Hi Jason,
I'm pretty new to this too, but I've got the LDAP backend working -
attached are my notes. Its basically what I did to Config.pm and what
happened at each step. I'm using OpenLDAP/Samba so you may have to
change the odd bit around...
Any questions, email me.
Jim
Bristol
UK
Installing otrs2:
- purge old copy:
delete otrs from /etc, /usr/share, /var/lib
drop db and user
- add pg_hba line for 127.0.0.1 and 10.14.96.5 otrs2 (db), otrs (user)
- passwd BThDf159WeyI6
- All works fine.
First job - Agents log in via LDAP... (all paths rel. to /usr/share/otrs):
- added this to config.pm (copied from defaults...)
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'ldap-master';
$Self->{'AuthModule::LDAP::BaseDN'} =
'ou=users,dc=brislington,dc=bristol,dc=sch,dc=uk';
$Self->{'AuthModule::LDAP::UID'} = 'uid';
$Self->{'AuthModule::LDAP::GroupDN'} =
'cn=otrsAgents,ou=staffgroups,ou=groups,dc=brislington,dc=bristol,dc=sch,dc=uk';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'memberUid';
$Self->{'AuthModule::LDAP::UserAttr'} = 'UID';
$Self->{'AuthModule::LDAP::SearchUserDN'} =
'cn=otrs,ou=system,dc=brislington,dc=bristol,dc=sch,dc=uk';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'xxx';
$Self->{'AuthModule::LDAP::AlwaysFilter'} = '';
$Self->{'AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
- restart apache... (do this after every change...)
- login - bottom dialog disappears off web page - good
- create group otrsagents, add jim - OK
- [EMAIL PROTECTED] cannot log in...
- log jim in: log file:
[Notice][Kernel::System::Auth::LDAP::Auth] User: jim
(uid=jim,ou=ICTTechnicians,ou=SupportStaff,ou=staffUsers,ou=Users,dc=brislington,dc=bristol,dc=sch,dc=uk)
authentication ok (REMOTE_ADDR: 10.14.96.8).
[Notice][Kernel::System::User::GetUserData] Panic! No UserData for user:
'jim'!!!
- so: System::User...
Add this:
$Self->{UserSyncLDAPMap} = {
Firstname => 'givenName',
Lastname => 'sn',
Email => 'mail',
Works! Boom Boom!
Make jim an admin:
insert into group_user
(user_id, group_id, permission_key, permission_value,
create_time, create_by, change_time, change_by)
select 2, group_id, permission_key, permission_value,
create_time, create_by, change_time, change_by
from group_user where user_id = 1;
OK!
- Now - add customers...
- log in as jimthestudent - get:
[Kernel::System::CustomerAuth::DB::Auth] CustomerUser: No auth record in
'customer_user' for 'jimthestudent' (REMOTE_ADDR: 10.14.96.8)
- so - need to add System::CustomerAuth:LDAP bit...
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'ldap-master';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} =
'ou=users,dc=brislington,dc=bristol,dc=sch,dc=uk';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'uid';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} =
'cn=otrs,ou=system,dc=brislington,dc=bristol,dc=sch,dc=uk';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'xxx';
$Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '';
$Self->{'Customer::AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
- sort of works - says auth'd in logs, but does not log you in...
- look at cust prefs etc...
$Self->{CustomerUser} = {
Name => 'BEC Users',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'ldap-master',
BaseDN => 'dc=brislington,dc=bristol,dc=sch,dc=uk',
SSCOPE => 'sub',
UserDN =>
'cn=otrs,ou=system,dc=brislington,dc=bristol,dc=sch,dc=uk',
UserPw => 'xxx',
AlwaysFilter => '',
Params => {
port => 389,
timeout => 120,
async => 0,
version => 3,
},
},
CustomerKey => 'uid',
CustomerID => 'mail',
CustomerUserListFields => ['cn', 'mail'],
CustomerUserSearchFields => ['uid', 'cn', 'mail'],
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
CustomerUserExcludePrimaryCustomerID => 0,
AdminSetPreferences => 0,
Map => [
[ 'UserSalutation', 'Title', 'title', 1, 0,
'var', '', 0 ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1,
'var', '', 0 ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1,
'var', '', 0 ],
[ 'UserLogin', 'Username', 'uid', 1, 1,
'var', '', 0 ],
[ 'UserEmail', 'Email', 'mail', 1, 1,
'var', '', 0 ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1,
'var', '', 0 ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0,
'var', '', 0 ],
[ 'UserAddress', 'Address', 'postaladdress', 1, 0,
'var', '', 0 ],
[ 'UserComment', 'Comment', 'description', 1, 0,
'var', '', 0 ],
],
};
- Works!!
> Greetings all;
>
> We're trying to get OTRS 2.2 Beta4 configured to connect to our LDAP
> server to provide a listing of all the potential customers at the
> university. I'm not seeing any error messages in the apache error logs,
> or the OTRS error log.
>
> When in the Phone Ticket dialog, entering a search item and clicking
> search customer returns nothing. I have included the Kernel/Config.pm
> file for reference.
>
> Using netstat -tc I see two connections to the LDAP server startup, but
> there is no returned data to the webform.
>
> I've also done some work in the web configuration section that mimics
> the information in Kernel/Config.pm . When I make changes from OTRS, I
> do not see any changes in Kernel/Config.pm . Could this also be part of
> the issue?
>
> Thanks in advance for any help you can provide.
>
> -Jason
>
> -------------------------------------
> Kernel/Config.pm
> -------------------------------------
> package Kernel::Config;
>
> sub Load {
> my $Self = shift;
> # ---------------------------------------------------- #
> # ---------------------------------------------------- #
> # #
> # Start of your own config options!!! #
> # #
> # ---------------------------------------------------- #
> # ---------------------------------------------------- #
>
> # ---------------------------------------------------- #
> # database settings #
> # ---------------------------------------------------- #
> # DatabaseHost
> # (The database host.)
> $Self->{DatabaseHost} = 'localhost';
>
> # Database
> # (The database name.)
> $Self->{Database} = 'ob4';
>
> # DatabaseUser
> # (The database user.)
> $Self->{DatabaseUser} = 'otrs';
>
> # (The database DSN for PostgreSQL ==> more: "man DBD::Pg")
> # if you want to use a local socket connection
> $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};";
>
> # ---------------------------------------------------- #
> # fs root directory
> # ---------------------------------------------------- #
> $Self->{Home} = '/opt/otrs';
>
> # ---------------------------------------------------- #
> # insert your own config settings "here" #
> # config settings taken from Kernel/Config/Defaults.pm #
> # ---------------------------------------------------- #
> # $Self->{SessionUseCookie} = 0;
> # $Self->{CheckMXRecord} = 0;
>
> # CustomerUser
> # (customer user ldap backend and settings)
> $Self->{CustomerUser} = {
> Name => 'LDAP',
> Module => 'Kernel::System::CustomerUser::LDAP',
> Params => {
>
> # ldap host
> Host => 'ldap.example.com,
>
> # ldap base dn
> BaseDN => 'dc=example,dc=com'
>
> # search scope (one|sub)
> SSCOPE => 'sub',
> # The following is valid but would only be necessary if the
> # anonymous user does NOT have permission to read from the LDAP
> tree
> # UserDN => '',
> # UserPw => '',
>
> # in case you want to add always one filter to each ldap query, use
> # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter
> => '(objectclass=user)'
> AlwaysFilter => '(objectclass=computer)',
>
> # if your frontend is e. g. iso-8859-1 and the charset of your
> # ldap server is utf-8, use this options (if not, ignore it)
> # SourceCharset => 'utf-8',
> # DestCharset => 'iso-8859-1',
> # Net::LDAP new params (if needed - for more info see perldoc
> Net::LDAP)
> Params => {
> port => 389,
> timeout => 120,
> async => 0,
> version => 3,
> },
> },
>
> # customer uniq id
> CustomerKey => 'uid',
>
> # customer #
> CustomerID => 'mail',
> # CustomerUserListFields => ['cn', 'mail'],
> CustomerUserSearchFields => ['uid', 'mail'],
> CustomerUserSearchPrefix => '',
> CustomerUserSearchSuffix => '*',
> CustomerUserSearchListLimit => 250,
> CustomerUserPostMasterSearchFields => ['mail'],
> CustomerUserNameFields => ['givenName', 'sn'],
>
> # show now own tickets in customer panel, CompanyTickets
> CustomerUserExcludePrimaryCustomerID => 0,
>
> # add a ldap filter for valid users (expert setting)
> # CustomerUserValidFilter => '(!(description=gesperrt))',
> # admin can't change customer preferences
> AdminSetPreferences => 0,
>
>
> # note: Login, Email and CustomerID needed!
> # var, frontend, storage, shown (1=always,2=lite), required,
> storage-type, http-link, readonly
> #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var',
> '', 0 ],
> #[ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1, 0,
> 'var', '', 0 ],
> #[ 'UserComment', 'Comment', 'description', 1, 0, 'var',
> '', 0 ],
>
> Map => [
> [ 'UserFirstname', 'Firstname', 'givenName', 1, 1, 'var',
> '', 0 ],
> [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var',
> '', 0 ],
> [ 'UserLogin', 'Username', 'uid', 1, 1, 'var',
> '', 0 ],
> [ 'UserEmail', 'Email', 'mail', 1, 1, 'var',
> '', 0 ],
> [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var',
> '', 0 ],
> [ 'UserPhone', 'Phone', 'telephoneNumber', 1, 0, 'var',
> '', 0 ],
> [ 'UserAddress', 'Address', 'postalAddress', 1, 0, 'var',
> '', 0 ],
> ],
> };
>
> $Self->{Debug}=0;
> # ---------------------------------------------------- #
>
> # ---------------------------------------------------- #
> # data inserted by installer #
> # ---------------------------------------------------- #
> #
>
> $Self->{FQDN}='fqdn.example.com';
> $Self->{DefaultCharset}='utf-8';
> $Self->{CheckMXRecord}=1;
>
> $Self->{TicketNumberGenerator}='Kernel::System::Ticket::Number::AutoIncrement';
>
>
> # ---------------------------------------------------- #
> # ---------------------------------------------------- #
> # #
> # End of your own config options!!! #
> # #
> # ---------------------------------------------------- #
> # ---------------------------------------------------- #
> }
>
> # ---------------------------------------------------- #
> # needed system stuff (don't edit this) #
> # ---------------------------------------------------- #
> use strict;
> use vars qw(@ISA $VERSION);
> use Kernel::Config::Defaults;
> push (@ISA, 'Kernel::Config::Defaults');
> $VERSION = '$Revision: 1.18 $';
> $VERSION =~ s/^\$.*:\W(.*)\W.+?$/$1/;
> # -----------------------------------------------------#
>
> 1;
>
> --
> Jason Hill
> [EMAIL PROTECTED]
> ISU Veterinary Teaching Hospital
> Ames, IA 50011
>
> _______________________________________________
> OTRS mailing list: otrs - Webpage: http://otrs.org/
> Archive: http://lists.otrs.org/pipermail/otrs
> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
> Support or consulting for your OTRS system?
> => http://www.otrs.com/
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>
----------------------------------------------------------------------------------------
Brislington Enterprise College Mail System
This e-mail and any attachements are intended solely for the use of the
individual to whom
it is addressed. Any views or opinions presented are solely those of the author
and
do not necessarily represent those of Brislington Enterprise College. If you
are not
the intended recipient, be advised that you have received this e-mail in error
and
that any use, dissemination, forwarding, printing, or copying of this e-mail is
strictly
prohibited. If you have received this e-mail in error please contact the sender.
As internet communications are not secure, we do not accept legal responsibility
for the contents of this message nor for any changes made after it was sent by
the original
sender.
For information about Brislington Enterprise College, please visit
http://www.because.org.uk
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
_______________________________________________
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support or consulting for your OTRS system?
=> http://www.otrs.com/
