Sorry for the misunderstanding. I generally do Customers first (internal IT shop) and then get the agents working last. Have never done one with agents only using LDAP. I'll try to do an agent only config.pm against a test install of 2.2 and see what happens, will be later in the day so if anyone has any suggestions.....
Thanks GEH -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Sándor Fehér Sent: Thursday, July 12, 2007 9:29 AM To: User questions and discussions about OTRS.org Subject: Re: [otrs] LDAP auth problem Greg Horne írta: Do you have a MAP Array configured in Config.pm? No. But I need not for that because I want to authenticate agents only in this way. Anyway I applied the section above but nothing has changed. (It worked perfectly in 2.1.6 with the same settings) Regards., Sandor Looking at http://doc.otrs.org/2.2/en/html/x1572.html#customer-backend-ldap They have a sample config section as shown below in part, the part of this that I would look at is the map array : ", Map => [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly [ 'UserSalutation', 'Title', 'title', 1, 0, 'var', '', 0 ], [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var', '', 0 ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var', '', 0 ], [ 'UserLogin', 'Username', 'uid', 1, 1, 'var', '', 0 ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var', '', 0 ], [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var', '', 0 ], # [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1, 0, 'var', '', 0 ], [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var', '', 0 ], [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var', '', 0 ], [ 'UserComment', 'Comment', 'description', 1, 0, 'var', '', 0 ], ], }; " ##### End of Map Array Have Fun Greg Horne geh gehorne ################# Full cut and paste of the sample code from http://doc.otrs.org/2.2/en/html/x1572.html#customer-backend-ldap # CustomerUser # (customer user ldap backend and settings) $Self->{CustomerUser} = { Name => 'LDAP Datenquelle', Module => 'Kernel::System::CustomerUser::LDAP', Params => { # ldap host Host => 'bay.csuhayward.edu', # ldap base dn BaseDN => 'ou=seas,o=csuh', # search scope (one|sub) SSCOPE => 'sub', # # The following is valid but would only be necessary if the # # anonymous user does NOT have permission to read from the LDAP tree UserDN => '', UserPw => '', # in case you want to add always one filter to each ldap query, use # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)' AlwaysFilter => '', # if your frontend is e. g. iso-8859-1 and the charset of your # ldap server is utf-8, use this options (if not, ignore it) # SourceCharset => 'utf-8', # DestCharset => 'iso-8859-1', # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP) Params => { port => 389, timeout => 120, async => 0, version => 3, }, }, # customer uniq id CustomerKey => 'uid', # customer # CustomerID => 'mail', CustomerUserListFields => ['cn', 'mail'], CustomerUserSearchFields => ['uid', 'cn', 'mail'], CustomerUserSearchPrefix => '', CustomerUserSearchSuffix => '*', CustomerUserSearchListLimit => 250, CustomerUserPostMasterSearchFields => ['mail'], CustomerUserNameFields => ['givenname', 'sn'], # show now own tickets in customer panel, CompanyTickets CustomerUserExcludePrimaryCustomerID => 0, # add a ldap filter for valid users (expert setting) # CustomerUserValidFilter => '(!(description=gesperrt))', # admin can't change customer preferences AdminSetPreferences => 0, Map => [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly [ 'UserSalutation', 'Title', 'title', 1, 0, 'var', '', 0 ], [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var', '', 0 ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var', '', 0 ], [ 'UserLogin', 'Username', 'uid', 1, 1, 'var', '', 0 ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var', '', 0 ], [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var', '', 0 ], # [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1, 0, 'var', '', 0 ], [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var', '', 0 ], [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var', '', 0 ], [ 'UserComment', 'Comment', 'description', 1, 0, 'var', '', 0 ], ], }; -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Sándor Fehér Sent: Thursday, July 12, 2007 8:36 AM To: User questions and discussions about OTRS.org Subject: Re: [otrs] LDAP auth problem - Changed Greg Horne írta: Greg, Thank you for the response. I double checked everything but I can't figure out what's the problem. I reinstalled a new 2.2.1 with the default settings (mysql, utf8 and so one). I followed the 2.2 documentation and pasted the required section into my Config.pm Changed it as needed but the result is the same. Here is the relevant part. # This is an example configuration for an LDAP auth. backend. # (take care that Net::LDAP is installed!) $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self->{'AuthModule::LDAP::Host'} = 'localhost'; $Self->{'AuthModule::LDAP::BaseDN'} = 'ou=Staff,dc=office,dc=bluesystem,dc=hu'; $Self->{'AuthModule::LDAP::UID'} = 'uid'; $Self->{'AuthModule::LDAP::SearchUserDN'} = ''; $Self->{'AuthModule::LDAP::SearchUserPw'} = ''; $Self->{'AuthModule::LDAP::AlwaysFilter'} = ''; $Self->{'AuthModule::LDAP::Params'} = { port => 389, timeout => 120, async => 0, version => 3, }; $Self->{UserSyncLDAPMap} = { # DB -> LDAP Firstname => 'givenName', Lastname => 'sn', Email => 'mail', }; $Self->{UserSyncLDAPGroups} = [ 'users', ]; # UserTable $Self->{DatabaseUserTable} = 'system_user'; $Self->{DatabaseUserTableUserID} = 'id'; $Self->{DatabaseUserTableUserPW} = 'pw'; $Self->{DatabaseUserTableUser} = 'login'; And the log. [Thu Jul 12 14:10:42 2007][Notice][Kernel::System::Auth::LDAP::Auth] User: sfeher (uid=sfeher,ou=Staff,dc=office,dc=bluesystem,dc=hu) authentication ok (REMOTE_ADDR: 192.168.1.11). [Thu Jul 12 14:10:42 2007][Notice][Kernel::System::User::GetUserData] Panic! No UserData for user: 'sfeher'!!! [Thu Jul 12 14:10:42 2007][Error][Kernel::System::User::UserAdd][229] Need UserFirstname! [Thu Jul 12 14:10:42 2007][Error][Kernel::System::Auth::LDAP::Auth][385] Can't create user 'sfeher' (uid=sfeher,ou=Staff,dc=office,dc=bluesystem,dc=hu) in RDBMS! [Thu Jul 12 14:10:42 2007][Notice][Kernel::System::User::GetUserData] Panic! No UserData for user: 'sfeher'!!! And the LDAP entry: dn: uid=sfeher,ou=Staff,dc=office,dc=bluesystem,dc=hu objectClass: posixAccount objectClass: top objectClass: inetOrgPerson objectClass: shadowAccount gidNumber: 65534 givenName: Sandor sn: Feher displayName: Sandor Feher uid: sfeher homeDirectory: /home/sfeher loginShell: /bin/bash shadowFlag: 0 shadowMin: 0 shadowMax: 99999 shadowWarning: 0 shadowInactive: 99999 shadowLastChange: 12011 shadowExpire: 99999 mail: [EMAIL PROTECTED] cn: Sandor Feher uidNumber: 17261 structuralObjectClass: inetOrgPerson entryUUID: 2f008b44-c3da-102b-93cc-b53af2a69bad creatorsName: cn=admin,dc=office,dc=bluesystem,dc=hu createTimestamp: 20070711090933Z userPassword:: e1NIQX03MnErRUswSUxBSVZsSUdjVVdKcmsxVEtQL2M9 entryCSN: 20070711091036Z#000000#00#000000 modifiersName: cn=admin,dc=office,dc=bluesystem,dc=hu modifyTimestamp: 20070711091036Z Regards., Sandor Sándor, Sorry its still early here (US), searched the web for UserSyncLDAPMap and found that The DB line is normally commented out. So would not think that is you issue. I searched my 2.2 config and found that I do not have a UserSyncLDAPMap in it. When I did my 2.2 LDAP, I started from the default Config.pm and worked my way through using the 2.2 HTML manual from the website. Again, in the past when I have seen the Panic statement I have found the problem to be in the Map command. Following is a cut and paste from mine. Map => [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly [ 'UserSalutation', 'Title', 'title', 1, 0, 'var', '', 0 ], [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var', '', 0 ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var', '', 0 ], [ 'UserLogin', 'Username', 'uid', 1, 1, 'var', '', 0 ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var', '', 0 ], [ 'UserCustomerID', 'CustomerID', 'confirm', 0, 1, 'var', '', 0 ], # [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1, 0, 'var', '', 0 ], [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var', '', 0 ], [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var', '', 0 ], [ 'UserComment', 'Comment', 'description', 1, 0, 'var', '', 0 ], ], }; If I recieved the message I would verify that in my example, givenname was actually in LDAP and contained the first name of the user. You may want to post the entire LDAP section from your Config.pm with any usernames/password changed. Sorry everyone for the poor prior post, again its early here :) Have Fun. Greg Horne geh gehorne -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Sándor Fehér Sent: Thursday, July 12, 2007 2:00 AM To: User questions and discussions about OTRS.org Subject: Re: [otrs] LDAP auth problem Sándor Fehér írta: Some additional info. I downgraded to 2.1.6 and it works fine with that. Here is the relevant part of my Config.pm # $DIBI$ $Self->{'SystemID'} = 10; $Self->{'SecureMode'} = 1; $Self->{'Organization'} = 'Blue System '; $Self->{'LogModule::LogFile'} = '/opt/otrs/var/otrs.log'; $Self->{'LogModule'} = 'Kernel::System::Log::SysLog'; $Self->{'FQDN'} = 'mail.office.bluesystem.hu'; $Self->{'DefaultLanguage'} = 'hu'; $Self->{'DefaultCharset'} = 'iso-8859-2'; $Self->{'AdminEmail'} = '[EMAIL PROTECTED]'; $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self->{'AuthModule::LDAP::Host'} = '192.168.1.9'; $Self->{'AuthModule::LDAP::BaseDN'} = 'ou=Staff,dc=office,dc=bluesystem,dc=hu'; $Self->{'AuthModule::LDAP::UID'} = 'uid'; $Self->{'AuthModule::LDAP::UserAttr'} = 'uid'; $Self->{'AuthModule::LDAP::Params'} = { port => 389, timeout => 120, async => 0, version => 3, }; $Self->{UserSyncLDAPMap} = { # DB -> LDAP Firstname => 'givenName', Lastname => 'sn', Email => 'mail', }; $Self->{UserSyncLDAPGroups} = [ 'users', ]; $Self->{DatabaseUserTable} = 'system_user'; $Self->{DatabaseUserTableUserID} = 'id'; $Self->{DatabaseUserTableUserPW} = 'pw'; $Self->{DatabaseUserTableUser} = 'login'; And the log I get. [Thu Jul 12 07:55:28 2007][Notice][Kernel::System::Auth::LDAP::Auth] User: sfeher (uid=sfeher,ou=St [Thu Jul 12 07:55:28 2007][Notice][Kernel::System::User::GetUserData] Panic! No UserData for user: [Thu Jul 12 07:55:28 2007][Error][Kernel::System::User::UserAdd][229] Need UserFirstname! [Thu Jul 12 07:55:28 2007][Error][Kernel::System::Auth::LDAP::Auth][385] Can't create user 'sfeher' [Thu Jul 12 07:55:28 2007][Notice][Kernel::System::User::GetUserData] Panic! No UserData for user: Regards., Sandor Hi, I had a well working otrs config so far with the following parts: - Apache 2.2.3 with mod_perl - OTRS 2.1.6 - Oracle 10.2.0.1 - Openldap 2.3.35 The authetication worked perfectly from LDAP. Today I decided to build a new config with otrs 2.2.1. I backed up my Config.pm and installed a new otrs 2.2.1. Ran the oracle database scripts as well. Everything is fine except the authentication (I can log in with [EMAIL PROTECTED]). The result is the same either I use mysql backend. Thank you in advance. Regards., Sandor ERROR: OTRS-CGI-10 Perl: 5.8.8 OS: linux Time: Wed Jul 11 11:10:39 2007 Message: Can't create user 'sfeher' (uid=sfeher,ou=Staff,dc=office,dc=bluesystem,dc=hu) in RDBMS! Traceback (8276): Module: Kernel::System::Auth::LDAP::Auth (v1.37) Line: 385 Module: Kernel::System::Auth::Auth (v1.23) Line: 120 Module: Kernel::System::Web::InterfaceAgent::Run (v1.22) Line: 192 Module: ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_index_2epl::handler (v) Line: 4 Module: (eval) (v1.81) Line: 203 Module: ModPerl::RegistryCooker::run (v1.81) Line: 203 Module: ModPerl::RegistryCooker::default_handler (v1.81) Line: 169 Module: ModPerl::Registry::handler (v1.99) Line: 30 -- Üdvözlettel, Fehér Sándor ...Fehér Sándor... --- ....Sandor Feher.... fejlesztési vezető --- development manager Blue System Kft. --- Blue System Ltd. mailto:[EMAIL PROTECTED] http://www.bluesystem.hu [ - real men don't click - ] _______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support or consulting for your OTRS system? => http://www.otrs.com/ _______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support or consulting for your OTRS system? => http://www.otrs.com/ _______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support or consulting for your OTRS system? => http://www.otrs.com/ -- Üdvözlettel, Fehér Sándor ...Fehér Sándor... --- ....Sandor Feher.... fejlesztési vezető --- development manager Blue System Kft. --- Blue System Ltd. mailto:[EMAIL PROTECTED] http://www.bluesystem.hu [ - real men don't click - ] ---------------------------------------------------------------------------- _______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support or consulting for your OTRS system? => http://www.otrs.com/ -- Üdvözlettel, Fehér Sándor ...Fehér Sándor... --- ....Sandor Feher.... fejlesztési vezető --- development manager Blue System Kft. --- Blue System Ltd. mailto:[EMAIL PROTECTED] http://www.bluesystem.hu [ - real men don't click - ]
_______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support or consulting for your OTRS system? => http://www.otrs.com/
