Hello.

 

We have installed OTRS 2.0.3 last month for testing. We are now trying to make it fit our needs.  We are looking for enabling both LDAP and DB authentication for customer login.

 

As I never find how a user can be added to the DB by itself on first connection (I receive the famous “Panic! No UserData!!!” message), I first populated the customer_user table with the usernames and id, etc. from my LDAP directory (AD).  By hand, for sure!  Now, it is possible to connect OTRS with our LDAP user/passwd with no problem.

 

But something is confusing me : in the documentation and many forum messages, it seems normal that on first connection, normal LDAP users are automatically added to the “local” DB (ie customer_user).  Is there an exception for MS Active Directory (“not-LDAP-but-LDAP-like”) database?  Anyway, everything is OK since I populated the DB manually.

 

On the other hand, we want to add some other users (not present in our LDAP base).  But it doesn’t seem possible:

 

When I put these two sets of lines in Config.pm,

 

 $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';

 $Self->{'Customer::AuthModule::LDAP::Host'} = '…’;

 $Self->{'Customer::AuthModule::LDAP::BaseDN'} = '…’;

 $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';

 $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = '…’;

 $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = '…';

 

 $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::DB';

 $Self->{'Customer::AuthModule::DB::Table'} = 'customer_user';

 $Self->{'Customer::AuthModule::DB::CustomerKey'} = 'login';

 $Self->{'Customer::AuthModule::DB::CustomerPassword'} = 'pw';

 

- DB auth is working, and the login page shows “lost password”, and “create account” boxes

- But LDAP authentication is not working

 

If I invert the two sets:

 

 $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::DB';

 $Self->{'Customer::AuthModule::DB::Table'} = 'customer_user';

 $Self->{'Customer::AuthModule::DB::CustomerKey'} = 'login';

 $Self->{'Customer::AuthModule::DB::CustomerPassword'} = 'pw';

 

 $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';

 $Self->{'Customer::AuthModule::LDAP::Host'} = '…’;

 $Self->{'Customer::AuthModule::LDAP::BaseDN'} = '…’;

 $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';

 $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = '…’;

 $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = '…';

 

- Only LDAP authentication works

- The login page only shows “Login” and “Language” boxes

- No way to auth by DB

 

One way to get rid of that is to create new entries in LDAP, but we don’t want to do this.

On the other hand, importing the entire LDAP in the local DB is not interesting: we cannot access the passwd, and we can have problem when users are deleted from the LDAP or if they change their passwd, etc…

 

Thank you for any help or comments!

 

Alexandre Soucisse

 

_______________________________________________
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support oder Consulting für Ihr OTRS System?
=> http://www.otrs.de/

Reply via email to