All right, heres what I see. You set the LDAP Params twice and I didn't
need them at all. You need to replace every instance of 'uid' with
'sAMAccountName.' I also had to layout the username differently. Thats
just what I see.
# CustomerUser
# (customer user ldap backend and settings)
$Self->{CustomerUser} = {
Name => 'Active Directory',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'ADServer.domainname.com',
BaseDN => 'dc=domainname,dc=com',
SSCOPE => 'sub',
UserDN => 'cn=ADUsername,ou=users,dc=domainname,dc=com',
UserPw => 'password',
},
# customer uniq id
CustomerKey => 'sAMAccountName',
# customer #
CustomerID => 'mail',
CustomerUserListFields => ['cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
# show now own tickets in customer panel, CompanyTickets
CustomerUserExcludePrimaryCustomerID => 0,
# admin can't change customer preferences
AdminSetPreferences => 0,
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown (1=always,2=lite), required,
storage-type, http-link, readonly
[ 'UserSalutation', 'Title', 'title', 1, 0,
'var', '', 0 ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1,
'var', '', 0 ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1,
'var', '', 0 ],
[ 'UserLogin', 'Username', 'sAMAccountName',
1, 1, 'var', '', 0 ],
[ 'UserEmail', 'Email', 'mail', 1, 1,
'var', '', 0 ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1,
'var', '', 0 ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0,
'var', '', 0 ],
[ 'UserAddress', 'Address', 'postaladdress', 1, 0,
'var', '', 0 ],
[ 'UserComment', 'Comment', 'description', 1, 0,
'var', '', 0 ],
],
};
Kurt O'Connor
Linn State Technical College
[EMAIL PROTECTED]
573-897-5275
----------------------------------------------------------
________________________________
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Pascal Rebsamen
Sent: Thursday, September 20, 2007 4:52 AM
To: User questions and discussions about OTRS.org
Subject: [otrs] Problem with LDAP auth -Need CustomerID!!!
hi,
i'm searching now 3 hrs and can't find the error. i did the setup for
ldap auth in the config.pm. The LDAP Auth. works, but after the logon, i
receive the following error:
Fehler: Need CustomerID!!!
Kommentar:
Traceback: ERROR: OTRS-CGI-10 Perl: 5.8.8 OS: linux Time: Thu Sep 20
11:42:08 2007
Message: Need CustomerID!!!
Traceback (4519):
Module: Kernel::Output::HTML::Layout::CustomerError (v1.48) Line: 3308
Module: Kernel::Modules::CustomerTicketOverView::Run (v1.42) Line: 72
Module: Kernel::System::Web::InterfaceCustomer::Run (v1.20) Line: 704
Module: /opt/otrs/bin/cgi-bin/customer.pl (v1.37) Line: 47
My config:
# #########################################################
# CUSTOMER Auth
# #########################################################
# This is an example configuration for an LDAP auth. backend.
# (take care that Net::LDAP is installed!)
$Self->{'Customer::AuthModule'} =
'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'MeinDC';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} =
'dc=company,dc=local';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group xyz to use otrs)
#$Self->{'Customer::AuthModule::LDAP::GroupDN'} =
'cn=otrsallow,ou=posixGroups,dc=example,dc=com';
#$Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'memberUid';
# for ldap posixGroups objectclass (just uid)
#$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID';
# for non ldap posixGroups objectclass (full user dn)
# # $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN';
# The following is valid but would only be necessary if the
# anonymous user do NOT have permission to read from the LDAP tree
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} =
'domain\username';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'password';
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter =>
'(objectclass=user)'
$Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '(mail=*)';
# in case you want to add a suffix to each customer login name, then
# you can use this option. e. g. user just want to use user but
# in your ldap directory exists [EMAIL PROTECTED]
# $Self->{'Customer::AuthModule::LDAP::UserSuffix'} = '@domain.com';
# Net::LDAP new params (if needed - for more info see perldoc
Net::LDAP)
$Self->{'Customer::AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
# CustomerUser
# (customer user ldap backend and settings)
$Self->{CustomerUser} = {
Name => 'LDAP Backend',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
# # ldap host
Host => 'meinDC',
# # ldap base dn
BaseDN => 'ou=company,o=local',
# # search scope (one|sub)
SSCOPE => 'sub',
# # The following is valid but would only be necessary if the
# # anonymous user does NOT have permission to read from the
LDAP tree
UserDN => 'domain\user',
UserPw => 'meinpassword',
# # in case you want to add always one filter to each ldap
query, use
# # this option. e. g. AlwaysFilter => '(mail=*)' or
AlwaysFilter => '(objectclass=user)'
AlwaysFilter => '(mail=*)',
# # if your frontend is e. g. iso-8859-1 and the charset of
your
# # ldap server is utf-8, use this options (if not, ignore
it)
SourceCharset => 'utf-8',
DestCharset => 'utf-8',
# # die if backend can't work, e. g. can't connect to server
Die => 1,
# # Net::LDAP new params (if needed - for more info see
perldoc Net::LDAP)
Params => {
port => 389,
timeout => 120,
async => 0,
version => 3,
},
},
# # customer uniq id
CustomerKey => 'uid',
# # customer #
CustomerID => 'mail',
CustomerUserListFields => ['cn', 'mail'],
CustomerUserSearchFields => ['uid', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
# # show now own tickets in customer panel, CompanyTickets
CustomerUserExcludePrimaryCustomerID => 0,
# # add a ldap filter for valid users (expert setting)
# # CustomerUserValidFilter => '(!(description=gesperrt))',
# # admin can't change customer preferences
AdminSetPreferences => 0,
# # cache time to life in sec. - cache any ldap queris
CacheTTL => 0,
Map => [
# # note: Login, Email and CustomerID needed!
# # var, frontend, storage, shown (1=always,2=lite),
required, storage-type, http-link, readonly
[ 'UserSalutation', 'Title', 'title', 1, 0,
'var', '', 0 ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1,
'var', '', 0 ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1,
'var', '', 0 ],
[ 'UserLogin', 'Username', 'uid', 1, 1,
'var', '', 0 ],
[ 'UserEmail', 'Email', 'mail', 1, 1,
'var', '', 0 ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1,
'var', '', 0 ],
# [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids',
1, 0, 'var', '', 0 ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0,
'var', '', 0 ],
[ 'UserAddress', 'Address', 'postaladdress', 1, 0,
'var', '', 0 ],
[ 'UserComment', 'Comment', 'description', 1, 0,
'var', '', 0 ],
],
};
NOTE:
This e-mail transmission may contain confidential information.
If you are not the intended recipient, employee or agent responsible
for delivering this information to the intended recipient,
unauthorized disclosure, copying, distribution or use of the
contents of this transmission is strictly prohibited. If you have
received this e-mail in error, please immediately notify the sender
and delete it from your computer. Thank you for your compliance.
_______________________________________________
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support or consulting for your OTRS system?
=> http://www.otrs.com/
