Sorry Nachtrag:
Angenommen wird:
Struktur heißt "IBM.COM" und die User liegen im Folder "users" und der
technische User mit dem auf das LDAP zugegriffen wird heißt "otrs" und die
Gruppe die OTRS nutzen darf heißt " OTRSUser"
Werte auf Deine Struktur anpassen und schon sollte es gehen
Dann gilt das wohl:
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=ibm,dc=com';
$Self->{'Customer::AuthModule::LDAP::GroupDN'} =
'cn=OTRSUser,cn=users,dc=ibm,dc=com';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'o...@ibm.com;
Liebe Grüße / Kind regards
Franz J. Steppe
-----Ursprüngliche Nachricht-----
Von: otrs-de-boun...@otrs.org [mailto:otrs-de-boun...@otrs.org] Im Auftrag von
Salmen, Timo
Gesendet: Montag, 26. Juli 2010 08:55
An: User questions and discussions about OTRS.org in German
Betreff: Re: [otrs-de] AD-Anbindung
Hallo Nicola,
vielen Dank für die Information.
Ich habe den Code von Dir übernommen und nur die entsprechenden Login- und
Hostdaten abgeändert.
Leider bekomme ich immer noch nicht ins OTRS rein - weder in das
Customerinterface noch in das Agenteninterface.
Als Fehlermeldung erhalte ich: Anmeldung fehlgeschlagen! Benutzername oder
Passwort falsch.
Das syslog meldet:
Jul 26 10:52:57 TICKETDEV1 OTRS-CGI-10[26229]:
[Notice][Kernel::System::CustomerAuth::LDAP::Auth] CustomerUser:
otrsl...@domaincontroller.local authentification failed, no LDAP entry
found!BaseDN='dc=domaincontroller,dc=local',
Filter='(&(samaccountname=otrsl...@domaincontroller.local)(&(mail=*)(objectClass=Person)(!(objectClass=Computer))(!(objectClass=publicFolder))))'.
Hat jemand eine Idee?
Mit freundlichen Grüßen
Timo Salmen
-----Ursprüngliche Nachricht-----
Von: otrs-de-boun...@otrs.org [mailto:otrs-de-boun...@otrs.org] Im Auftrag von
Nicola Tiling
Gesendet: Freitag, 23. Juli 2010 18:15
An: User questions and discussions about OTRS.org in German
Betreff: Re: [otrs-de] AD-Anbindung
BaseDN scheint mir nicht richtig zu sein. nicht "domain.local" sondern
'dc=domain,dc=local'
Hier eine funktionierende Konfiguration:
# ---------------------------------------------------- #
# Customer Authentifizirung via LDAP #
# ---------------------------------------------------- #
$Self->{'Customer::AuthModule1'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = '192.168.0.1';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=domain,dc=local';
$Self->{'Customer::AuthModule::LDAP::GroupDN'} =
'cn=OTRSUser,cn=users,dc=domain,dc=local';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} =
'o...@domain.local';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = '123456';
$Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} =
'(&(mail=*)(objectClass=Person)(!(objectClass=Computer))(!(objectClass=publicFolder)))';
$Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN';
$Self->{'Customer::AuthModule::LDAP::Params'} = {
SourceCharset => 'utf-8',
DestCharset => 'utf-8',
};
# ---------------------------------------------------- #
# customer Auth #
# ---------------------------------------------------- #
# CustomerUser
# (customer user ldap backend and settings)
$Self->{CustomerUser1} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Name => 'Active Directory',
Params => {
# ldap host
Host => '192.168.0.1',
# ldap base dn
BaseDN => 'dc=domain,dc=local',
# search scope (one|sub)
SSCOPE => 'sub',
UserDN => 'o...@domain.local',
UserPw => '123456',
AlwaysFilter =>
'(&(mail=*)(objectClass=Person)(!(objectClass=Computer))(!(objectClass=publicFolder)))',
SourceCharset => 'utf-8',
DestCharset => 'utf-8',
},
# customer uniq id
CustomerKey => 'sAMAccountName',
# customer #
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserExcludePrimaryCustomerID => 0,
CustomerUserSearchListLimit => 2500,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
ReadOnly => 1,
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
#[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var',
'', 0 ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var',
'', 0 ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1,
1, 'var', '', 0 ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var',
'', 0 ],
#[ 'UserEmail', 'Email', 'extensionAttribute1',
0, 1, 'var', '', 0 ],
[ 'UserCustomerID', 'CustomerID', 'company', 0, 1,
'var', '', 0 ],
#[ 'UserCustomerIDs', 'CustomerIDs', 'company', 1, 0, 'var',
'', 0 ],
#[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var', '', 0
],
#[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var', '',
0 ],
#[ 'UserComment', 'Comment', 'description', 1, 0, 'var', '', 0
],
],
};
Am 23.07.2010 um 16:26 schrieb Salmen, Timo:
> Hallo Liste,
>
> ich habe hier ein OTRS 2.2.7, welches ich partout nicht an einen Windows
> Server 2008 AD angunden bekommen.
>
> Meine Config:
> $Self->{'Customer::AuthModule'} =
> 'Kernel::System::CustomerAuth::LDAP';
> $Self->{'Customer::AuthModule::LDAP::Host'} = '10.0.0.15';
> $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'domaene.local';
> $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
> $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} =
> 'otrsl...@domaene.local';
> $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = '123456';
>
> #--------------------------------------#
> # LDAP Konfiguration / Kundendaten #
> #--------------------------------------#
> $Self->{CustomerUser1} = {
> Name => 'LDAP Datenquelle',
> Module => 'Kernel::System::CustomerUser::LDAP',
> Params => {
> Host => '10.0.0.15',
> BaseDN => 'domaene.local',
> SSCOPE => 'sub',
> UserDN => u...@domaene.local',
> UserPw => '123456',
> },
> CustomerKey => 'sAMAccountName',
> CustomerID => 'mail',
> CustomerUserListFields => ['sAMAccountName', 'CN', 'mail'],
> CustomerUserSearchFields => ['sAMAccountName', 'CN', 'mail'],
> CustomerUserPostMasterSearchFields => ['mail'], CustomerUserNameFields
> => ['givenname', 'SN'], Map => [ # note: Login, Email and CustomerID
> needed!
> # var, frontend, storage, shown, required, storage-type [
> 'UserSalutation', 'Title', 'title', 1, 0, 'var' ], [ 'UserFirstname',
> 'Firstname', 'givenname', 1, 1, 'var' ], [ 'UserLastname', 'Lastname',
> 'sn', 1, 1, 'var' ], [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1,
> 'var' ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ], [
> 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ], [ 'UserPhone',
> 'Phone', 'telephonenumber', 1, 0, 'var' ], # [ 'UserAddress',
> 'Address', 'postaladdress', 1, 0, 'var' ], # [ 'UserComment',
> 'Comment', 'description', 1, 0, 'var' ], ], };
>
>
>
> Der Syslog sagt:
> Jul 23 18:00:02 COOCGNOTRS001 /USR/SBIN/CRON[9877]: (otrs) CMD (test
> -x $HOME/bin/GenericAgent.pl && $HOME/bin/GenericAgent.pl -c db >
> /dev/null) Jul 23 18:00:02 COOCGNOTRS001 OTRS-GenericAgent-10[9880]:
> [Error][Kernel::System::CustomerUser::LDAP::new][Line:136]: First bind
> failed! 80090308: LdapErr: DSID-0C0903A9, comment:
> AcceptSecurityContext error, data 52e, v1db0#000 Jul 23 18:00:02
> COOCGNOTRS001 OTRS-GenericAgent-10[9879]:
> [Error][Kernel::System::CustomerUser::LDAP::new][Line:136]: First bind
> failed! 80090308: LdapErr: DSID-0C0903A9, comment:
> AcceptSecurityContext error, data 52e, v1db0#000 Jul 23 18:01:27
> COOCGNOTRS001 OTRS-CGI-10[2501]:
> [Error][Kernel::System::CustomerAuth::LDAP::Auth][Line:168]: First
> bind failed! 80090308: LdapErr: DSID-0C0903A9, comment:
> AcceptSecurityContext error, data 52e, v1db0#000 Jul 23 18:01:38
> COOCGNOTRS001 OTRS-CGI-10[2501]:
> [Error][Kernel::System::CustomerAuth::LDAP::Auth][Line:168]: First
> bind failed! 80090308: LdapErr: DSID-0C0903A9, comment:
> AcceptSecurityContext error, data 52e, v1db0#000 Jul 23 18:01:52
> COOCGNOTRS001 OTRS-CGI-10[2501]:
> [Notice][Kernel::System::Auth::DB::Auth] User:
> otrsl...@compass.local<mailto:otrsl...@compass.local> doesn't exist or
> is invalid!!! (REMOTE_ADDR: 192.168.102.102) Jul 23 18:02:57
> COOCGNOTRS001 OTRS-CGI-10[2499]:
> [Notice][Kernel::System::Auth::DB::Auth] User: otrsldap doesn't exist
> or is invalid!!! (REMOTE_ADDR: 192.168.102.102) Jul 23 18:03:03
> COOCGNOTRS001 OTRS-CGI-10[2499]:
> [Error][Kernel::System::CustomerAuth::LDAP::Auth][Line:168]: First
> bind failed! 80090308: LdapErr: DSID-0C0903A9, comment:
> AcceptSecurityContext error, data 52e, v1db0#000
>
>
> Hat jemand hier in der Liste eine Idee, wie ich das lösen kann?
>
>
>
> Mit freundlichen Grüßen
> Timo Salmen
>
>
>
>
> ---------------------------------------------------------------------
> OTRS mailing list: otrs-de - Webpage: http://otrs.org/
> Archive: http://lists.otrs.org/pipermail/otrs-de
> To unsubscribe: http://lists.otrs.org/mailman/listinfo/otrs-de
>
> NEU! ENTERPRISE SUBSCRIPTION - JETZT informieren und buchen!
> http://www.otrs.com/de/support/enterprise-subscription/
---------------------------------------------------------------------
OTRS mailing list: otrs-de - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs-de
To unsubscribe: http://lists.otrs.org/mailman/listinfo/otrs-de
NEU! ENTERPRISE SUBSCRIPTION - JETZT informieren und buchen!
http://www.otrs.com/de/support/enterprise-subscription/
---------------------------------------------------------------------
OTRS mailing list: otrs-de - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs-de
To unsubscribe: http://lists.otrs.org/mailman/listinfo/otrs-de
NEU! ENTERPRISE SUBSCRIPTION - JETZT informieren und buchen!
http://www.otrs.com/de/support/enterprise-subscription/
