Hi Jeff, If you do an ldapsearch, does the attribute givenName exists?
C. On Wed, Jun 11, 2008 at 7:32 PM, Jeff Davis <[EMAIL PROTECTED]> wrote: > Well, I've gotten openldap auth to work but cannot get the UserSyncLDAPMap > to work. I've copied the code from Defaults.pm and configured for our ldap > config. Have been working on this on and off for 3 days, and still no luck. > The code in LDAP.pm that fails appears to be trying to pull attribute > values from the directory, but adding code to put more detail into the log > has not been illuminating. Posts ive found in the archive seemto speak > primarily to AD issues, which in some ways makes me think that OpenLDAP or a > more standards-based LDAP implementation should be more straightforward. > "Obviously I'm mistaken". I would sure like to get this figured out so we > can move forward. Otherwise I will probably have to look at a different > system. > > This is the value that throws the error: > Net::LDAP::Entry=HASH(0xace6e04)->get_value(Kernel::Config=HASH(0x9af735c)->Get('UserSyncLDAPMap'.)->{UserFirstname}) > > The following code block in LDAP.pm is where the problem occurs (line 348 > is bolded): > > foreach my $Entry ($Result->all_entries) { > $UserDN = $Entry->dn(); > foreach my $Key (keys > %{$Self->{ConfigObject}->Get('UserSyncLDAPMap'.$Self->{Count})}) { > # detect old config setting > if ($Key =~ /^(Firstname|Lastname|Email)/) { > $Key = "User".$Key; > $Self->{LogObject}->Log( > Priority => 'error', > Message => "Old config setting detected, please use the new > one from Kernel/Config/Defaults.pm (User* has been added!).", > ); > } > * $SyncUser{$Key} = > $Entry->get_value($Self->{ConfigObject}->Get('UserSyncLDAPMap'.$Self->{Count})->{$Key});* > # e. g. set utf-8 flag > $SyncUser{$Key} = $Self->_ConvertFrom($SyncUser{$Key}, > $Self->{ConfigObject}->Get('DefaultCharset')); > } > if ($Entry->get_value('userPassword')) { > $SyncUser{Pw} = $Entry->get_value('userPassword'); > # e. g. set utf-8 flag > $SyncUser{Pw} = $Self->_ConvertFrom($SyncUser{Pw}, > $Self->{ConfigObject}->Get('DefaultCharset')); > } > } > > > When logging in it throws the following error: > > Software error: > > Can't locate object method "get_value" via package "Net::LDAP::Entry" at > ../..//Kernel/System/Auth/LDAP.pm line 348, <PRODUCT> line 4. > > For help, please send mail to the webmaster ([EMAIL PROTECTED] <mailto: > [EMAIL PROTECTED]>), giving this error message and the time and date of the > error. > > Here's the agent portion of my config.pm. > > # This is an example configuration for an LDAP auth. backend. > # (take care that Net::LDAP is installed!) > $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP'; > $Self->{'AuthModule::LDAP::Host'} = 'ldap.example.com'; > $Self->{'AuthModule::LDAP::BaseDN'} = 'ou=users,dc=example,dc=com'; > $Self->{'AuthModule::LDAP::UID'} = 'uid'; > > # Check if the user is allowed to auth in a posixGroup > # (e. g. user needs to be in a group xyz to use otrs) > $Self->{'AuthModule::LDAP::GroupDN'} = > 'cn=techsupport,ou=Groups,dc=example,dc=com'; > $Self->{'AuthModule::LDAP::AccessAttr'} = 'memberUid'; > # for ldap posixGroups objectclass (just uid) > $Self->{'AuthModule::LDAP::UserAttr'} = 'UID'; > # for non ldap posixGroups objectclass (with full user dn) > #$Self->{'AuthModule::LDAP::UserAttr'} = 'DN'; > > # The following is valid but would only be necessary if the > # anonymous user do NOT have permission to read from the LDAP tree > $Self->{'AuthModule::LDAP::SearchUserDN'} = > 'cn=xxxxxxxxx,ou=xxx,dc=example,dc=com'; > $Self->{'AuthModule::LDAP::SearchUserPw'} = 'xxxxxxxx'; > > # in case you want to add always one filter to each ldap query, use > # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => > '(objectclass=user)' > $Self->{'AuthModule::LDAP::AlwaysFilter'} = ''; > > # in case you want to add a suffix to each login name, then > # you can use this option. e. g. user just want to use user but > # in your ldap directory exists [EMAIL PROTECTED] > #$Self->{'AuthModule::LDAP::UserSuffix'} = '@domain.com'; > > # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP) > $Self->{'AuthModule::LDAP::Params'} = { > port => 389, > timeout => 120, > async => 0, > version => 3, > }; > > # Die if backend can't work, e. g. can't connect to server. > $Self->{'AuthModule::LDAP::Die'} = 1; > > # UserSyncLDAPMap > # (map if agent should create/synced from LDAP to DB after login) > $Self->{UserSyncLDAPMap} = { > ## DB -> LDAP > UserFirstname => 'givenName', > UserLastname => 'sn', > UserEmail => 'mail', > }; > # UserSyncLDAPGroups > # (If "LDAP" was selected for AuthModule, you can specify initial > # user groups for first login.) > $Self->{UserSyncLDAPGroups} = [ > 'users', > ]; > > > > > > > _______________________________________________ > OTRS mailing list: otrs - Webpage: http://otrs.org/ > Archive: http://lists.otrs.org/pipermail/otrs > To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs > Support or consulting for your OTRS system? > => http://www.otrs.com/ >
_______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support or consulting for your OTRS system? => http://www.otrs.com/