FWIW, this seems to be the block of code having a problem.

           foreach my $Entry ($Result->all_entries) {
               $UserDN = $Entry->dn();
foreach my $Key (keys %{$Self->{ConfigObject}->Get('UserSyncLDAPMap'.$Self->{Count})}) {
                   # detect old config setting
                   if ($Key =~ /^(Firstname|Lastname|Email)/) {
                       $Key = "User".$Key;
                           Priority => 'error',
Message => "Old config setting detected, please use the new one from Kernel/Config/Defaults.pm (User* has been added!).",
*$SyncUser{$Key} = $Entry->get_value($Self->{ConfigObject}->Get('UserSyncLDAPMap'.$Self->{Count})->{$Key});*
                   # e. g. set utf-8 flag
$SyncUser{$Key} = $Self->_ConvertFrom($SyncUser{$Key}, $Self->{ConfigObject}->Get('DefaultCharset'));
               if ($Entry->get_value('userPassword')) {
                   $SyncUser{Pw} = $Entry->get_value('userPassword');
                   # e. g. set utf-8 flag
$SyncUser{Pw} = $Self->_ConvertFrom($SyncUser{Pw}, $Self->{ConfigObject}->Get('DefaultCharset'));

Christophe Flaviani wrote:
Hi Jeff,
Could you send what otrs gives you as error message? Because it works without the LDAPSync, I would suppose that one of the fields you are trying to sync does not exist.
But I don't see how the mapping is done into the DB.
Hope this helps, C.

On Tue, Jun 10, 2008 at 1:01 AM, Jeff Davis <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> wrote:

    Tried it w/values from Defaults.pm  - same error.  All ldap
    attributes exist, user is member of group.  It works as long as I
    do not want to sync user to DB.  Same issue happens with customer
    accounts.  If past experience is any indicator, I must be missing

    Here's my Config.pm, with just the agent settings.

    ################################ LDAP #######################

    ########################## AGENTS ########################

      # This is an example configuration for an LDAP auth. backend.
      # (take care that Net::LDAP is installed!)
      $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
      $Self->{'AuthModule::LDAP::Host'} = 'ldap.standard.k12.ca.us
      $Self->{'AuthModule::LDAP::BaseDN'} =
      $Self->{'AuthModule::LDAP::UID'} = 'uid';

      # Check if the user is allowed to auth in a posixGroup
      # (e. g. user needs to be in a group xyz to use otrs)
      $Self->{'AuthModule::LDAP::GroupDN'} =
      $Self->{'AuthModule::LDAP::AccessAttr'} = 'memberUid';
      # for ldap posixGroups objectclass (just uid)
      $Self->{'AuthModule::LDAP::UserAttr'} = 'UID';
      # for non ldap posixGroups objectclass (with full user dn)
    #    $Self->{'AuthModule::LDAP::UserAttr'} = 'DN';

      # The following is valid but would only be necessary if the
      # anonymous user do NOT have permission to read from the LDAP tree
      $Self->{'AuthModule::LDAP::SearchUserDN'} =
      $Self->{'AuthModule::LDAP::SearchUserPw'} = 'xxxxxxxx';

      # in case you want to add always one filter to each ldap query, use
      # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter
    => '(objectclass=user)'
      $Self->{'AuthModule::LDAP::AlwaysFilter'} = '';

      # in case you want to add a suffix to each login name, then
      # you can use this option. e. g. user just want to use user but
      # in your ldap directory exists [EMAIL PROTECTED]
    #    $Self->{'AuthModule::LDAP::UserSuffix'} = '@domain.com

      # Net::LDAP new params (if needed - for more info see perldoc
      $Self->{'AuthModule::LDAP::Params'} = {
          port => 389,
          timeout => 120,
          async => 0,
          version => 3,

      # Die if backend can't work, e. g. can't connect to server.
      $Self->{'AuthModule::LDAP::Die'} = 1;

      # UserSyncLDAPMap
      # (map if agent should create/synced from LDAP to DB after login)
      $Self->{UserSyncLDAPMap} = {
          # DB -> LDAP

          UserFirstname => 'givenName',
          UserLastname => 'sn',
          UserEmail => 'mail',
      # UserSyncLDAPGroups
      # (If "LDAP" was selected for AuthModule, you can specify initial
      # user groups for first login.)
      $Self->{UserSyncLDAPGroups} = [

      # ---------------------------------------------------- #
      # ---------------------------------------------------- #
      #                                                      #
      #           End of your own config options!!!          #
      #                                                      #
      # ---------------------------------------------------- #
      # ---------------------------------------------------- #


    Christophe Flaviani wrote:

        Hi all,

        The configuration from Ed is only for the Customer
        authentication (= users submitting questions to otrs)
        As Nils correctly stated, there are 2 types of "users":
         - users --> otrs agents, service desk agents
         - customers --> users submitting incidents.

        In the LDAP configuration, there are 2 sections:
         - $Self->{'AuthModule'} + suffixes: configures the user
         - $Self->{'Customer::AuthModule'} + suffixes: configures the
        customer authentication

        And bear in mind that the UID parameter references the user
        which will be used to logon to otrs.

        For the rest, the documentation (pdf version 2.2)is not 100%
        correct and clear....
        I used the .../Kernel/Config/Default.pm file to look up the
        correct parameters. (well explained).

        What you configure in .../Kernel/Config.pm will overwrite the
        default/standard settings in ../Kernel/Config/Default.pm

        Happy doc browsing .. :)


        On Sun, Jun 8, 2008 at 10:09 PM, Nils Breunese (Lemonbit)
        <mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>> wrote:

           Ed Greenberg wrote:

               It wasn't easy for me either. A few things I learned (as a

               There are both users and customers. You need to enable LDAP
               lookups for each one separately.

           It's more accurate to say there are two kinds of users:
        agents and


           OTRS mailing list: otrs - Webpage: http://otrs.org/
           Archive: http://lists.otrs.org/pipermail/otrs
           To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
           Support or consulting for your OTRS system?
           => http://www.otrs.com/


        OTRS mailing list: otrs - Webpage: http://otrs.org/
        Archive: http://lists.otrs.org/pipermail/otrs
        To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
        Support or consulting for your OTRS system?
        => http://www.otrs.com/

    OTRS mailing list: otrs - Webpage: http://otrs.org/
    Archive: http://lists.otrs.org/pipermail/otrs
    To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
    Support or consulting for your OTRS system?
    => http://www.otrs.com/


OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support or consulting for your OTRS system?
=> http://www.otrs.com/
fn:Jefferson Davis
org:Standard School District
adr:;;1200 North Chester Ave;Bakersfield;CA;93308;usa
email;internet:[EMAIL PROTECTED]
title:Technology and Information Systems Mgr

OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support or consulting for your OTRS system?
=> http://www.otrs.com/

Reply via email to