Ok, so I need to change it to uid instead of sAMAccountName, still no luck. :( I have anonymous access to the OpenLDAP server, so I shouldn't need admin rights. I am seeing o=test.com, and ou=People... I am not finding anything on the LDAP server that's dc=. So, when it works I should be able to go to the index.pl file and automatically be logged in with my user account? All I get is the login prompt. -----Original Message----- From: Rico Barth [mailto:rico.barth@cape-it.de] Sent: Wednesday, January 23, 2008 3:46 PM To: Nielson, Adam Cc: otrs@otrs.org Subject: Re: [otrs] OpenLDAP -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Niels. On Wed, 23 Jan 2008, Nielson, Adam wrote:

I am banging my head against the wall with LDAP authentication. I have tried everything! I now have access to a server, "ldap.test.com" and know the ou=People, and can use tools like Softerra LDAP Browser to confirm all this (via anonymous access).

What am I doing wrong? All the documentation reflects an AD environment, is this my problem?

Should the line: $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName'; <--- and related lines be something different for OpenLDAP? I have tried leaving the login info blank, commented out, left in, etc.

I have tried the line: $Self->{'AuthModule::LDAP::Host'} = 'ldap.test.com'; <--- with and without port number.

I have tried the line: $Self->{'AuthModule::LDAP::BaseDN'} = 'o=test.com'; <--- Ive also tried it with the ou=People added in, I don't see anything for a dc=, but ive tried all kinds of variants.

You've posted a scene where AD is the authentication backend. For OpenLDAP the next lines will show you the differences: # LDAP auth $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self->{'AuthModule::LDAP::Host'} = 'your.ldapserver.company.com'; $Self->{'AuthModule::LDAP::BaseDN'} = 'ou=users,dc=intra,dc=company,dc=com'; $Self->{'AuthModule::LDAP::UID'} = 'uid'; If there is a need to bind an administrative account to read some attributes from your ldap you need to set config items like this: $Self->{'AuthModule::LDAP::SearchUserDN'} = 'cn=admin,dc=company,dc=com'; $Self->{'AuthModule::LDAP::SearchUserPw'} = 'admins secret'; To get some information about your ldap structure you should use 'ldapsearch'. Regards and HTH, Rico - -- Dipl.-Math. Rico Barth, Geschäftsführer/Projektleiter c.a.p.e. IT GmbH Annaberger Straße 240 , 09125 Chemnitz phone/fax: +49 371 5347-621 / -625 mobile: +49 176 66680786 mailto: rico.barth@cape-it.de , PGP-Key: 0x874C8377 internet: www.cape-it.de Geschäftsführung Rico Barth, Thomas Maier AG Chemnitz, HRB 23192 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFHl8Osmy4UBYdMg3cRAgiPAJ9MtyKEtSY4NGxJFCiavPDYaPzG0QCfarrm gavFCa2nmvdWuUw887vnTCc= =RaTQ -----END PGP SIGNATURE-----

Or if you can, on the LDAP server do a slapcat | less The first paragraph returned should contain the dn of the root. i.e. dn: dc=yourcompany,dc=com Patrick Rico Barth wrote:

Hi Nielson!

On Wed, 23 Jan 2008, Nielson, Adam wrote:

...

Ok, so I need to change it to uid instead of sAMAccountName, still no luck. :(

...

I have anonymous access to the OpenLDAP server, so I shouldn't need admin rights.

...

I am seeing o=test.com, and ou=People... I am not finding anything on the LDAP server that's dc=.

Try 'ldapsearch -x uid='

and you will get some responses like this:

dn: uid=,ou=users,dc=intra,dc=company,dc=com

The string dc=intra,dc=company,dc=com should be your BaseDN.

...

So, when it works I should be able to go to the index.pl file and automatically be logged in with my user account? All I get is the login prompt.

If you want to get some single sign on you must be enable SSO on your webserver. There's a chapter within the OTRS docs. In default configuration of OTRS you must fill in the login form and then you will be authenticated against your ldap service.

Regards and HTH,

Rico

-- Dipl.-Math. Rico Barth, Geschýftsfýhrer/Projektleiter c.a.p.e. IT GmbH Annaberger Straýe 240 , 09125 Chemnitz phone/fax: +49 371 5347-621 / -625 mobile: +49 176 66680786 mailto: rico.barth@cape-it.de , PGP-Key: 0x874C8377 internet: www.cape-it.de

Geschýftsfýhrung Rico Barth, Thomas Maier AG Chemnitz, HRB 23192

------------------------- _______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support or consulting for your OTRS system? => http://www.otrs.com/ -- *Airspeed Support NOC **/1890 799 899 / support@airspeed.ie mailto:support@airspeed.ie*

Hi hamood,

Check out my config.pm file . may be it can help you

Try this out. If you are using LDAP then you need UID instead of saMAccountname. You also need full DN descriptions in your Search user settings. I am happy when you give me feedback! -- Shawn Beasley ((otrs)) :: OTRS AG :: Norsk-Data-Straße 1 :: 61352 Bad Homburg Fon: +49 (0) 9421 56818 0 :: Fax: +49 (0) 9421 56818 18 http://www.otrs.com/ :: Communication with success! Geschäftssitz: Bad Homburg Amtsgericht Bad Homburg, HRB 10751 Steuernummer: 003/240/97521 Aufsichtsratsvorsitzender: Burchard Steinbild Vorstandsvorsitzender: André Mindermann # -- # Kernel/Config.pm - Config file for OTRS kernel # Copyright (C) 2001-2006 OTRS GmbH, http://otrs.org/ # -- # $Id: Config.pm.dist,v 1.18 2006/09/07 16:15:41 mh Exp $ # -- # This software comes with ABSOLUTELY NO WARRANTY. For details, see # the enclosed file COPYING for license information (GPL). If you # did not receive this file, see http://www.gnu.org/licenses/gpl.txt. # -- # Note: # # -->> OTRS does have a lot of config settings. For more settings # (Notifications, Ticket::ViewAccelerator, Ticket::NumberGenerator, # LDAP, PostMaster, Session, Preferences, ...) see # Kernel/Config/Defaults.pm and copy your wanted lines into "this" # config file. This file will not be changed on update! # # -- package Kernel::Config; sub Load { my $Self = shift; # ---------------------------------------------------- # # ---------------------------------------------------- # # # # Start of your own config options!!! # # # # ---------------------------------------------------- # # ---------------------------------------------------- # # ---------------------------------------------------- # # database settings # # ---------------------------------------------------- # # DatabaseHost # (The database host.) $Self->{'DatabaseHost'} = 'localhost'; # Database # (The database name.) $Self->{'Database'} = 'otrs'; # DatabaseUser # (The database user.) $Self->{'DatabaseUser'} = 'otrs'; # DatabasePw # (The password of database user. You also can use bin/CryptPassword.pl # for crypted passwords.) $Self->{'DatabasePw'} = 'hot'; # DatabaseDSN # (The database DSN for MySQL ==> more: "man DBD::mysql") $Self->{DatabaseDSN} = "DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost};"; # (The database DSN for PostgreSQL ==> more: "man DBD::Pg") # if you want to use a local socket connection # $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};"; # if you want to use a tcpip connection # $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};host=$Self->{DatabaseHost};"; # ---------------------------------------------------- # # fs root directory # ---------------------------------------------------- # $Self->{Home} = 'd:/OTRS/otrs'; # ---------------------------------------------------- # # insert your own config settings "here" # # config settings taken from Kernel/Config/Defaults.pm # # ---------------------------------------------------- # # $Self->{SessionUseCookie} = 0; # $Self->{'CheckMXRecord'} = 1; # ---------------------------------------------------- # # ---------------------------------------------------- # # data inserted by installer # # ---------------------------------------------------- # $Self->{'LogModule'} = 'Kernel::System::Log::File'; $Self->{'LogModule::LogFile'} = 'd:/OTRS/otrs/var/log/otrs.log'; # $DIBI$ $Self->{'SystemID'} = 10; $Self->{'SecureMode'} = 1; $Self->{'Organization'} = ''; $Self->{'FQDN'} = 'abc.in.lo'; $Self->{'DefaultLanguage'} = 'en'; $Self->{'AdminEmail'} = 'hiqbal@ppp.com'; $Self->{'DefaultCharset'} = 'utf-8'; #Enable LDAP authentication for Customers / Users $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self->{'AuthModule::LDAP::Host'} = 'hij.in.lo'; $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=in,dc=lo'; $Self->{'AuthModule::LDAP::UID'} = 'uid'; #The following is valid but would only be necessary if the #anonymous user do NOT have permission to read from the LDAP tree $Self->{'AuthModule::LDAP::SearchUserDN'} = 'cn=otrs_ldap,ou=users,dc=in,dc=lo'; $Self->{'AuthModule::LDAP::SearchUserPw'} = 'dadsads'; # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP) $Self->{'AuthModule::LDAP::Params'} = { port => 389, timeout => 120, async => 0, version => 3, }; # UserSyncLDAPMap # (map if agent should create/synced from LDAP to DB after login) $Self->{UserSyncLDAPMap} = { # DB -> LDAP Firstname => 'givenName', Lastname => 'sn', Email => 'mail', }; # UserSyncLDAPGroups # (If "LDAP" was selected="selected" for AuthModule, you can specify # initial user groups for first login.) $Self->{UserSyncLDAPGroups} = [ 'users', ]; # UserTable $Self->{DatabaseUserTable} = 'system_user'; $Self->{DatabaseUserTableUserID} = 'id'; $Self->{DatabaseUserTableUserPW} = 'pw'; $Self->{DatabaseUserTableUser} = 'login'; #Add the following lines when only users are allowed to login if they reside in the spicified security group #Remove these lines if you want to provide login to all users specified in the User Base DN # $Self->{'AuthModule::LDAP::GroupDN'} =''CN=otrs_ldap_allow_A,OU=Groups,OU=it,DC=in,DC=LO'; # $Self->{'AuthModule::LDAP::AccessAttr'} = 'member'; # $Self->{'AuthModule::LDAP::UserAttr'} = 'DN'; #Enable LDAP authentication for Customers / Users $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self->{'Customer::AuthModule::LDAP::Host'} = 'hij.in.lo'; $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=in,dc=lo'; $Self->{'Customer::AuthModule::LDAP::UID'} = 'uid'; #The following is valid but would only be necessary if the #anonymous user do NOT have permission to read from the LDAP tree $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=otrs_ldap,ou=users,dc=in,dc=lo'; $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'dsdssad'; #CustomerUser #(customer user database backend and settings) $Self->{CustomerUser} = { Module => 'Kernel::System::CustomerUser::LDAP', Params => { Host => 'hij.in.lo', BaseDN => 'DC=in,DC=lo', SSCOPE => 'sub', UserDN =>'cn=otrs_ldap,ou=users,dc=in,dc=lo', UserPw => 'dsdsaa', }, # customer unique id CustomerKey => 'uid', # customer # CustomerID => 'mail', CustomerUserListFields => ['uid', 'cn', 'mail'], CustomerUserSearchFields => ['uid', 'cn', 'mail'], CustomerUserSearchPrefix => '', CustomerUserSearchSuffix => '*', CustomerUserSearchListLimit => 250, CustomerUserPostMasterSearchFields => ['mail'], CustomerUserNameFields => ['givenname', 'sn'], Map => [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown, required, storage-type #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ], [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ], [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ], [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ], [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ], #[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ], #[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ], ], }; #Add the following lines when only users are allowed to login if they reside in the spicified security group #Remove these lines if you want to provide login to all users specified in the User Base DN #example: $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=in, dc=lo'; # $Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'CN=otrs_ldap_allow_C,OU=Groups,DC=in,DC=lo'; # $Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member'; # $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN' # SendmailModule $Self->{'SendmailModule'} = 'Kernel::System::Email::SMTP'; $Self->{'SendmailModule::Host'} = 'wewq.in.lo'; $Self->{'SendmailModule::Port'} = '25'; $Self->{'SendmailModule::AuthUser'} = 'admin'; $Self->{'SendmailModule::AuthPassword'} = 'dasass'; # ---------------------------------------------------- # # ---------------------------------------------------- # # # # End of your own config options!!! # # # # ---------------------------------------------------- # # ---------------------------------------------------- # } # ---------------------------------------------------- # # needed system stuff (don't edit this) # # ---------------------------------------------------- # use strict; use vars qw(@ISA $VERSION); use Kernel::Config::Defaults; push (@ISA, 'Kernel::Config::Defaults'); $VERSION = '$Revision: 1.18 $'; $VERSION =~ s/^\$.*:\W(.*)\W.+?$/$1/; # -----------------------------------------------------# 1;