Hell - it's my fist steps in otrs instalations. i've got problem with LDAP Auth Whe i trying to auth using my AD user - otrs@mydomain.com member of group - otrs_allow_customer i'm getting error: Message: First bind failed! 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece Traceback (1311): Module: Kernel::System::CustomerUser::LDAP::new (v1.53) Line: 151 Module: Kernel::System::CustomerUser::new (v1.55) Line: 105 Module: Kernel::System::CustomerAuth::new (v1.29) Line: 95 Module: Kernel::System::Web::InterfaceCustomer::Run (v1.41.2.1) Line: 667 Module: ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_customer_2epl::handler (unknown version) Line: 48 Module: (eval) (v1.42) Line: 204 Module: ModPerl::RegistryCooker::run (v1.42) Line: 204 Module: ModPerl::RegistryCooker::default_handler (v1.42) Line: 170 Module: ModPerl::Registry::handler (v1.99) Line: 31 Cant find the reason.... Here is my config.pm _____________________________________ cat /opt/otrs/Kernel/Config.pm # -- # Kernel/Config.pm - Config file for OTRS kernel # Copyright (C) 2001-2009 OTRS AG, http://otrs.org/ # -- # $Id: Config.pm.dist,v 1.21 2009/02/16 12:01:43 tr Exp $ # -- # This software comes with ABSOLUTELY NO WARRANTY. For details, see # the enclosed file COPYING for license information (AGPL). If you # did not receive this file, see http://www.gnu.org/licenses/agpl.txt. # -- # Note: # # -->> OTRS does have a lot of config settings. For more settings # (Notifications, Ticket::ViewAccelerator, Ticket::NumberGenerator, # LDAP, PostMaster, Session, Preferences, ...) see # Kernel/Config/Defaults.pm and copy your wanted lines into "this" # config file. This file will not be changed on update! # # -- package Kernel::Config; sub Load { my $Self = shift; # ---------------------------------------------------- # # ---------------------------------------------------- # # # # Start of your own config options!!! # # # # ---------------------------------------------------- # # ---------------------------------------------------- # # ---------------------------------------------------- # # database settings # # ---------------------------------------------------- # # DatabaseHost # (The database host.) $Self->{'DatabaseHost'} = 'localhost'; # Database # (The database name.) $Self->{'Database'} = 'otrs'; # DatabaseUser # (The database user.) $Self->{'DatabaseUser'} = 'otrs'; # DatabasePw # (The password of database user. You also can use bin/CryptPassword.pl # for crypted passwords.) $Self->{'DatabasePw'} = 'mydbpassw'; # DatabaseDSN # (The database DSN for MySQL ==> more: "man DBD::mysql") $Self->{DatabaseDSN} = "DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost};"; # (The database DSN for PostgreSQL ==> more: "man DBD::Pg") # if you want to use a local socket connection # $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};"; # if you want to use a tcpip connection # $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};host=$Self->{DatabaseHost};"; # ---------------------------------------------------- # # fs root directory # ---------------------------------------------------- # $Self->{Home} = '/opt/otrs'; # ---------------------------------------------------- # # insert your own config settings "here" # # config settings taken from Kernel/Config/Defaults.pm # # ---------------------------------------------------- # # $Self->{SessionUseCookie} = 0; # $Self->{CheckMXRecord} = 0; # ---------------------------------------------------- # # ---------------------------------------------------- # # data inserted by installer # # ---------------------------------------------------- # # $DIBI$ $Self->{'SystemID'} = 10; $Self->{'SecureMode'} = 1; $Self->{'Organization'} = 'MyCompany'; $Self->{'LogModule::LogFile'} = '/tmp/otrs.log'; $Self->{'LogModule'} = 'Kernel::System::Log::SysLog'; $Self->{'FQDN'} = 'dlt-otrs.mydomain.ru'; $Self->{'DefaultLanguage'} = 'ru'; $Self->{'AdminEmail'} = 'otrs@mydomain.ru'; $Self->{'DefaultCharset'} = 'utf-8'; ######################################################MY################################################# # This is an example configuration for an LDAP auth. backend. # (take care that Net::LDAP is installed!) $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self->{'Customer::AuthModule::LDAP::Host'} = 'dc-dlt.mydomain.ru'; $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=mydomain,dc=ru'; $Self->{'Customer::AuthModule::LDAP::UID'} = 'uid'; # Check if the user is allowed to auth in a posixGroup # (e. g. user needs to be in a group xyz to use otrs) $Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'cn=otrs_allow_Customer,ou=IT,ou=AnotherOU,dc=mercury,dc=ru'; $Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'memberUid'; # for ldap posixGroups objectclass (just uid) $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID'; # for non ldap posixGroups objectclass (full user dn) # $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN'; # The following is valid but would only be necessary if the # anonymous user do NOT have permission to read from the LDAP tree $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrs'; $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'mypassword'; # in case you want to add always one filter to each ldap query, use # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)' # $Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = ''; # in case you want to add a suffix to each customer login name, then # you can use this option. e. g. user just want to use user but # in your ldap directory exists user@domain. # $Self->{'Customer::AuthModule::LDAP::UserSuffix'} = '@mydomain.ru'; # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP) $Self->{'Customer::AuthModule::LDAP::Params'} = { port => 389, timeout => 120, async => 0, version => 3, }; # Die if backend can't work, e. g. can't connect to server. $Self->{'Customer::AuthModule::LDAP::Die'} = 1; # CustomerUser # (customer user ldap backend and settings) $Self->{CustomerUser} = { Name => 'LDAP Backend', Module => 'Kernel::System::CustomerUser::LDAP', Params => { # # ldap host Host => 'dc-dlt.mydomain.ru', # # ldap base dn BaseDN => 'ou=Users,ou=IT,ou=AnotherOU,dc=mydomain,dc=ru', # # search scope (one|sub) SSCOPE => 'sub', # # The following is valid but would only be necessary if the # # anonymous user does NOT have permission to read from the LDAP tree UserDN => 'otrs', UserPw => 'mypassword', # # in case you want to add always one filter to each ldap query, use # # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)' # AlwaysFilter => '', # # if your frontend is e. g. iso-8859-1 and the charset of your # # ldap server is utf-8, use this options (if not, ignore it) # SourceCharset => 'utf-8', # DestCharset => 'iso-8859-1', # # die if backend can't work, e. g. can't connect to server Die => 1, # # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP) Params => { port => 389, timeout => 120, async => 0, version => 3, }, }, # # customer uniq id CustomerKey => 'uid', # # customer # CustomerID => 'mail', CustomerUserListFields => ['cn', 'mail'], CustomerUserSearchFields => ['uid', 'cn', 'mail'], CustomerUserSearchPrefix => '', CustomerUserSearchSuffix => '*', CustomerUserSearchListLimit => 250, CustomerUserPostMasterSearchFields => ['mail'], CustomerUserNameFields => ['givenname', 'sn'], # # show not own tickets in customer panel, CompanyTickets CustomerUserExcludePrimaryCustomerID => 0, # # add a ldap filter for valid users (expert setting) # # CustomerUserValidFilter => '(!(description=gesperrt))', # # admin can't change customer preferences # AdminSetPreferences => 0, # # cache time to life in sec. - cache any ldap queris CacheTTL => 0, Map => [ # # note: Login, Email and CustomerID needed! # # var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly # [ 'UserSalutation', 'Title', 'title', 1, 0, 'var', '', 0 ], # [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var', '', 0 ], # [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var', '', 0 ], [ 'UserLogin', 'Username', 'uid', 1, 1, 'var', '', 0 ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var', '', 0 ], [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var', '', 0 ], # # [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1, 0, 'var', '', 0 ], # [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var', '', 0 ], # [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var', '', 0 ], # [ 'UserComment', 'Comment', 'description', 1, 0, 'var', '', 0 ], ], }; # ---------------------------------------------------- # # ---------------------------------------------------- # # # # End of your own config options!!! # # # # ---------------------------------------------------- # # ---------------------------------------------------- # } # ---------------------------------------------------- # # needed system stuff (don't edit this) # # ---------------------------------------------------- # use strict; use warnings; use vars qw(@ISA $VERSION); use Kernel::Config::Defaults; push (@ISA, 'Kernel::Config::Defaults'); use vars qw(@ISA $VERSION); $VERSION = qw($Revision: 1.21 $)[1]; # -----------------------------------------------------# -- Best regards