Hi Jeff,
If you do an ldapsearch, does the attribute givenName exists?
C.
On Wed, Jun 11, 2008 at 7:32 PM, Jeff Davis <[EMAIL PROTECTED]>
wrote:
> Well, I've gotten openldap auth to work but cannot get the UserSyncLDAPMap
> to work. I've copied the code from Defaults.pm and configured for our ldap
> config. Have been working on this on and off for 3 days, and still no luck.
> The code in LDAP.pm that fails appears to be trying to pull attribute
> values from the directory, but adding code to put more detail into the log
> has not been illuminating. Posts ive found in the archive seemto speak
> primarily to AD issues, which in some ways makes me think that OpenLDAP or a
> more standards-based LDAP implementation should be more straightforward.
> "Obviously I'm mistaken". I would sure like to get this figured out so we
> can move forward. Otherwise I will probably have to look at a different
> system.
>
> This is the value that throws the error:
> Net::LDAP::Entry=HASH(0xace6e04)->get_value(Kernel::Config=HASH(0x9af735c)->Get('UserSyncLDAPMap'.)->{UserFirstname})
>
> The following code block in LDAP.pm is where the problem occurs (line 348
> is bolded):
>
> foreach my $Entry ($Result->all_entries) {
> $UserDN = $Entry->dn();
> foreach my $Key (keys
> %{$Self->{ConfigObject}->Get('UserSyncLDAPMap'.$Self->{Count})}) {
> # detect old config setting
> if ($Key =~ /^(Firstname|Lastname|Email)/) {
> $Key = "User".$Key;
> $Self->{LogObject}->Log(
> Priority => 'error',
> Message => "Old config setting detected, please use the new
> one from Kernel/Config/Defaults.pm (User* has been added!).",
> );
> }
> * $SyncUser{$Key} =
> $Entry->get_value($Self->{ConfigObject}->Get('UserSyncLDAPMap'.$Self->{Count})->{$Key});*
> # e. g. set utf-8 flag
> $SyncUser{$Key} = $Self->_ConvertFrom($SyncUser{$Key},
> $Self->{ConfigObject}->Get('DefaultCharset'));
> }
> if ($Entry->get_value('userPassword')) {
> $SyncUser{Pw} = $Entry->get_value('userPassword');
> # e. g. set utf-8 flag
> $SyncUser{Pw} = $Self->_ConvertFrom($SyncUser{Pw},
> $Self->{ConfigObject}->Get('DefaultCharset'));
> }
> }
>
>
> When logging in it throws the following error:
>
> Software error:
>
> Can't locate object method "get_value" via package "Net::LDAP::Entry" at
> ../..//Kernel/System/Auth/LDAP.pm line 348, <PRODUCT> line 4.
>
> For help, please send mail to the webmaster ([EMAIL PROTECTED] <mailto:
> [EMAIL PROTECTED]>), giving this error message and the time and date of the
> error.
>
> Here's the agent portion of my config.pm.
>
> # This is an example configuration for an LDAP auth. backend.
> # (take care that Net::LDAP is installed!)
> $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
> $Self->{'AuthModule::LDAP::Host'} = 'ldap.example.com';
> $Self->{'AuthModule::LDAP::BaseDN'} = 'ou=users,dc=example,dc=com';
> $Self->{'AuthModule::LDAP::UID'} = 'uid';
>
> # Check if the user is allowed to auth in a posixGroup
> # (e. g. user needs to be in a group xyz to use otrs)
> $Self->{'AuthModule::LDAP::GroupDN'} =
> 'cn=techsupport,ou=Groups,dc=example,dc=com';
> $Self->{'AuthModule::LDAP::AccessAttr'} = 'memberUid';
> # for ldap posixGroups objectclass (just uid)
> $Self->{'AuthModule::LDAP::UserAttr'} = 'UID';
> # for non ldap posixGroups objectclass (with full user dn)
> #$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
>
> # The following is valid but would only be necessary if the
> # anonymous user do NOT have permission to read from the LDAP tree
> $Self->{'AuthModule::LDAP::SearchUserDN'} =
> 'cn=xxxxxxxxx,ou=xxx,dc=example,dc=com';
> $Self->{'AuthModule::LDAP::SearchUserPw'} = 'xxxxxxxx';
>
> # in case you want to add always one filter to each ldap query, use
> # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter =>
> '(objectclass=user)'
> $Self->{'AuthModule::LDAP::AlwaysFilter'} = '';
>
> # in case you want to add a suffix to each login name, then
> # you can use this option. e. g. user just want to use user but
> # in your ldap directory exists [EMAIL PROTECTED]
> #$Self->{'AuthModule::LDAP::UserSuffix'} = '@domain.com';
>
> # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
> $Self->{'AuthModule::LDAP::Params'} = {
> port => 389,
> timeout => 120,
> async => 0,
> version => 3,
> };
>
> # Die if backend can't work, e. g. can't connect to server.
> $Self->{'AuthModule::LDAP::Die'} = 1;
>
> # UserSyncLDAPMap
> # (map if agent should create/synced from LDAP to DB after login)
> $Self->{UserSyncLDAPMap} = {
> ## DB -> LDAP
> UserFirstname => 'givenName',
> UserLastname => 'sn',
> UserEmail => 'mail',
> };
> # UserSyncLDAPGroups
> # (If "LDAP" was selected for AuthModule, you can specify initial
> # user groups for first login.)
> $Self->{UserSyncLDAPGroups} = [
> 'users',
> ];
>
>
>
>
>
>
> _______________________________________________
> OTRS mailing list: otrs - Webpage: http://otrs.org/
> Archive: http://lists.otrs.org/pipermail/otrs
> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
> Support or consulting for your OTRS system?
> => http://www.otrs.com/
>
_______________________________________________
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support or consulting for your OTRS system?
=> http://www.otrs.com/
