Hi Bjørn,
Isn't there anything else in the log that might indicate what goes wrong?
Ideas (even though i'm no expert in this area):
Make sure that your AD users have populated the fields you're trying to use
(sync).
As i have understood the process, any fields (firstname, lastname and so on)
configured in OTRS as required, must be mapped to an AD/LDAP property, and
this property must be populated in AD/LDAP.
Otherwise the "Panic" might show up.
I'm using (for agent auth):
$Self->{UserSyncLDAPMap} = [
Firstname => 'givenName',
Lastname => 'sn',
Email => 'mail',
];
That means that i must make sure that the "givenName", "sn" and "mail"
fields are populated in AD before it will work.
Let me know if you'd like an example config.
--
/Sune
_____
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Bjørn Ingmar Berg
Sent: Monday, March 05, 2007 10:28 AM
To: [email protected]
Subject: [otrs] OTRS 2.1.5 and LDAP
Hello
I am very new to OTRS and have ran into a problem I'm unable to figure out
as yet.
I am trying to set up a helpdesk system for a small "kommune" in Norway, and
I'd like both agent and user authentication to be done against the AD server
via LDAP.
Right now agents can log in and get authenticated by the Radius server, but
this demands that their personal information is already entered in OTRS.
Normal users get authenticated via LDAP but unless they too are already
registered they get the error message "Panic! No UserData!!!". In the
system log these attempts show up as
notice OTRS-CGI-10 CustomerUser: pers authentification ok (REMOTE_ADDR:
192.168.105.107).
(pers is the ID of the testuser.)
The plan is that as soon as authentication against LDAP works well I'll stop
using Radius.
I guess that my problem is connected to mapping from LDAP to OTRS and
problems with copying the content of the fields from one to the other.
After a little googling I found that this has been discussed before. I
edited the file shown at
http://www.mail-archive.com/[email protected]/msg16539.html
<http://www.mail-archive.com/[email protected]/msg16539.html> and tried using
that, but alas it didn't work out.
I feel at a dead end right now, and would really appreciate som input on
where I went wrong and what I need to do.
( And an extra query: It seems some examples off the net have [ and ]
whereas others have { and }. Does it matter which one I use? )
My feebly modified Config.pm looks like this:
******************** Paste begin ****************************************
# --
# Kernel/Config.pm - Config file for OTRS kernel
# Copyright (C) 2001-2006 OTRS GmbH, http://otrs.org/
# --
# $Id: Config.pm.dist,v 1.18 2006/09/07 16:15:41 mh Exp $
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (GPL). If you
# did not receive this file, see http://www.gnu.org/licenses/gpl.txt.
# --
# Note:
#
# -->> OTRS does have a lot of config settings. For more settings
# (Notifications, Ticket::ViewAccelerator, Ticket::NumberGenerator,
# LDAP, PostMaster, Session, Preferences, ...) see
# Kernel/Config/Defaults.pm and copy your wanted lines into "this"
# config file. This file will not be changed on update!
#
# --
package Kernel::Config;
sub Load {
my $Self = shift;
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# #
# Start of your own config options!!! #
# #
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# This is example configuration to auth. agents against a radius server
$Self->{'AuthModule'} = 'Kernel::System::Auth::Radius';
$Self->{'AuthModule::Radius::Host'} = '192.168.105.3';
$Self->{'AuthModule::Radius::Password'} = 'PASSWORD';
# This is an example configuration for an LDAP auth. backend.
# (take care that Net::LDAP is installed!)
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = '192.168.105.3';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=grueopen,dc=lokal';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group xyz to use otrs)
# $Self->{'Customer::AuthModule::LDAP::GroupDN'} =
'cn=otrsallow,ou=posixGroups,dc=example,dc=com';
# $Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'memberUid';
# for ldap posixGroups objectclass (just uid)
# $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID';
# for non ldap posixGroups objectclass (full user dn)
# $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN';
# The following is valid but would only be necessary if the
# anonymous user do NOT have permission to read from the LDAP tree
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=otrs
otrs,cn=users,dc=grueopen,dc=lokal';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = ' PASSWORD ';
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter =>
'(objectclass=user)'
# $Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '';
# in case you want to add a suffix to each customer login name, then
# you can use this option. e. g. user just want to use user but
# in your ldap directory exists [EMAIL PROTECTED]
# $Self->{'Customer::AuthModule::LDAP::UserSuffix'} = '@domain.com';
$Self->{UserSyncLDAPMap} = [
Username => 'sAMAccountName',
Firstname => 'givenName',
Lastname => 'sn',
Email => 'mail',
CustomerID => 'mail',
];
# UserSyncLDAPGroups
# (If "LDAP" was selected for AuthModule, you can specify inital
# user groups for first login.)
$Self->{UserSyncLDAPGroups} = [
'users',
];
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'Customer::AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
# ---------------------------------------------------- #
# database settings #
# ---------------------------------------------------- #
# DatabaseHost
# (The database host.)
$Self->{'DatabaseHost'} = 'localhost';
# Database
# (The database name.)
$Self->{'Database'} = 'otrs';
# DatabaseUser
# (The database user.)
$Self->{'DatabaseUser'} = 'otrs';
# DatabasePw
# (The password of database user. You also can use bin/CryptPassword.pl
# for crypted passwords.)
$Self->{'DatabasePw'} = 'tuib75';
# DatabaseDSN
# (The database DSN for MySQL ==> more: "man DBD::mysql")
$Self->{DatabaseDSN} =
"DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost};";
( Rest of file skipped)
******************** Paste end ****************************************
Kind regards,
Bjørn Ingmar Berg
_______________________________________________
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support orr consulting for your OTRS system?
=> http://www.otrs.com/
