each ldap query, use # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)' AlwaysFilter => '', # if your frontend is e. g. iso-8859-1 and the charset of your # ldap server is utf-8, use this options (if not, ignore it) SourceCharset => 'utf-8', DestCharset => 'iso-8859-1', # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP) Params => { port => 3268, timeout => 120, async => 0, version => 3, }, }, # customer uniq id CustomerKey => 'sAMAccountName', # customer # CustomerID => 'mail', CustomerUserListFields => ['sAMAccountName','cn', 'mail'], CustomerUserSearchFields => ['sAMAcountName', 'cn', 'mail'], CustomerUserSearchPrefix => '', CustomerUserSearchSuffix => '*', CustomerUserSearchListLimit => 250, CustomerUserPostMasterSearchFields => ['mail'], CustomerUserNameFields => ['givenname', 'sn'], # show now own tickets in customer panel, CompanyTickets # CustomerUserExcludePrimaryCustomerID => 0, # # add a ldap filter for valid users (expert setting) # # CustomerUserValidFilter => '(!(description=gesperrt))', # # admin can't change customer preferences # AdminSetPreferences => 0, Map => [ # # note: Login, Email and CustomerID needed! # # var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly # [ 'UserSalutation', 'Title', 'title', 1, 0, 'var', '', 0 ], [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var', '', 0 ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var', '', 0 ], [ 'UserLogin', 'login', 'sAMAccountName', 1, 1, 'var', '', 0 ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var', '', 0 ], [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var', '', 0 ], # [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var', '', 0 ], # [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var', '', 0 ], # [ 'UserComment', 'Comment', 'description', 1, 0, 'var', '', 0 ], ], };
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Ruben,
In the agent ldap section we I need to make a mapping for name, lastname, email for the mysql database.
I am a little suppriced the customer section doesn?t have this option as such.
...there is such a mapping for the customer backend as well. The section starts with "Map => [ ..." Apparently it is already contained in the configuration you posted.
# This is an example configuration for an LDAP auth. backend. # (take care that Net::LDAP is installed!) $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self->{'Customer::AuthModule::LDAP::Host'} = '172.30.3.2'; $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=UserOffice,ou=COMPANYNAMEUsers,dc=nl,dc=COMPANYNAME,dc=local';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName'; #$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
...maybe you should uncomment this line to authenticate customers against the LDAP.The line before refers to the agent login and is already included in your configuration (few lines above). regards, Torsten Thau - -- Torsten Thau, Dipl. Inform. c.a.p.e. IT Labs GbR - Annaberger Str. 240 - D-09125 Chemnitz phone: +49 371 5347 623 cell: +49 176 66 680 680 pgp-key: 0x292F987D fax: +49 371 5347 625 http://www.cape-it.de -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFGQbRGvXo8m5PgoXQRArGxAJ9zjlzitY7iI9GrnJ8wTfgjQW5qvACeP/ej P6+vCWT+F7AKSBqZmT58sPU= =8SC5 -----END PGP SIGNATURE-----
participants (2)
-
Ruben van Vloten -
Torsten Thau