Perhaps you should/could try with a new clean user, not before seen in the otrs db, just to make sure that the CustomerID isn't fooling around with us. -- /Sune
_____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Arnold, Andrew Sent: Friday, November 24, 2006 5:28 PM To: User questions and discussions about OTRS.org Subject: RE: [otrs] Customer LDAP to AD Authentication - close, but not working thanks Sune Nearly there I think - it does let me in now I have made that change. Still not showing any of the calls I created via admin login tho. Appreciate the help. Fairly new to otrs but starting to get my head round it I think. Thanks again A _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sune T. Tougaard Sent: 24 November 2006 15:57 To: otrs@otrs.org Subject: RE: [otrs] Customer LDAP to AD Authentication - close, but not working Hi, First post, please be gentle... ;-) Don't know that much about it, but a few ideas: The "hd\xpinstall" UID i think is wrong. The UID, i believe, is used to decide which LDAP Property that is used as UID. In the case of a Windows AD domain, it's usually "sAMAccountName" or "userPrincipalName". That might give you the "Bad filter" message. Does the filter/search string show up in the log? Also, i think the "CustomerID => 'o'" usually reads "CustomerID => 'mail'", to use the e-mail from LDAP as customerID in the OTRS DB. The issue that Tim had back then... The error message seem to indicate that he was logging on using "userPrincipalName" (<username>@<dom>.<dom>) instead of "sAMAccountName" (<username>), which might have worked if the "UID" and "CustomerKey" was set to "userPrincipalName" instead of "sAMAccountName". Hope that helps you along... -- /Sune ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> ] On Behalf Of Arnold, Andrew Sent: Thursday, November 23, 2006 2:13 PM To: otrs@otrs.org Subject: [otrs] Customer LDAP to AD Authentication - close, but not working Please see mail below from Tim Miller: I too have a similar problem, ("Login failed! Your username or password was entered incorrectly". on the customer.pl web page) but I get the following entry in log file: [Thu Nov 23 13:06:23 2006][Error][Kernel::System::CustomerAuth::LDAP::Auth][141] Search failed! Bad filter Any ideas people please: Thanks a lot: Andrew (please see LDAP entries in my Config.pm) # AA Customer Authentication # $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self->{'Customer::AuthModule::LDAP::Host'} = '128.30.1.50'; $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=hq,dc=office,dc=hd,dc=com'; $Self->{'Customer::AuthModule::LDAP::UID'} = 'hd\xpinstall'; $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=xpinstall,ou=Support,ou=IT,OU=HD,dc=hq,dc=office,dc=hd,dc=com'; $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = '******starred out*'; # Getting Customer Info # $Self->{CustomerUser} = { Module => 'Kernel::System::CustomerUser::LDAP', Params => { Host => '128.30.1.50', BaseDN => 'dc=hq,dc=office,dc=hd,dc=com', SSCOPE => 'sub', UserDN => 'cn=xpinstall,ou=Support,ou=IT,OU=HD,dc=hq,dc=office,dc=hd,dc=com', UserPw => '******starred out*', }, CustomerKey => 'sAMAccountName', CustomerID => 'o', CustomerUserListFields => ['cn'], CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'], CustomerUserPostMasterSearchFields => ['mail'], CustomerUserNameFields => ['givenname', 'sn'], Map => [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown, required, storage-type # [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ], [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ], [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ], [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ], [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ], # [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ], [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ], ], }; (Mail from Tim Miller I am having trouble getting the customers to be able to authenticate and log in to the customer.pl web page. I am trying to use LDAP to authenticate. From the agent side, my LDAP searches are working fine. If I search for a customer by name to create a new ticket, I get a complete list of possible names back from the LDAP search. However, when the customers attempt to log in, all I get is "Login failed! Your username or password was entered incorrectly". I know the username and password is correct, but I keep getting this error. In the System log, I get the following message, "CustomerUser: jdoe at dbtamerica.local <http://lists.otrs.org/cgi-bin/listinfo/otrs <http://lists.otrs.org/cgi-bin/listinfo/otrs> > authentification failed, no LDAP entry found!BaseDN='dc=dbtamerica,dc=local', Filter='(&(sAMAccountName=jdoe at dbtamerica.local <http://lists.otrs.org/cgi-bin/listinfo/otrs <http://lists.otrs.org/cgi-bin/listinfo/otrs> > )(!objectclass=computer)) ', (REMOTE_ADDR: 10.222.128.53)." I have a J Doe account in my AD that I use for testing, the account exists and I am using the correct password. Do I have to use the PosixGroups lines in the Config.pm file? I am currently not using these at all, but my understanding is that it should work without them. Do I have to create a group in AD, or specify that the "domain users" group is allowed access? Any advice is greatly appreciated, this is our last major hurdle to get over, so far we love the package, but we really want the AD authentication to work. With Best Regards, Tim ) Andrew Arnold IT Support Analyst hammondsdirect DDI 01274 764677 Mob 07946 459179 mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> This message is confidential and may be legally privileged or otherwise protected from disclosure. If you are not the intended recipient, please telephone or email the sender and delete this message and any attachment from your system; you must not copy or disclose the contents of this message or any attachment to any other person. Copyright in documents created by or on behalf of this firm remains vested in the firm, and we assert our moral rights, unless the terms of our relevant client's engagement provide otherwise. HammondsDirect is regulated in the United Kingdom by the Law Society. The partners in the firm are either solicitors or registered foreign lawyers and a list of their names and professional qualifications can be inspected at Pennine House, Well Street, Bradford, BD1 5NU. This e-mail has been scanned for all viruses on behalf of HammondsDirect by Integralis e:scan. This message is confidential and may be legally privileged or otherwise protected from disclosure. If you are not the intended recipient, please telephone or email the sender and delete this message and any attachment from your system; you must not copy or disclose the contents of this message or any attachment to any other person. Copyright in documents created by or on behalf of this firm remains vested in the firm, and we assert our moral rights, unless the terms of our relevant client's engagement provide otherwise. HammondsDirect is regulated in the United Kingdom by the Law Society. The partners in the firm are either solicitors or registered foreign lawyers and a list of their names and professional qualifications can be inspected at Pennine House, Well Street, Bradford, BD1 5NU. This e-mail has been scanned for all viruses on behalf of HammondsDirect by Integralis e:scan.
_______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support orr consulting for your OTRS system? => http://www.otrs.com/
