Tried it w/values from Defaults.pm - same error. All ldap attributes
exist, user is member of group. It works as long as I do not want to
sync user to DB. Same issue happens with customer accounts. If past
experience is any indicator, I must be missing something.
Here's my Config.pm, with just the agent settings.
################################ LDAP #######################
########################## AGENTS ########################
# This is an example configuration for an LDAP auth. backend.
# (take care that Net::LDAP is installed!)
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'ldap.standard.k12.ca.us';
$Self->{'AuthModule::LDAP::BaseDN'} =
'ou=users,dc=standard,dc=k12,dc=ca,dc=us';
$Self->{'AuthModule::LDAP::UID'} = 'uid';
# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group xyz to use otrs)
$Self->{'AuthModule::LDAP::GroupDN'} =
'cn=techsupport,ou=Groups,dc=standard,dc=k12,dc=ca,dc=us';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'memberUid';
# for ldap posixGroups objectclass (just uid)
$Self->{'AuthModule::LDAP::UserAttr'} = 'UID';
# for non ldap posixGroups objectclass (with full user dn)
# $Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
# The following is valid but would only be necessary if the
# anonymous user do NOT have permission to read from the LDAP tree
$Self->{'AuthModule::LDAP::SearchUserDN'} =
'cn=admin,ou=dsa,dc=standard,dc=k12,dc=ca,dc=us';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'xxxxxxxx';
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter =>
'(objectclass=user)'
$Self->{'AuthModule::LDAP::AlwaysFilter'} = '';
# in case you want to add a suffix to each login name, then
# you can use this option. e. g. user just want to use user but
# in your ldap directory exists [EMAIL PROTECTED]
# $Self->{'AuthModule::LDAP::UserSuffix'} = '@domain.com';
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
# Die if backend can't work, e. g. can't connect to server.
$Self->{'AuthModule::LDAP::Die'} = 1;
# UserSyncLDAPMap
# (map if agent should create/synced from LDAP to DB after login)
$Self->{UserSyncLDAPMap} = {
# DB -> LDAP
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
# UserSyncLDAPGroups
# (If "LDAP" was selected for AuthModule, you can specify initial
# user groups for first login.)
$Self->{UserSyncLDAPGroups} = [
'users',
];
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# #
# End of your own config options!!! #
# #
# ---------------------------------------------------- #
# ---------------------------------------------------- #
}
Christophe Flaviani wrote:
Hi all,
The configuration from Ed is only for the Customer authentication (=
users submitting questions to otrs)
As Nils correctly stated, there are 2 types of "users":
- users --> otrs agents, service desk agents
- customers --> users submitting incidents.
In the LDAP configuration, there are 2 sections:
- $Self->{'AuthModule'} + suffixes: configures the user authentication
- $Self->{'Customer::AuthModule'} + suffixes: configures the customer
authentication
And bear in mind that the UID parameter references the user which will
be used to logon to otrs.
For the rest, the documentation (pdf version 2.2)is not 100% correct
and clear....
I used the .../Kernel/Config/Default.pm file to look up the correct
parameters. (well explained).
What you configure in .../Kernel/Config.pm will overwrite the
default/standard settings in ../Kernel/Config/Default.pm
Happy doc browsing .. :)
C.
On Sun, Jun 8, 2008 at 10:09 PM, Nils Breunese (Lemonbit)
<[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> wrote:
Ed Greenberg wrote:
It wasn't easy for me either. A few things I learned (as a
newbie):
There are both users and customers. You need to enable LDAP
lookups for each one separately.
It's more accurate to say there are two kinds of users: agents and
customers.
Nils.
_______________________________________________
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support or consulting for your OTRS system?
=> http://www.otrs.com/
------------------------------------------------------------------------
_______________________________________________
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support or consulting for your OTRS system?
=> http://www.otrs.com/
begin:vcard
fn:Jefferson Davis
n:Davis;Jefferson
org:Standard School District
adr:;;1200 North Chester Ave;Bakersfield;CA;93308;usa
email;internet:[EMAIL PROTECTED]
title:Technology and Information Systems Mgr
tel;work:661.392.2110
tel;fax:661.392.0681
x-mozilla-html:TRUE
url:http://www.standard.k12.ca.us
version:2.1
end:vcard
_______________________________________________
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support or consulting for your OTRS system?
=> http://www.otrs.com/
