Hi Michiel, Thank you for your quick response, I thought the LDAP sync was a performance enhancement rather than a necessity, cheers for pointing that out.
Unfortunately I'm still having issues with it, it seems my OTRS installation is very sensitive to that extra bit of code, I just implemented the below and I was unable to even get into the logon page. Therefore to prevent any major damage I thought I would post it to see where I'm going wrong: # agent data sync against ldap $Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP'; $Self->{'AuthSyncModule::LDAP::Host'} = 'ldap://myserver.domain.local/'; $Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=domain, dc=local'; $Self->{'AuthSyncModule::LDAP::UID'} = 'UID'; $Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'CN=OTRS Searcher,OU=OTRS LDAP Searcher,DC=domain,DC=local'; $Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'myotrspassword'; $Self->{'AuthSyncModule::LDAP::UserSyncMap'} = { # DB -> LDAP UserFirstname => 'givenName', UserLastname => 'sn', UserEmail => 'mail', }; [...] # AuthSyncModule::LDAP::UserSyncInitialGroups # (sync following group with rw permission after initial create of first agent # login) $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [ 'users', ]; Any thoughts as to what I'm doing wrong? Thanks, David On Mon, Aug 3, 2009 at 8:25 PM, Michiel Beijen <mich...@beefreeit.nl> wrote: > You'd need to also configure LDAPSync (and, map attributes from LDAP to > OTRS) in order for the accounts to automatically synchronize. See the part > under "AuthSyncModule" in the Manual: > > http://doc.otrs.org/2.4/en/html/x1826.html > > Kind regards, > -- > Michiel Beijen > Software Consultant > +31 6 - 457 42 418 > Bee Free IT + http://beefreeit.nl > > > On Mon, Aug 3, 2009 at 21:06, David Holder <david.hol...@gmail.com> wrote: > >> Hi Chaps, >> >> I'm trying to authenticate agents on my OTRS implementation (OTRSforwin) >> by adopting the LDAP template like so: (Windows Server 2003 Active Directory >> domain controller) >> >> ########## Start of LDAP Config ########## >> >> >> # This is an example configuration for an LDAP auth. backend. >> # (take care that Net::LDAP is installed!) >> $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP'; >> $Self->{'AuthModule::LDAP::Host'} = 'myserver.domain.local'; >> $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=domain,dc=local'; >> $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName'; >> >> # Check if the user is allowed to auth in a posixGroup >> # (e. g. user needs to be in a group xyz to use otrs) >> $Self->{'AuthModule::LDAP::GroupDN'} = 'cn=OTRS_Agents,ou=OTRS >> Admins,dc=domain,dc=local'; >> $Self->{'AuthModule::LDAP::AccessAttr'} = 'member'; >> >> # for ldap posixGroups objectclass (just uid) >> #$Self->{'AuthModule::LDAP::UserAttr'} = 'UID'; >> # for non ldap posixGroups objectclass (with full user dn) >> $Self->{'AuthModule::LDAP::UserAttr'} = 'DN'; >> >> # The following is valid but would only be necessary if the >> # anonymous user do NOT have permission to read from the LDAP tree >> $Self->{'AuthModule::LDAP::SearchUserDN'} = 'cn=OTRS Searcher,ou=OTRS >> LDAP Searcher,dc=domain,dc=local'; >> $Self->{'AuthModule::LDAP::SearchUserPw'} = 'myotrspassword'; >> >> # in case you want to add always one filter to each ldap query, use >> # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => >> '(objectclass=user)' >> $Self->{'AuthModule::LDAP::AlwaysFilter'} = ''; >> >> # in case you want to add a suffix to each login name, then >> # you can use this option. e. g. user just want to use user but >> # in your ldap directory exists u...@domain. >> #$Self->{'AuthModule::LDAP::UserSuffix'} = '@domain.com'; >> >> # Net::LDAP new params (if needed - for more info see perldoc >> Net::LDAP) >> $Self->{'AuthModule::LDAP::Params'} = { >> port => 389, >> timeout => 120, >> async => 0, >> version => 3, >> }; >> >> >> >> Output from Log File: >> >> >> >> [Mon Aug 3 19:51:40 2009][Notice][Kernel::System::Auth::LDAP::Auth] User: >> David Holder (CN=David Holder,OU=IT,DC=domain,DC=local) authentication ok >> (REMOTE_ADDR: 127.0.0.1). >> [Mon Aug 3 19:51:40 2009][Error][Kernel::System::User::UserLookup][680] >> No UserID found for 'David Holder'! >> [Mon Aug 3 19:51:40 2009][Error][Kernel::System::User::UserLookup][680] >> No UserID found for 'David Holder'! >> [Mon Aug 3 19:51:40 2009][Notice][Kernel::System::User::GetUserData] >> Panic! No UserData for user: 'David Holder'!!! >> >> >> Does anyone have any ideas what is wrong with my config? >> >> Your help is most appreciated. >> >> David >> >> --------------------------------------------------------------------- >> OTRS mailing list: otrs - Webpage: http://otrs.org/ >> Archive: http://lists.otrs.org/pipermail/otrs >> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs >> >> NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! >> http://www.otrs.com/en/support/enterprise-subscription/ >> > > > --------------------------------------------------------------------- > OTRS mailing list: otrs - Webpage: http://otrs.org/ > Archive: http://lists.otrs.org/pipermail/otrs > To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs > > NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! > http://www.otrs.com/en/support/enterprise-subscription/ >
--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/