Re: [otrs-de] AD-Anbindung

Sun, 25 Jul 2010 23:55:43 -0700 

Hallo Nicola,

vielen Dank für die Information.
Ich habe den Code von Dir übernommen und nur die entsprechenden Login- und 
Hostdaten abgeändert.

Leider bekomme ich immer noch nicht ins OTRS rein - weder in das 
Customerinterface noch in das Agenteninterface.
Als Fehlermeldung erhalte ich: Anmeldung fehlgeschlagen! Benutzername oder 
Passwort falsch.

Das syslog meldet:
Jul 26 10:52:57 TICKETDEV1 OTRS-CGI-10[26229]: 
[Notice][Kernel::System::CustomerAuth::LDAP::Auth] CustomerUser: 
otrsl...@domaincontroller.local authentification failed, no LDAP entry 
found!BaseDN='dc=domaincontroller,dc=local', 
Filter='(&(samaccountname=otrsl...@domaincontroller.local)(&(mail=*)(objectClass=Person)(!(objectClass=Computer))(!(objectClass=publicFolder))))'.
        
Hat jemand eine Idee?


  
   Mit freundlichen Grüßen
   Timo Salmen
  
   




-----Ursprüngliche Nachricht-----
Von: otrs-de-boun...@otrs.org [mailto:otrs-de-boun...@otrs.org] Im Auftrag von 
Nicola Tiling
Gesendet: Freitag, 23. Juli 2010 18:15
An: User questions and discussions about OTRS.org in German
Betreff: Re: [otrs-de] AD-Anbindung


BaseDN scheint mir nicht richtig zu sein. nicht "domain.local" sondern 
'dc=domain,dc=local'


Hier eine funktionierende Konfiguration:

        # ---------------------------------------------------- #
        # Customer Authentifizirung via LDAP                   #
        # ---------------------------------------------------- #
        $Self->{'Customer::AuthModule1'} = 'Kernel::System::CustomerAuth::LDAP';
        $Self->{'Customer::AuthModule::LDAP::Host'} = '192.168.0.1';
        $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=domain,dc=local';
        $Self->{'Customer::AuthModule::LDAP::GroupDN'} = 
'cn=OTRSUser,cn=users,dc=domain,dc=local';
        $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 
'o...@domain.local';
        $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = '123456';
        $Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = 
'(&(mail=*)(objectClass=Person)(!(objectClass=Computer))(!(objectClass=publicFolder)))';
        $Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
        $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
        $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN';
        $Self->{'Customer::AuthModule::LDAP::Params'} = {
                SourceCharset => 'utf-8',
                DestCharset => 'utf-8',
        };

        # ---------------------------------------------------- #
        # customer Auth                                        #
        # ---------------------------------------------------- #
        # CustomerUser
        # (customer user ldap backend and settings)
        $Self->{CustomerUser1} = {
        Module => 'Kernel::System::CustomerUser::LDAP',
        Name => 'Active Directory',
        Params => {
                # ldap host
                Host => '192.168.0.1',
                # ldap base dn
                BaseDN => 'dc=domain,dc=local',
                # search scope (one|sub)
                SSCOPE => 'sub',
                UserDN => 'o...@domain.local',
                UserPw => '123456',
                AlwaysFilter => 
'(&(mail=*)(objectClass=Person)(!(objectClass=Computer))(!(objectClass=publicFolder)))',
                SourceCharset => 'utf-8',
                DestCharset => 'utf-8',
                },
        # customer uniq id
        CustomerKey => 'sAMAccountName',
        # customer #
        CustomerID => 'mail',
        CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
        CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
        CustomerUserSearchPrefix => '',
        CustomerUserSearchSuffix => '*',
        CustomerUserExcludePrimaryCustomerID => 0,
        CustomerUserSearchListLimit => 2500,
        CustomerUserPostMasterSearchFields => ['mail'],
        CustomerUserNameFields => ['givenname', 'sn'],
        ReadOnly => 1,
        Map => [
        # note: Login, Email and CustomerID needed!
        # var, frontend, storage, shown, required, storage-type
                #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
                [ 'UserFirstname',   'Firstname',   'givenname', 1, 1, 'var', 
'', 0 ],
                [ 'UserLastname',    'Lastname',    'sn',        1, 1, 'var', 
'', 0 ],
                [ 'UserLogin',       'Login',       'sAMAccountName',      1, 
1, 'var', '', 0 ],
                [ 'UserEmail',       'Email',       'mail',      1, 1, 'var', 
'', 0 ],
                #[ 'UserEmail',       'Email',       'extensionAttribute1',     
 0, 1, 'var', '', 0 ],
                [ 'UserCustomerID',  'CustomerID',  'company',      0, 1, 
'var', '', 0 ],
                #[ 'UserCustomerIDs', 'CustomerIDs', 'company',   1, 0, 'var', 
'', 0 ],
                #[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var', '', 0 
],
                #[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var', '', 
0 ],
                #[ 'UserComment', 'Comment', 'description', 1, 0, 'var', '', 0 
],
                ],
        };



Am 23.07.2010 um 16:26 schrieb Salmen, Timo:

> Hallo Liste,
> 
> ich habe hier ein OTRS 2.2.7, welches ich partout nicht an einen Windows 
> Server 2008 AD angunden bekommen.
> 
> Meine Config:
> $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
> $Self->{'Customer::AuthModule::LDAP::Host'} = '10.0.0.15';
> $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'domaene.local';
> $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
> $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 
> 'otrsl...@domaene.local';
> $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = '123456';
> 
> #--------------------------------------#
> # LDAP Konfiguration / Kundendaten #
> #--------------------------------------#
> $Self->{CustomerUser1} = {
> Name => 'LDAP Datenquelle',
> Module => 'Kernel::System::CustomerUser::LDAP',
> Params => {
> Host => '10.0.0.15',
> BaseDN => 'domaene.local',
> SSCOPE => 'sub',
> UserDN => u...@domaene.local',
> UserPw => '123456',
> },
> CustomerKey => 'sAMAccountName',
> CustomerID => 'mail',
> CustomerUserListFields => ['sAMAccountName', 'CN', 'mail'],
> CustomerUserSearchFields => ['sAMAccountName', 'CN', 'mail'],
> CustomerUserPostMasterSearchFields => ['mail'],
> CustomerUserNameFields => ['givenname', 'SN'],
> Map => [
> # note: Login, Email and CustomerID needed!
> # var, frontend, storage, shown, required, storage-type
> [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
> [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
> [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
> [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
> [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
> [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
> [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
> # [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
> # [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
> ],
> };
> 
> 
> 
> Der Syslog sagt:
> Jul 23 18:00:02 COOCGNOTRS001 /USR/SBIN/CRON[9877]: (otrs) CMD (test -x 
> $HOME/bin/GenericAgent.pl && $HOME/bin/GenericAgent.pl -c db > /dev/null)
> Jul 23 18:00:02 COOCGNOTRS001 OTRS-GenericAgent-10[9880]: 
> [Error][Kernel::System::CustomerUser::LDAP::new][Line:136]: First bind 
> failed! 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext 
> error, data 52e, v1db0#000
> Jul 23 18:00:02 COOCGNOTRS001 OTRS-GenericAgent-10[9879]: 
> [Error][Kernel::System::CustomerUser::LDAP::new][Line:136]: First bind 
> failed! 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext 
> error, data 52e, v1db0#000
> Jul 23 18:01:27 COOCGNOTRS001 OTRS-CGI-10[2501]: 
> [Error][Kernel::System::CustomerAuth::LDAP::Auth][Line:168]: First bind 
> failed! 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext 
> error, data 52e, v1db0#000
> Jul 23 18:01:38 COOCGNOTRS001 OTRS-CGI-10[2501]: 
> [Error][Kernel::System::CustomerAuth::LDAP::Auth][Line:168]: First bind 
> failed! 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext 
> error, data 52e, v1db0#000
> Jul 23 18:01:52 COOCGNOTRS001 OTRS-CGI-10[2501]: 
> [Notice][Kernel::System::Auth::DB::Auth] User: 
> otrsl...@compass.local<mailto:otrsl...@compass.local> doesn't exist or is 
> invalid!!! (REMOTE_ADDR: 192.168.102.102)
> Jul 23 18:02:57 COOCGNOTRS001 OTRS-CGI-10[2499]: 
> [Notice][Kernel::System::Auth::DB::Auth] User: otrsldap doesn't exist or is 
> invalid!!! (REMOTE_ADDR: 192.168.102.102)
> Jul 23 18:03:03 COOCGNOTRS001 OTRS-CGI-10[2499]: 
> [Error][Kernel::System::CustomerAuth::LDAP::Auth][Line:168]: First bind 
> failed! 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext 
> error, data 52e, v1db0#000
> 
> 
> Hat jemand hier in der Liste eine Idee, wie ich das lösen kann?
> 
> 
> 
>   Mit freundlichen Grüßen
>   Timo Salmen
> 
> 
> 
> 
> ---------------------------------------------------------------------
> OTRS mailing list: otrs-de - Webpage: http://otrs.org/
> Archive: http://lists.otrs.org/pipermail/otrs-de
> To unsubscribe: http://lists.otrs.org/mailman/listinfo/otrs-de
> 
> NEU! ENTERPRISE SUBSCRIPTION - JETZT informieren und buchen!
> http://www.otrs.com/de/support/enterprise-subscription/

---------------------------------------------------------------------
OTRS mailing list: otrs-de - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs-de
To unsubscribe: http://lists.otrs.org/mailman/listinfo/otrs-de

NEU! ENTERPRISE SUBSCRIPTION - JETZT informieren und buchen!
http://www.otrs.com/de/support/enterprise-subscription/

Antwort per Email an