I think I found the solution. When my LDAP settings were added to Config.pm, the bind failed, but if I comment out those LDAP settings and move them over into the Defaults.pm file, the LDAP bind succeeds. Not sure why that is, but it's working now.
-----Original Message----- From: otrs-boun...@otrs.org [mailto:otrs-boun...@otrs.org] On Behalf Of Voss, Darryl Sent: Tuesday, February 17, 2009 9:37 AM To: User questions and discussions about OTRS. Subject: Re: [otrs] R: R: LDAP Binding Issue Thanks for the ideas, Daniele. Unfortunately my system time is in sync with my domain controllers. As for Net::LDAP, I'm using version 0.39, which is the most up to date. Any other suggestions? This is terribly confusing. -----Original Message----- From: otrs-boun...@otrs.org [mailto:otrs-boun...@otrs.org] On Behalf Of CARNINO Daniele (FIAT ITEM) Sent: Friday, February 13, 2009 5:02 PM To: User questions and discussions about OTRS. Subject: [otrs] R: R: LDAP Binding Issue On which version of Net::LDAP you rely on? I use v0.36. Why don't you give a try to install a newer version through MCPAN shell. Have you checked the clock skew between you server and the domain controller: some kerberos does'n accept token's coming from a machine with more than 5 min skew. For this purpose you may install samba client tools and issue a net time -S subdomain.domain.com set Sorry I've no more ideas about this weird problem... ________________________________________ Da: otrs-boun...@otrs.org [otrs-boun...@otrs.org] per conto di Voss, Darryl [dv...@taltrade.com] Inviato: venerdì 13 febbraio 2009 21.41 A: User questions and discussions about OTRS. Oggetto: Re: [otrs] R: LDAP Binding Issue Thanks Daniele, >From your comments, it appears the only difference is in how we specify the >SearchUserDN property. Unfortunately I too have tried use the format of >usern...@domain.com and receive the same error message. Any other suggestions? Darryl -----Original Message----- From: otrs-boun...@otrs.org [mailto:otrs-boun...@otrs.org] On Behalf Of CARNINO Daniele (FIAT ITEM) Sent: Friday, February 13, 2009 2:37 PM To: User questions and discussions about OTRS. Subject: [otrs] R: LDAP Binding Issue At my site (i'm not in office now, so I'm trying to guess...) i use something like: $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self->{'AuthModule::LDAP::Host'} = 'subdomain.domain.com'; $Self->{'AuthModule::LDAP::BaseDN'} = 'DC=subdomain,DC=domain,DC=com'; $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self->{'AuthModule::LDAP::SearchUserDN'} = 'adu...@subdomain.domain.com'; $Self->{'AuthModule::LDAP::SearchUserPw'} = 'password' and everything works perfectly. Hope this helps. ________________________________________ Da: otrs-boun...@otrs.org [otrs-boun...@otrs.org] per conto di Voss, Darryl [dv...@taltrade.com] Inviato: venerdì 13 febbraio 2009 20.02 A: otrs@otrs.org Oggetto: [otrs] LDAP Binding Issue Hi all, I'm trying to setup OTRS to authenticate agent logins with AD. Here is a clip from my Config.pm: # -----------------------------------------------------# # ldap settings # # -----------------------------------------------------# $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self->{'AuthModule::LDAP::Host'} = '10.67.100.5'; $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=towtradtal,dc=com'; $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=otrsLDAP,OU=Service Accounts,OU=Users,OU=Chicago,DC=towtradtal,DC=com'; $Self->{'AuthModule::LDAP::SearchUserPW'} = '*********'; $Self->{'AuthModule::LDAP::GroupDN'} = 'CN=Domain Users,CN=Builtin,DC=towtradtal,DC=com'; $Self->{'AuthModule::LDAP::UserAttr'} = 'DN'; $Self->{'AuthModule::LDAP::AccessAttr'} = 'member'; $Self->{'AuthModule::LDAP::Params'} = { port => 389, timeout => 120, async => 0, version => 3, }; In following the OTRS documentation as well as cross-referencing other posts on this subject, I'm pretty sure the config file is setup correctly and does not include any syntax errors. However, my problem is that when logging in to OTRS, I get "Login Failed! Your username and password was entered incorrectly." I then checked the apache logs and found the following entry: ERROR: OTRS-CGI-10 Perl: 5.10.0 OS: linux Time: Fri Feb 13 12:36:59 2009 Message: Search failed! 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece Traceback (4362): Module: Kernel::System::Auth::LDAP::Auth (v1.47.2.3) Line: 218 Module: Kernel::System::Auth::Auth (v1.29) Line: 121 Module: Kernel::System::Web::InterfaceAgent::Run (v1.35) Line: 192 Module: /opt/otrs/bin/cgi-bin/index.pl (v1.87) Line: 47 I've verified that the credentials I have specified for the user otrsLDAP are correct by binding to AD through LDP.exe. I'd really appreciate if someone could let me know if they'd run into this or know what might be causing the bind to fail. This electronic mail message and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender, by electronic mail or telephone, of any unintended recipients and delete the original message without making any copies. _______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs This electronic mail message and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender, by electronic mail or telephone, of any unintended recipients and delete the original message without making any copies. _______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs _______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs This electronic mail message and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender, by electronic mail or telephone, of any unintended recipients and delete the original message without making any copies. _______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs This electronic mail message and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender, by electronic mail or telephone, of any unintended recipients and delete the original message without making any copies. _______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs