Re: [otrs-de] AD-Anbindung

Thu, 29 Jul 2010 05:29:16 -0700 

Hallo,

ich würde mal bei der Fehlermeldung mal folgendes versuchen:

#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
$Self->{'AuthModule::LDAP::SearchUserDN'} = 
'uid=otrsldap,ou=Users,dc=domäne,dc=local';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'Passwort123';

Kann sein, dass 'ou=Users,dc=domäne,dc=local' bei einer Windows Domäne 
abweicht.
Am besten mal ein ldapsearch über die AD laufen lassen und die richtige DN 
des otrsldap Users rausfinden.

otrs-de-boun...@otrs.org wrote on 29.07.2010 11:31:55:

> Re: [otrs-de] AD-Anbindung
> 
> Boris Wagener 
> 
> to:
> 
> User questions and discussions about OTRS.org in German 
> 
> 29.07.2010 11:32
> 
> Sent by:
> 
> otrs-de-boun...@otrs.org
> 
> [image removed] 
> 
> From:
> 
> "Boris Wagener" <boriswage...@gmx.de>
> 
> To:
> 
> "User questions and discussions about OTRS.org in German" 
<otrs-de@otrs.org>
> 
> Sent by:
> 
> otrs-de-boun...@otrs.org
> 
> Please respond to "User questions and discussions about OTRS.org in 
> German" <otrs-de@otrs.org>
> 
> Hallo
> wir sind etwas weiter gekommen. 
> OTRS merkt jetzt schonmal daß wir per LDAP uthentifizieren wollen.
> Aber es geht immernoch nichtz.
> 
> Fehlermeldung:
> Jul 29 13:25:26 COOCGNOTRS001 OTRS-CGI-10[11680]: [Error]
> [Kernel::System::Auth::LDAP::Auth][Line:215]: Search failed! 
> 0000208D: NameErr: DSID-0310020A, prob$
> Jul 29 13:25:26 COOCGNOTRS001 OTRS-CGI-10[11680]: [Error]
> [Kernel::System::User::UserLookup][Line:696]: No UserID found for 
'otrsldap'!
> 
> 
> Config.pm:
>     ##agent
> 
>     #Enable LDAP authentication for Customers / Users
>     $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
>     $Self->{'AuthModule::LDAP::Host'} = 'ServerIP';
>     $Self->{'AuthModule::LDAP::BaseDN'} = 'ou=Users,dc=domäne,dc=local';
>     $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
> 
>     #The following is valid but would only be necessary if the
>     #anonymous user do NOT have permission to read from the LDAP tree
>     $Self->{'AuthModule::LDAP::SearchUserDN'} = 'otrsldap';
>     $Self->{'AuthModule::LDAP::SearchUserPw'} = 'Passwort123';
> 
>     # UserSyncLDAPMap
>     # (map if agent should create/synced from LDAP to DB after login)
>     $Self->{UserSyncLDAPMap} = {
>     # DB -> LDAP
>     UserFirstname => 'givenName',
>     UserLastname => 'sn',
>     UserEmail => 'mail',
>     };
> 
>     # UserSyncLDAPGroups
>     # (If "LDAP" was selected="selected" for AuthModule, you can specify
>     # initial user groups for first login.)
>     $Self->{UserSyncLDAPGroups} = [
>     'users',
>     ];
> 
>     # UserTable
>     $Self->{DatabaseUserTable} = 'users';
>     $Self->{DatabaseUserTableUserID} = 'id';
>     $Self->{DatabaseUserTableUserPW} = 'pw';
>     $Self->{DatabaseUserTableUser} = 'login';
> 
>     ##ende agent
>     ##customer
>     #Enable LDAP authentication for Customers / Users
>     $Self->{'Customer::AuthModule'} = 
'Kernel::System::CustomerAuth::LDAP';
>     $Self->{'Customer::AuthModule::LDAP::Host'} = 'ServerIP';
>     $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 
> 'ou=Users,dc=domäne,dc=local';
>     $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
> 
>     #The following is valid but would only be necessary if the
>     #anonymous user do NOT have permission to read from the LDAP tree
>     $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrsldap';
>     $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'Passwort123';
> 
>  #CustomerUser
>     #(customer user database backend and settings)
>     $Self->{CustomerUser} = {
>     Module => 'Kernel::System::CustomerUser::LDAP',
>     Params => {
>     Host => 'ServerIP',
>     BaseDN => 'OU=Users,dc=domäne,DC=local',
>     SSCOPE => 'sub',
>     UserDN =>'otrsldap',
>     UserPw => 'Passwort123',
>     },
>     # customer unique id
>     CustomerKey => 'sAMAccountName',
>     # customer #
>     CustomerID => 'mail',
>     CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
>     CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
>     CustomerUserSearchPrefix => '',
>     CustomerUserSearchSuffix => '*',
>     CustomerUserSearchListLimit => 250,
>     CustomerUserPostMasterSearchFields => ['mail'],
>     CustomerUserNameFields => ['givenname', 'sn'],
>     Map => [
>     # note: Login, Email and CustomerID needed!
>     # var, frontend, storage, shown, required, storage-type
>     #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
>     [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
>     [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
>     [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
>     [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
>     [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
>     [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
>     #[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
>     #[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
>     ],
>     };
>     ##ende customer
> 
> Der otrsldap- User ist Domänen- Benutzer und auch Konten-Operator.
> Und in der Windows- Authzentifizierungszugriffsgruppe.
> 
> Hat noch jemand eine Idee?
> ---------------------------------------------------------------------
> OTRS mailing list: otrs-de - Webpage: http://otrs.org/
> Archive: http://lists.otrs.org/pipermail/otrs-de
> To unsubscribe: http://lists.otrs.org/mailman/listinfo/otrs-de
> 
> NEU! ENTERPRISE SUBSCRIPTION - JETZT informieren und buchen!
> http://www.otrs.com/de/support/enterprise-subscription/


Mit freundlichen Grüßen,
Alexander Neufeld
Systemadministration

--

tel: +49 7031-6205-454
fax: +49 7031-6205-555
alexander.neuf...@compart.net

Compart AG
Otto-Lilienthal-Straße 38
71034 Böblingen
Germany
http://www.compart.net

Vorstand/Executive Board: Harald Grumser (Vorsitzender/Chairman), Christof 
Mayer, Peter Hopf, Jörg Palmer 
Aufsichtsratsvorsitzender/Chairman of the Supervisory Board: Reinhard 
Hamburger 

Sitz der Gesellschaft/Registered Office: Böblingen 
Handelsregister/Commercial Register: Amtsgericht Stuttgart, HRB 728307

Bitte beachten Sie: Diese E-Mail ist nur für den genannten Empfänger 
bestimmt und kann vertrauliche und/oder rechtlich geschützte Informationen 
enthalten. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail 
irrtümlich erhalten haben, unterlassen Sie bitte das Lesen, Kopieren oder 
die Weitergabe der in dieser E-Mail enthaltenen Informationen an Dritte. 
Bitte verständigen Sie sofort den Absender und löschen anschließend die 
E-Mail  und hiervon gegebenenfalls existierende Kopien. Vielen Dank. 

Please note. This email and any files transmitted with it is intended only 
for the named recipient and may contain confidential and/or privileged 
information. If you are not the intended recipient, please do not read, 
copy use or disclose the contents of this communication to others and 
notify the sender immediately. Then please delete the email and any copies 
of it. Thank you.


---------------------------------------------------------------------
OTRS mailing list: otrs-de - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs-de
To unsubscribe: http://lists.otrs.org/mailman/listinfo/otrs-de

NEU! ENTERPRISE SUBSCRIPTION - JETZT informieren und buchen!
http://www.otrs.com/de/support/enterprise-subscription/

Antwort per Email an