Hi Michiel,
Thank you for your quick response, I thought the LDAP sync was a performance
enhancement rather than a necessity, cheers for pointing that out.
Unfortunately I'm still having issues with it, it seems my OTRS installation
is very sensitive to that extra bit of code, I just implemented the below
and I was unable to even get into the logon page. Therefore to prevent any
major damage I thought I would post it to see where I'm going wrong:
# agent data sync against ldap
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = 'ldap://myserver.domain.local/';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=domain, dc=local';
$Self->{'AuthSyncModule::LDAP::UID'} = 'UID';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'CN=OTRS
Searcher,OU=OTRS LDAP Searcher,DC=domain,DC=local';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'myotrspassword';
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
# DB -> LDAP
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
[...]
# AuthSyncModule::LDAP::UserSyncInitialGroups
# (sync following group with rw permission after initial create of first
agent
# login)
$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
'users',
];
Any thoughts as to what I'm doing wrong?
Thanks,
David
On Mon, Aug 3, 2009 at 8:25 PM, Michiel Beijen <mich...@beefreeit.nl> wrote:
> You'd need to also configure LDAPSync (and, map attributes from LDAP to
> OTRS) in order for the accounts to automatically synchronize. See the part
> under "AuthSyncModule" in the Manual:
>
> http://doc.otrs.org/2.4/en/html/x1826.html
>
> Kind regards,
> --
> Michiel Beijen
> Software Consultant
> +31 6 - 457 42 418
> Bee Free IT + http://beefreeit.nl
>
>
> On Mon, Aug 3, 2009 at 21:06, David Holder <david.hol...@gmail.com> wrote:
>
>> Hi Chaps,
>>
>> I'm trying to authenticate agents on my OTRS implementation (OTRSforwin)
>> by adopting the LDAP template like so: (Windows Server 2003 Active Directory
>> domain controller)
>>
>> ########## Start of LDAP Config ##########
>>
>>
>> # This is an example configuration for an LDAP auth. backend.
>> # (take care that Net::LDAP is installed!)
>> $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
>> $Self->{'AuthModule::LDAP::Host'} = 'myserver.domain.local';
>> $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=domain,dc=local';
>> $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
>>
>> # Check if the user is allowed to auth in a posixGroup
>> # (e. g. user needs to be in a group xyz to use otrs)
>> $Self->{'AuthModule::LDAP::GroupDN'} = 'cn=OTRS_Agents,ou=OTRS
>> Admins,dc=domain,dc=local';
>> $Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
>>
>> # for ldap posixGroups objectclass (just uid)
>> #$Self->{'AuthModule::LDAP::UserAttr'} = 'UID';
>> # for non ldap posixGroups objectclass (with full user dn)
>> $Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
>>
>> # The following is valid but would only be necessary if the
>> # anonymous user do NOT have permission to read from the LDAP tree
>> $Self->{'AuthModule::LDAP::SearchUserDN'} = 'cn=OTRS Searcher,ou=OTRS
>> LDAP Searcher,dc=domain,dc=local';
>> $Self->{'AuthModule::LDAP::SearchUserPw'} = 'myotrspassword';
>>
>> # in case you want to add always one filter to each ldap query, use
>> # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter =>
>> '(objectclass=user)'
>> $Self->{'AuthModule::LDAP::AlwaysFilter'} = '';
>>
>> # in case you want to add a suffix to each login name, then
>> # you can use this option. e. g. user just want to use user but
>> # in your ldap directory exists u...@domain.
>> #$Self->{'AuthModule::LDAP::UserSuffix'} = '@domain.com';
>>
>> # Net::LDAP new params (if needed - for more info see perldoc
>> Net::LDAP)
>> $Self->{'AuthModule::LDAP::Params'} = {
>> port => 389,
>> timeout => 120,
>> async => 0,
>> version => 3,
>> };
>>
>>
>>
>> Output from Log File:
>>
>>
>>
>> [Mon Aug 3 19:51:40 2009][Notice][Kernel::System::Auth::LDAP::Auth] User:
>> David Holder (CN=David Holder,OU=IT,DC=domain,DC=local) authentication ok
>> (REMOTE_ADDR: 127.0.0.1).
>> [Mon Aug 3 19:51:40 2009][Error][Kernel::System::User::UserLookup][680]
>> No UserID found for 'David Holder'!
>> [Mon Aug 3 19:51:40 2009][Error][Kernel::System::User::UserLookup][680]
>> No UserID found for 'David Holder'!
>> [Mon Aug 3 19:51:40 2009][Notice][Kernel::System::User::GetUserData]
>> Panic! No UserData for user: 'David Holder'!!!
>>
>>
>> Does anyone have any ideas what is wrong with my config?
>>
>> Your help is most appreciated.
>>
>> David
>>
>> ---------------------------------------------------------------------
>> OTRS mailing list: otrs - Webpage: http://otrs.org/
>> Archive: http://lists.otrs.org/pipermail/otrs
>> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
>>
>> NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
>> http://www.otrs.com/en/support/enterprise-subscription/
>>
>
>
> ---------------------------------------------------------------------
> OTRS mailing list: otrs - Webpage: http://otrs.org/
> Archive: http://lists.otrs.org/pipermail/otrs
> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
>
> NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
> http://www.otrs.com/en/support/enterprise-subscription/
>
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/
