Hi, I am not able to intergrate my current AD to the otrs system. The system log shows this message: Tue Nov 24 17:03:25 2009 error OTRS-CGI-10 First bind failed! 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece� This is my config.pm the portion that is above “End of own config”. Can anyone help me with this? Thanks. #Start of LDAP #Enable LDAP authentication for Customers / Users $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self->{'Customer::AuthModule::LDAP::Host'} = '10.200.1.1'; $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=Users,dc=abc,dc=com'; $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName'; #The following is valid but would only be necessary if the #anonymous user do NOT have permission to read from the LDAP tree $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrs'; $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'password'; #CustomerUser #(customer user database backend and settings) $Self->{CustomerUser} = { Module => 'Kernel::System::CustomerUser::LDAP', Params => { Host => '10.200.1.1', BaseDN => 'OU=Users,DC=abc,DC=com', SSCOPE => 'sub', UserDN =>'CN=otrs,OU=Users,DC=abc,DC=com', UserPw => 'password', }, # customer unique id CustomerKey => 'sAMAccountName', # customer # CustomerID => 'mail', CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchPrefix => '', CustomerUserSearchSuffix => '*', CustomerUserSearchListLimit => 250, CustomerUserPostMasterSearchFields => ['mail'], CustomerUserNameFields => ['givenname', 'sn'], Map => [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown, required, storage-type #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ], [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ], [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ], [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ], [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ], #[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ], #[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ], ], }; #Add the following lines when only users are allowed to login if they reside in the spicified security group #Remove these lines if you want to provide login to all users specified in the User Base DN #example: $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=BaseOU, dc=example, dc=com'; # $Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'CN=otrs_ldap_allow_C,OU=Groups,OU=BaseOU,DC=example,DC=com'; # $Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member'; # $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN' #End of LDAP Regards, Zak ##################################################################################### This email is confidential and intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing or copying of this email is strictly prohibited. If you have received this email in error please contact the sender. #####################################################################################
Hi Zak Do you have the full Distinguished Name for the search account? ($Self->{'Customer::AuthModule: :LDAP::SearchUserDN'}) I can always send you my blank config which is working OK if you want? Regards, David On Tue, Nov 24, 2009 at 9:08 AM, Mohamed Zakaria < mohamedzakaria@msiships.com> wrote:
Hi,
I am not able to intergrate my current AD to the otrs system. The system log shows this message:
Tue Nov 24 17:03:25 2009 error OTRS-CGI-10 First bind failed! 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece�
This is my config.pm the portion that is above “End of own config”. Can anyone help me with this? Thanks.
#Start of LDAP
#Enable LDAP authentication for Customers / Users
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = '10.200.1.1';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=Users,dc=abc,dc=com';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrs';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'password';
#CustomerUser
#(customer user database backend and settings)
$Self->{CustomerUser} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => '10.200.1.1',
BaseDN => 'OU=Users,DC=abc,DC=com',
SSCOPE => 'sub',
UserDN =>'CN=otrs,OU=Users,DC=abc,DC=com',
UserPw => 'password',
},
# customer unique id
CustomerKey => 'sAMAccountName',
# customer #
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
#[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
#[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
#[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
#Add the following lines when only users are allowed to login if they reside in the spicified security group
#Remove these lines if you want to provide login to all users specified in the User Base DN
#example: $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=BaseOU, dc=example, dc=com';
# $Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'CN=otrs_ldap_allow_C,OU=Groups,OU=BaseOU,DC=example,DC=com';
# $Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
# $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN'
#End of LDAP
Regards,
Zak ------------------------------ This email is confidential and intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing or copying of this email is strictly prohibited. If you have received this email in error please contact the sender. ------------------------------
--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
Hi David,
Thanks for your prompt reply, really appreciate it. Please do send me the blank config to me. But my current config does have the SearchUserDN.
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrs';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'password';
Thanks.
Regards,
Zak
From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On Behalf Of David Holder
Sent: Tuesday, November 24, 2009 5:42 PM
To: User questions and discussions about OTRS.
Subject: Re: [otrs] LDAP Intregration
Hi Zak
Do you have the full Distinguished Name for the search account? ($Self->{'Customer::AuthModule:
:LDAP::SearchUserDN'})
I can always send you my blank config which is working OK if you want?
Regards,
David
On Tue, Nov 24, 2009 at 9:08 AM, Mohamed Zakaria
Hi Zak, E-mail has been sent to you directly, With regards to my previous comment I was just wondering if your config contains the full DN of the otrs searcher account, so where you've put: $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrs'; but in your live config it's actually: $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=otrs,ou=OTRS LDAP Searcher,dc=companyname,dc=local'; Let us know how you get on :) Regards, David On Tue, Nov 24, 2009 at 9:46 AM, Mohamed Zakaria < mohamedzakaria@msiships.com> wrote:
Hi David,
Thanks for your prompt reply, really appreciate it. Please do send me the blank config to me. But my current config does have the SearchUserDN.
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrs';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'password';
Thanks.
Regards,
Zak
*From:* otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] *On Behalf Of *David Holder *Sent:* Tuesday, November 24, 2009 5:42 PM *To:* User questions and discussions about OTRS. *Subject:* Re: [otrs] LDAP Intregration
Hi Zak
Do you have the full Distinguished Name for the search account? ($Self->{'Customer::AuthModule:
:LDAP::SearchUserDN'})
I can always send you my blank config which is working OK if you want?
Regards,
David
On Tue, Nov 24, 2009 at 9:08 AM, Mohamed Zakaria < mohamedzakaria@msiships.com> wrote:
Hi,
I am not able to intergrate my current AD to the otrs system. The system log shows this message:
Tue Nov 24 17:03:25 2009 error OTRS-CGI-10 First bind failed! 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece�
This is my config.pm the portion that is above “End of own config”. Can anyone help me with this? Thanks.
#Start of LDAP
#Enable LDAP authentication for Customers / Users
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = '10.200.1.1';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=Users,dc=abc,dc=com';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrs';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'password';
#CustomerUser
#(customer user database backend and settings)
$Self->{CustomerUser} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => '10.200.1.1',
BaseDN => 'OU=Users,DC=abc,DC=com',
SSCOPE => 'sub',
UserDN =>'CN=otrs,OU=Users,DC=abc,DC=com',
UserPw => 'password',
},
# customer unique id
CustomerKey => 'sAMAccountName',
# customer #
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
#[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
#[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
#[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
#Add the following lines when only users are allowed to login if they reside in the spicified security group
#Remove these lines if you want to provide login to all users specified in the User Base DN
#example: $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=BaseOU, dc=example, dc=com';
# $Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'CN=otrs_ldap_allow_C,OU=Groups,OU=BaseOU,DC=example,DC=com';
# $Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
# $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN'
#End of LDAP
Regards,
Zak ------------------------------
This email is confidential and intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing or copying of this email is strictly prohibited. If you have received this email in error please contact the sender. ------------------------------
--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
------------------------------ This email is confidential and intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing or copying of this email is strictly prohibited. If you have received this email in error please contact the sender. ------------------------------
--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
Hi Mohamed, a.f.a.i.k. the path to the default container "Users" is not "ou=Users,dc=some,dc=domain", but "cn=Users,dc=some,dc=domain". You can check this by searching for a user with the following command: dsquery user -name someusername where "someusername" is a user in the container Users or one of its subcontainers. Could this be the simple reason for your problem. Regards Markus Mohamed Zakaria schrieb:
Hi,
I am not able to intergrate my current AD to the otrs system. The system log shows this message:
Tue Nov 24 17:03:25 2009 error OTRS-CGI-10 First bind failed! 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece�
This is my config.pm the portion that is above “End of own config”. Can anyone help me with this? Thanks.
#Start of LDAP
#Enable LDAP authentication for Customers / Users
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = '10.200.1.1';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=Users,dc=abc,dc=com';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrs';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'password';
#CustomerUser
#(customer user database backend and settings)
$Self->{CustomerUser} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => '10.200.1.1',
BaseDN => 'OU=Users,DC=abc,DC=com',
SSCOPE => 'sub',
UserDN =>'CN=otrs,OU=Users,DC=abc,DC=com',
UserPw => 'password',
},
# customer unique id
CustomerKey => 'sAMAccountName',
# customer #
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
#[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
#[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
#[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
#Add the following lines when only users are allowed to login if they reside in the spicified security group
#Remove these lines if you want to provide login to all users specified in the User Base DN
#example: $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=BaseOU, dc=example, dc=com';
# $Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'CN=otrs_ldap_allow_C,OU=Groups,OU=BaseOU,DC=example,DC=com';
# $Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
# $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN'
#End of LDAP
Regards,
Zak
------------------------------------------------------------------------ This email is confidential and intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing or copying of this email is strictly prohibited. If you have received this email in error please contact the sender. ------------------------------------------------------------------------
------------------------------------------------------------------------
--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
Dear Mr Markus, Thank you for your suggestion. I tried to change it to "cn=otrs,cn=Users,dc=abc,dc=com". But still have the same error. Regards, Zak -----Original Message----- From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On Behalf Of Markus Nagel Sent: Wednesday, November 25, 2009 12:42 AM To: otrs@otrs.org Subject: Re: [otrs] LDAP Intregration Hi Mohamed, a.f.a.i.k. the path to the default container "Users" is not "ou=Users,dc=some,dc=domain", but "cn=Users,dc=some,dc=domain". You can check this by searching for a user with the following command: dsquery user -name someusername where "someusername" is a user in the container Users or one of its subcontainers. Could this be the simple reason for your problem. Regards Markus Mohamed Zakaria schrieb:
Hi,
I am not able to intergrate my current AD to the otrs system. The system log shows this message:
Tue Nov 24 17:03:25 2009 error OTRS-CGI-10 First bind failed! 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece�
This is my config.pm the portion that is above “End of own config”. Can anyone help me with this? Thanks.
#Start of LDAP
#Enable LDAP authentication for Customers / Users
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = '10.200.1.1';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=Users,dc=abc,dc=com';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrs';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'password';
#CustomerUser
#(customer user database backend and settings)
$Self->{CustomerUser} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => '10.200.1.1',
BaseDN => 'OU=Users,DC=abc,DC=com',
SSCOPE => 'sub',
UserDN =>'CN=otrs,OU=Users,DC=abc,DC=com',
UserPw => 'password',
},
# customer unique id
CustomerKey => 'sAMAccountName',
# customer #
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
#[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
#[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
#[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
#Add the following lines when only users are allowed to login if they reside in the spicified security group
#Remove these lines if you want to provide login to all users specified in the User Base DN
#example: $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=BaseOU, dc=example, dc=com';
# $Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'CN=otrs_ldap_allow_C,OU=Groups,OU=BaseOU,DC=example,DC=com';
# $Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
# $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN'
#End of LDAP
Regards,
Zak
------------------------------------------------------------------------ This email is confidential and intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing or copying of this email is strictly prohibited. If you have received this email in error please contact the sender. ------------------------------------------------------------------------
------------------------------------------------------------------------
--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/ ##################################################################################### This email is confidential and intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing or copying of this email is strictly prohibited. If you have received this email in error please contact the sender. #####################################################################################
Dear Zak, you need to replace it everywhere it occurs, i.e.: $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'cn=Users,dc=abc,dc=com'; Hth Markus Nagel Mohamed Zakaria schrieb:
Dear Mr Markus,
Thank you for your suggestion. I tried to change it to "cn=otrs,cn=Users,dc=abc,dc=com". But still have the same error.
Regards, Zak
-----Original Message----- From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On Behalf Of Markus Nagel Sent: Wednesday, November 25, 2009 12:42 AM To: otrs@otrs.org Subject: Re: [otrs] LDAP Intregration
Hi Mohamed, a.f.a.i.k. the path to the default container "Users" is not "ou=Users,dc=some,dc=domain", but "cn=Users,dc=some,dc=domain". You can check this by searching for a user with the following command: dsquery user -name someusername where "someusername" is a user in the container Users or one of its subcontainers. Could this be the simple reason for your problem.
Regards Markus
Mohamed Zakaria schrieb:
Hi,
I am not able to intergrate my current AD to the otrs system. The system log shows this message:
Tue Nov 24 17:03:25 2009 error OTRS-CGI-10 First bind failed! 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece�
This is my config.pm the portion that is above “End of own config”. Can anyone help me with this? Thanks.
#Start of LDAP
#Enable LDAP authentication for Customers / Users
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = '10.200.1.1';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=Users,dc=abc,dc=com';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrs';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'password';
#CustomerUser
#(customer user database backend and settings)
$Self->{CustomerUser} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => '10.200.1.1',
BaseDN => 'OU=Users,DC=abc,DC=com',
SSCOPE => 'sub',
UserDN =>'CN=otrs,OU=Users,DC=abc,DC=com',
UserPw => 'password',
},
# customer unique id
CustomerKey => 'sAMAccountName',
# customer #
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
#[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
#[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
#[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
#Add the following lines when only users are allowed to login if they reside in the spicified security group
#Remove these lines if you want to provide login to all users specified in the User Base DN
#example: $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=BaseOU, dc=example, dc=com';
# $Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'CN=otrs_ldap_allow_C,OU=Groups,OU=BaseOU,DC=example,DC=com';
# $Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
# $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN'
#End of LDAP
Regards,
Zak
------------------------------------------------------------------------ This email is confidential and intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing or copying of this email is strictly prohibited. If you have received this email in error please contact the sender. ------------------------------------------------------------------------
------------------------------------------------------------------------
--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
##################################################################################### This email is confidential and intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing or copying of this email is strictly prohibited. If you have received this email in error please contact the sender. ##################################################################################### --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
As a test, the way I got ours to work was to use the base DN everywhere (dc=domain, dc=local). Once that bit works, you can then start to drill down to the relevant OU's. -----Original Message----- From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On Behalf Of Markus Nagel Sent: 25 November 2009 06:35 To: otrs@otrs.org Subject: Re: [otrs] LDAP Intregration Dear Zak, you need to replace it everywhere it occurs, i.e.: $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'cn=Users,dc=abc,dc=com'; Hth Markus Nagel Mohamed Zakaria schrieb:
Dear Mr Markus,
Thank you for your suggestion. I tried to change it to "cn=otrs,cn=Users,dc=abc,dc=com". But still have the same error.
Regards, Zak
-----Original Message----- From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On Behalf Of Markus Nagel Sent: Wednesday, November 25, 2009 12:42 AM To: otrs@otrs.org Subject: Re: [otrs] LDAP Intregration
Hi Mohamed, a.f.a.i.k. the path to the default container "Users" is not "ou=Users,dc=some,dc=domain", but "cn=Users,dc=some,dc=domain". You can check this by searching for a user with the following command: dsquery user -name someusername where "someusername" is a user in the container Users or one of its subcontainers. Could this be the simple reason for your problem.
Regards Markus
Mohamed Zakaria schrieb:
Hi,
I am not able to intergrate my current AD to the otrs system. The system log shows this message:
Tue Nov 24 17:03:25 2009 error OTRS-CGI-10 First bind failed! 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
This is my config.pm the portion that is above “End of own config”. Can anyone help me with this? Thanks.
#Start of LDAP
#Enable LDAP authentication for Customers / Users
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = '10.200.1.1';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=Users,dc=abc,dc=com';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrs';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'password';
#CustomerUser
#(customer user database backend and settings)
$Self->{CustomerUser} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => '10.200.1.1',
BaseDN => 'OU=Users,DC=abc,DC=com',
SSCOPE => 'sub',
UserDN =>'CN=otrs,OU=Users,DC=abc,DC=com',
UserPw => 'password',
},
# customer unique id
CustomerKey => 'sAMAccountName',
# customer #
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
#[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
#[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
#[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
#Add the following lines when only users are allowed to login if they reside in the spicified security group
#Remove these lines if you want to provide login to all users specified in the User Base DN
#example: $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=BaseOU, dc=example, dc=com';
# $Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'CN=otrs_ldap_allow_C,OU=Groups,OU=BaseOU,DC=example,DC=com';
# $Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
# $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN'
#End of LDAP
Regards,
Zak
--------------------------------------------------------------------- --- This email is confidential and intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing or copying of this email is strictly prohibited. If you have received this email in error please contact the sender. --------------------------------------------------------------------- ---
--------------------------------------------------------------------- ---
--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
###################################################################### ############### This email is confidential and intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing or copying of this email is strictly prohibited. If you have received this email in error please contact the sender. ###################################################################### ############### --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/ One Call Insurance Services Ltd - Registered Office 88-90 St Sepulchre Gate, Doncaster. DN1 1SD. Registered in England No 04693136 Telephone: 0871 2828888 Fax: 01302 321191 Authorised and regulated by the Financial Services Authority for general insurance business. You can check this by visiting the FSA website at www.fsa.gov.uk/register Our FSA firm reference number is 302961 for important information about the company please refer to www.onecalldirect.co.uk Confidentiality Notice This electronic transmission (and/or documents accompanying it) may contain confidential information belonging to the sender. The information is intended only for the use of the individual or entity named as the recipient. If you are not the intended recipient you are hereby notified that disclosure, copying, distribution or the taking of any action in reliance of the contents of this information is unauthorised and strictly prohibited. In this instant, please therefore destroy the same and notify the sender immediately. E-mail communications cannot be guaranteed to be secure or error free. Anyone who communicates with us by email is taken to accept these risks. Disclaimer added by CodeTwo Exchange Rules 2007 http://www.codetwo.com
Dear Tony, Thanks, That did the trick. Regards, Zak -----Original Message----- From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On Behalf Of Tony Johncock Sent: Wednesday, November 25, 2009 4:10 PM To: User questions and discussions about OTRS. Subject: Re: [otrs] LDAP Intregration As a test, the way I got ours to work was to use the base DN everywhere (dc=domain, dc=local). Once that bit works, you can then start to drill down to the relevant OU's. -----Original Message----- From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On Behalf Of Markus Nagel Sent: 25 November 2009 06:35 To: otrs@otrs.org Subject: Re: [otrs] LDAP Intregration Dear Zak, you need to replace it everywhere it occurs, i.e.: $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'cn=Users,dc=abc,dc=com'; Hth Markus Nagel Mohamed Zakaria schrieb:
Dear Mr Markus,
Thank you for your suggestion. I tried to change it to "cn=otrs,cn=Users,dc=abc,dc=com". But still have the same error.
Regards, Zak
-----Original Message----- From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On Behalf Of Markus Nagel Sent: Wednesday, November 25, 2009 12:42 AM To: otrs@otrs.org Subject: Re: [otrs] LDAP Intregration
Hi Mohamed, a.f.a.i.k. the path to the default container "Users" is not "ou=Users,dc=some,dc=domain", but "cn=Users,dc=some,dc=domain". You can check this by searching for a user with the following command: dsquery user -name someusername where "someusername" is a user in the container Users or one of its subcontainers. Could this be the simple reason for your problem.
Regards Markus
Mohamed Zakaria schrieb:
Hi,
I am not able to intergrate my current AD to the otrs system. The system log shows this message:
Tue Nov 24 17:03:25 2009 error OTRS-CGI-10 First bind failed! 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
This is my config.pm the portion that is above "End of own config". Can anyone help me with this? Thanks.
#Start of LDAP
#Enable LDAP authentication for Customers / Users
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = '10.200.1.1';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=Users,dc=abc,dc=com';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrs';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'password';
#CustomerUser
#(customer user database backend and settings)
$Self->{CustomerUser} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => '10.200.1.1',
BaseDN => 'OU=Users,DC=abc,DC=com',
SSCOPE => 'sub',
UserDN =>'CN=otrs,OU=Users,DC=abc,DC=com',
UserPw => 'password',
},
# customer unique id
CustomerKey => 'sAMAccountName',
# customer #
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
#[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
#[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
#[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
#Add the following lines when only users are allowed to login if they reside in the spicified security group
#Remove these lines if you want to provide login to all users specified in the User Base DN
#example: $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=BaseOU, dc=example, dc=com';
# $Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'CN=otrs_ldap_allow_C,OU=Groups,OU=BaseOU,DC=example,DC=com';
# $Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
# $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN'
#End of LDAP
Regards,
Zak
--------------------------------------------------------------------- --- This email is confidential and intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing or copying of this email is strictly prohibited. If you have received this email in error please contact the sender. --------------------------------------------------------------------- ---
--------------------------------------------------------------------- ---
--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
###################################################################### ############### This email is confidential and intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing or copying of this email is strictly prohibited. If you have received this email in error please contact the sender. ###################################################################### ############### --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/ One Call Insurance Services Ltd - Registered Office 88-90 St Sepulchre Gate, Doncaster. DN1 1SD. Registered in England No 04693136 Telephone: 0871 2828888 Fax: 01302 321191 Authorised and regulated by the Financial Services Authority for general insurance business. You can check this by visiting the FSA website at www.fsa.gov.uk/register Our FSA firm reference number is 302961 for important information about the company please refer to www.onecalldirect.co.uk Confidentiality Notice This electronic transmission (and/or documents accompanying it) may contain confidential information belonging to the sender. The information is intended only for the use of the individual or entity named as the recipient. If you are not the intended recipient you are hereby notified that disclosure, copying, distribution or the taking of any action in reliance of the contents of this information is unauthorised and strictly prohibited. In this instant, please therefore destroy the same and notify the sender immediately. E-mail communications cannot be guaranteed to be secure or error free. Anyone who communicates with us by email is taken to accept these risks. Disclaimer added by CodeTwo Exchange Rules 2007 http://www.codetwo.com --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/ ##################################################################################### This email is confidential and intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing or copying of this email is strictly prohibited. If you have received this email in error please contact the sender. #####################################################################################
Glad to help - I had many problems with LDAP just like you until I worked out that OTRS can search from the base DN. Not criticism in any way but perhaps the documentation could be made a little clearer on OTRS's abilities in this? I would suggest it's far more powerful and versatile than the docs give the impression of being. -----Original Message----- From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On Behalf Of Mohamed Zakaria Sent: 30 November 2009 02:21 To: User questions and discussions about OTRS. Subject: Re: [otrs] LDAP Intregration Dear Tony, Thanks, That did the trick. Regards, Zak -----Original Message----- From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On Behalf Of Tony Johncock Sent: Wednesday, November 25, 2009 4:10 PM To: User questions and discussions about OTRS. Subject: Re: [otrs] LDAP Intregration As a test, the way I got ours to work was to use the base DN everywhere (dc=domain, dc=local). Once that bit works, you can then start to drill down to the relevant OU's. -----Original Message----- From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On Behalf Of Markus Nagel Sent: 25 November 2009 06:35 To: otrs@otrs.org Subject: Re: [otrs] LDAP Intregration Dear Zak, you need to replace it everywhere it occurs, i.e.: $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'cn=Users,dc=abc,dc=com'; Hth Markus Nagel Mohamed Zakaria schrieb:
Dear Mr Markus,
Thank you for your suggestion. I tried to change it to "cn=otrs,cn=Users,dc=abc,dc=com". But still have the same error.
Regards, Zak
-----Original Message----- From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On Behalf Of Markus Nagel Sent: Wednesday, November 25, 2009 12:42 AM To: otrs@otrs.org Subject: Re: [otrs] LDAP Intregration
Hi Mohamed, a.f.a.i.k. the path to the default container "Users" is not "ou=Users,dc=some,dc=domain", but "cn=Users,dc=some,dc=domain". You can check this by searching for a user with the following command: dsquery user -name someusername where "someusername" is a user in the container Users or one of its subcontainers. Could this be the simple reason for your problem.
Regards Markus
Mohamed Zakaria schrieb:
Hi,
I am not able to intergrate my current AD to the otrs system. The system log shows this message:
Tue Nov 24 17:03:25 2009 error OTRS-CGI-10 First bind failed! 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
This is my config.pm the portion that is above "End of own config". Can anyone help me with this? Thanks.
#Start of LDAP
#Enable LDAP authentication for Customers / Users
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = '10.200.1.1';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=Users,dc=abc,dc=com';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrs';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'password';
#CustomerUser
#(customer user database backend and settings)
$Self->{CustomerUser} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => '10.200.1.1',
BaseDN => 'OU=Users,DC=abc,DC=com',
SSCOPE => 'sub',
UserDN =>'CN=otrs,OU=Users,DC=abc,DC=com',
UserPw => 'password',
},
# customer unique id
CustomerKey => 'sAMAccountName',
# customer #
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
#[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
#[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
#[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
#Add the following lines when only users are allowed to login if they reside in the spicified security group
#Remove these lines if you want to provide login to all users specified in the User Base DN
#example: $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=BaseOU, dc=example, dc=com';
# $Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'CN=otrs_ldap_allow_C,OU=Groups,OU=BaseOU,DC=example,DC=com';
# $Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
# $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN'
#End of LDAP
Regards,
Zak
--------------------------------------------------------------------- --- This email is confidential and intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing or copying of this email is strictly prohibited. If you have received this email in error please contact the sender. --------------------------------------------------------------------- ---
--------------------------------------------------------------------- ---
--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
###################################################################### ############### This email is confidential and intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing or copying of this email is strictly prohibited. If you have received this email in error please contact the sender. ###################################################################### ############### --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/ One Call Insurance Services Ltd - Registered Office 88-90 St Sepulchre Gate, Doncaster. DN1 1SD. Registered in England No 04693136 Telephone: 0871 2828888 Fax: 01302 321191 Authorised and regulated by the Financial Services Authority for general insurance business. You can check this by visiting the FSA website at www.fsa.gov.uk/register Our FSA firm reference number is 302961 for important information about the company please refer to www.onecalldirect.co.uk Confidentiality Notice This electronic transmission (and/or documents accompanying it) may contain confidential information belonging to the sender. The information is intended only for the use of the individual or entity named as the recipient. If you are not the intended recipient you are hereby notified that disclosure, copying, distribution or the taking of any action in reliance of the contents of this information is unauthorised and strictly prohibited. In this instant, please therefore destroy the same and notify the sender immediately. E-mail communications cannot be guaranteed to be secure or error free. Anyone who communicates with us by email is taken to accept these risks. Disclaimer added by CodeTwo Exchange Rules 2007 http://www.codetwo.com --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/ ##################################################################################### This email is confidential and intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing or copying of this email is strictly prohibited. If you have received this email in error please contact the sender. ##################################################################################### --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/ One Call Insurance Services Ltd - Registered Office 88-90 St Sepulchre Gate, Doncaster. DN1 1SD. Registered in England No 04693136 Telephone: 0871 2828888 Fax: 01302 321191 Authorised and regulated by the Financial Services Authority for general insurance business. You can check this by visiting the FSA website at www.fsa.gov.uk/register Our FSA firm reference number is 302961 for important information about the company please refer to www.onecalldirect.co.uk Confidentiality Notice This electronic transmission (and/or documents accompanying it) may contain confidential information belonging to the sender. The information is intended only for the use of the individual or entity named as the recipient. If you are not the intended recipient you are hereby notified that disclosure, copying, distribution or the taking of any action in reliance of the contents of this information is unauthorised and strictly prohibited. In this instant, please therefore destroy the same and notify the sender immediately. E-mail communications cannot be guaranteed to be secure or error free. Anyone who communicates with us by email is taken to accept these risks.
Hi Tony,
Can you suggest an improvement for the text itself? I'd be more than
happy to incorporate it in the docs.
((enjoy))
-
Michiel Beijen
R&D
OTRS AG
Norsk-Data-Str 1.
61352 Bad Homburg
Germany
T: +31 (0) 6457 42418
F: +49 (0) 9421 56818-18
I: http://www.otrs.com/
Business Location: Bad Homburg, Country Court: Bad Homburg, Commercial
register: 10751, Tax ID: 003 240
97505 Chairman of the Board: Burchard Steinbild, Managing Board: André
Mindermann (CEO), Martin Edenhofer
CU@ CeBIT 2010 in Hannover (Germany) and get to know more about OTRS
at booth no. C37, in hall 2 from March 2-6, 2010! http://bit.ly/7uyQfY
On Mon, Nov 30, 2009 at 10:38 AM, Tony Johncock
Glad to help - I had many problems with LDAP just like you until I worked out that OTRS can search from the base DN.
Not criticism in any way but perhaps the documentation could be made a little clearer on OTRS's abilities in this? I would suggest it's far more powerful and versatile than the docs give the impression of being.
-----Original Message----- From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On Behalf Of Mohamed Zakaria Sent: 30 November 2009 02:21 To: User questions and discussions about OTRS. Subject: Re: [otrs] LDAP Intregration
Dear Tony,
Thanks, That did the trick.
Regards, Zak
-----Original Message----- From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On Behalf Of Tony Johncock Sent: Wednesday, November 25, 2009 4:10 PM To: User questions and discussions about OTRS. Subject: Re: [otrs] LDAP Intregration
As a test, the way I got ours to work was to use the base DN everywhere (dc=domain, dc=local).
Once that bit works, you can then start to drill down to the relevant OU's.
-----Original Message----- From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On Behalf Of Markus Nagel Sent: 25 November 2009 06:35 To: otrs@otrs.org Subject: Re: [otrs] LDAP Intregration
Dear Zak, you need to replace it everywhere it occurs, i.e.:
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'cn=Users,dc=abc,dc=com';
Hth
Markus Nagel
Mohamed Zakaria schrieb:
Dear Mr Markus,
Thank you for your suggestion. I tried to change it to "cn=otrs,cn=Users,dc=abc,dc=com". But still have the same error.
Regards, Zak
-----Original Message----- From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On Behalf Of Markus Nagel Sent: Wednesday, November 25, 2009 12:42 AM To: otrs@otrs.org Subject: Re: [otrs] LDAP Intregration
Hi Mohamed, a.f.a.i.k. the path to the default container "Users" is not "ou=Users,dc=some,dc=domain", but "cn=Users,dc=some,dc=domain". You can check this by searching for a user with the following command: dsquery user -name someusername where "someusername" is a user in the container Users or one of its subcontainers. Could this be the simple reason for your problem.
Regards Markus
Mohamed Zakaria schrieb:
Hi,
I am not able to intergrate my current AD to the otrs system. The system log shows this message:
Tue Nov 24 17:03:25 2009 error OTRS-CGI-10 First bind failed! 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
This is my config.pm the portion that is above "End of own config". Can anyone help me with this? Thanks.
#Start of LDAP
#Enable LDAP authentication for Customers / Users
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = '10.200.1.1';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=Users,dc=abc,dc=com';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrs';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'password';
#CustomerUser
#(customer user database backend and settings)
$Self->{CustomerUser} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => '10.200.1.1',
BaseDN => 'OU=Users,DC=abc,DC=com',
SSCOPE => 'sub',
UserDN =>'CN=otrs,OU=Users,DC=abc,DC=com',
UserPw => 'password',
},
# customer unique id
CustomerKey => 'sAMAccountName',
# customer #
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
#[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
#[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
#[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
#Add the following lines when only users are allowed to login if they reside in the spicified security group
#Remove these lines if you want to provide login to all users specified in the User Base DN
#example: $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=BaseOU, dc=example, dc=com';
# $Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'CN=otrs_ldap_allow_C,OU=Groups,OU=BaseOU,DC=example,DC=com';
# $Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
# $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN'
#End of LDAP
Regards,
Zak
--------------------------------------------------------------------- --- This email is confidential and intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing or copying of this email is strictly prohibited. If you have received this email in error please contact the sender. --------------------------------------------------------------------- ---
--------------------------------------------------------------------- ---
--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
###################################################################### ############### This email is confidential and intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing or copying of this email is strictly prohibited. If you have received this email in error please contact the sender. ###################################################################### ############### --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
One Call Insurance Services Ltd - Registered Office 88-90 St Sepulchre Gate, Doncaster. DN1 1SD. Registered in England No 04693136 Telephone: 0871 2828888 Fax: 01302 321191 Authorised and regulated by the Financial Services Authority for general insurance business. You can check this by visiting the FSA website at www.fsa.gov.uk/register Our FSA firm reference number is 302961 for important information about the company please refer to www.onecalldirect.co.uk
Confidentiality Notice This electronic transmission (and/or documents accompanying it) may contain confidential information belonging to the sender. The information is intended only for the use of the individual or entity named as the recipient. If you are not the intended recipient you are hereby notified that disclosure, copying, distribution or the taking of any action in reliance of the contents of this information is unauthorised and strictly prohibited. In this instant, please therefore destroy the same and notify the sender immediately. E-mail communications cannot be guaranteed to be secure or error free.
Anyone who communicates with us by email is taken to accept these risks.
Disclaimer added by CodeTwo Exchange Rules 2007 http://www.codetwo.com --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/ ##################################################################################### This email is confidential and intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing or copying of this email is strictly prohibited. If you have received this email in error please contact the sender. ##################################################################################### --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
One Call Insurance Services Ltd - Registered Office 88-90 St Sepulchre Gate, Doncaster. DN1 1SD. Registered in England No 04693136 Telephone: 0871 2828888 Fax: 01302 321191 Authorised and regulated by the Financial Services Authority for general insurance business. You can check this by visiting the FSA website at www.fsa.gov.uk/register Our FSA firm reference number is 302961 for important information about the company please refer to www.onecalldirect.co.uk
Confidentiality Notice This electronic transmission (and/or documents accompanying it) may contain confidential information belonging to the sender. The information is intended only for the use of the individual or entity named as the recipient. If you are not the intended recipient you are hereby notified that disclosure, copying, distribution or the taking of any action in reliance of the contents of this information is unauthorised and strictly prohibited. In this instant, please therefore destroy the same and notify the sender immediately. E-mail communications cannot be guaranteed to be secure or error free.
Anyone who communicates with us by email is taken to accept these risks. --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
Hi Michael - apologies for missing this.
I would just recommend something that says you can use the base DN and search from there, e.g. dc=domain, dc=com rather than needing to go down to an individual container or group.
For us in particular, we're currently using OTRS in-house and all of our users are dotted around different containers, with our IT team in a specific one so it was much easier to use the base for testing and then move the admins to use their own container.
My main point though is it would have been nice to know that I could just use the base from the start of my testing :)
Thanks for the help and great product.
-----Original Message-----
From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On Behalf Of Michiel Beijen
Sent: 30 November 2009 15:38
To: User questions and discussions about OTRS.
Subject: Re: [otrs] LDAP Intregration
Hi Tony,
Can you suggest an improvement for the text itself? I'd be more than happy to incorporate it in the docs.
((enjoy))
-
Michiel Beijen
R&D
OTRS AG
Norsk-Data-Str 1.
61352 Bad Homburg
Germany
T: +31 (0) 6457 42418
F: +49 (0) 9421 56818-18
I: http://www.otrs.com/
Business Location: Bad Homburg, Country Court: Bad Homburg, Commercial
register: 10751, Tax ID: 003 240
97505 Chairman of the Board: Burchard Steinbild, Managing Board: André Mindermann (CEO), Martin Edenhofer
CU@ CeBIT 2010 in Hannover (Germany) and get to know more about OTRS at booth no. C37, in hall 2 from March 2-6, 2010! http://bit.ly/7uyQfY
On Mon, Nov 30, 2009 at 10:38 AM, Tony Johncock
Glad to help - I had many problems with LDAP just like you until I worked out that OTRS can search from the base DN.
Not criticism in any way but perhaps the documentation could be made a little clearer on OTRS's abilities in this? I would suggest it's far more powerful and versatile than the docs give the impression of being.
-----Original Message----- From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On Behalf Of Mohamed Zakaria Sent: 30 November 2009 02:21 To: User questions and discussions about OTRS. Subject: Re: [otrs] LDAP Intregration
Dear Tony,
Thanks, That did the trick.
Regards, Zak
-----Original Message----- From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On Behalf Of Tony Johncock Sent: Wednesday, November 25, 2009 4:10 PM To: User questions and discussions about OTRS. Subject: Re: [otrs] LDAP Intregration
As a test, the way I got ours to work was to use the base DN everywhere (dc=domain, dc=local).
Once that bit works, you can then start to drill down to the relevant OU's.
-----Original Message----- From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On Behalf Of Markus Nagel Sent: 25 November 2009 06:35 To: otrs@otrs.org Subject: Re: [otrs] LDAP Intregration
Dear Zak, you need to replace it everywhere it occurs, i.e.:
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'cn=Users,dc=abc,dc=com';
Hth
Markus Nagel
Mohamed Zakaria schrieb:
Dear Mr Markus,
Thank you for your suggestion. I tried to change it to "cn=otrs,cn=Users,dc=abc,dc=com". But still have the same error.
Regards, Zak
-----Original Message----- From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On Behalf Of Markus Nagel Sent: Wednesday, November 25, 2009 12:42 AM To: otrs@otrs.org Subject: Re: [otrs] LDAP Intregration
Hi Mohamed, a.f.a.i.k. the path to the default container "Users" is not "ou=Users,dc=some,dc=domain", but "cn=Users,dc=some,dc=domain". You can check this by searching for a user with the following command: dsquery user -name someusername where "someusername" is a user in the container Users or one of its subcontainers. Could this be the simple reason for your problem.
Regards Markus
Mohamed Zakaria schrieb:
Hi,
I am not able to intergrate my current AD to the otrs system. The system log shows this message:
Tue Nov 24 17:03:25 2009 error OTRS-CGI-10 First bind failed! 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
This is my config.pm the portion that is above "End of own config". Can anyone help me with this? Thanks.
#Start of LDAP
#Enable LDAP authentication for Customers / Users
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = '10.200.1.1';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=Users,dc=abc,dc=com';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrs';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'password';
#CustomerUser
#(customer user database backend and settings)
$Self->{CustomerUser} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => '10.200.1.1',
BaseDN => 'OU=Users,DC=abc,DC=com',
SSCOPE => 'sub',
UserDN =>'CN=otrs,OU=Users,DC=abc,DC=com',
UserPw => 'password',
},
# customer unique id
CustomerKey => 'sAMAccountName',
# customer #
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
#[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
#[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
#[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
#Add the following lines when only users are allowed to login if they reside in the spicified security group
#Remove these lines if you want to provide login to all users specified in the User Base DN
#example: $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=BaseOU, dc=example, dc=com';
# $Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'CN=otrs_ldap_allow_C,OU=Groups,OU=BaseOU,DC=example,DC=com';
# $Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
# $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN'
#End of LDAP
Regards,
Zak
-------------------------------------------------------------------- - --- This email is confidential and intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing or copying of this email is strictly prohibited. If you have received this email in error please contact the sender. -------------------------------------------------------------------- - ---
-------------------------------------------------------------------- - ---
-------------------------------------------------------------------- - OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
##################################################################### # ############### This email is confidential and intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing or copying of this email is strictly prohibited. If you have received this email in error please contact the sender. ##################################################################### # ############### --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
One Call Insurance Services Ltd - Registered Office 88-90 St Sepulchre Gate, Doncaster. DN1 1SD. Registered in England No 04693136 Telephone: 0871 2828888 Fax: 01302 321191 Authorised and regulated by the Financial Services Authority for general insurance business. You can check this by visiting the FSA website at www.fsa.gov.uk/register Our FSA firm reference number is 302961 for important information about the company please refer to www.onecalldirect.co.uk
Confidentiality Notice This electronic transmission (and/or documents accompanying it) may contain confidential information belonging to the sender. The information is intended only for the use of the individual or entity named as the recipient. If you are not the intended recipient you are hereby notified that disclosure, copying, distribution or the taking of any action in reliance of the contents of this information is unauthorised and strictly prohibited. In this instant, please therefore destroy the same and notify the sender immediately. E-mail communications cannot be guaranteed to be secure or error free.
Anyone who communicates with us by email is taken to accept these risks.
Disclaimer added by CodeTwo Exchange Rules 2007 http://www.codetwo.com --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/ ###################################################################### ############### This email is confidential and intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing or copying of this email is strictly prohibited. If you have received this email in error please contact the sender. ###################################################################### ############### --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
One Call Insurance Services Ltd - Registered Office 88-90 St Sepulchre Gate, Doncaster. DN1 1SD. Registered in England No 04693136 Telephone: 0871 2828888 Fax: 01302 321191 Authorised and regulated by the Financial Services Authority for general insurance business. You can check this by visiting the FSA website at www.fsa.gov.uk/register Our FSA firm reference number is 302961 for important information about the company please refer to www.onecalldirect.co.uk
Confidentiality Notice This electronic transmission (and/or documents accompanying it) may contain confidential information belonging to the sender. The information is intended only for the use of the individual or entity named as the recipient. If you are not the intended recipient you are hereby notified that disclosure, copying, distribution or the taking of any action in reliance of the contents of this information is unauthorised and strictly prohibited. In this instant, please therefore destroy the same and notify the sender immediately. E-mail communications cannot be guaranteed to be secure or error free.
Anyone who communicates with us by email is taken to accept these risks. --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/ One Call Insurance Services Ltd - Registered Office 88-90 St Sepulchre Gate, Doncaster. DN1 1SD. Registered in England No 04693136 Telephone: 0871 2828888 Fax: 01302 321191 Authorised and regulated by the Financial Services Authority for general insurance business. You can check this by visiting the FSA website at www.fsa.gov.uk/register Our FSA firm reference number is 302961 for important information about the company please refer to www.onecalldirect.co.uk Confidentiality Notice This electronic transmission (and/or documents accompanying it) may contain confidential information belonging to the sender. The information is intended only for the use of the individual or entity named as the recipient. If you are not the intended recipient you are hereby notified that disclosure, copying, distribution or the taking of any action in reliance of the contents of this information is unauthorised and strictly prohibited. In this instant, please therefore destroy the same and notify the sender immediately. E-mail communications cannot be guaranteed to be secure or error free. Anyone who communicates with us by email is taken to accept these risks.
participants (5)
-
David Holder -
Markus Nagel -
Michiel Beijen -
Mohamed Zakaria -
Tony Johncock