Before you implement the LDAP Auth config you need to create a user
for doing ldap lookups who is in both your AD and your DB.
You need to have this user, (or another user who is in both the AD and
the DB) promoted to Admin before you implement the Ldap Auth config.
To get yourself an admin login simply comment out all the Ldap Auth
config so that you are back tp DB authentication, login as
r...@localhost and promote one of the users into the Admin group.
Re-apply the Ldap config and then login as the user you have promoted
and you should now have admin access with this user.
Let us know if that works,
Rory
Support my 365 Challenge in aid of the Irish Cancer Society
www.365challenge.ie
2009/8/4 David Holder <david.hol...@gmail.com>:
> Hi again,
>
> Managed to sort this issue out, now I have all my agents authenticating into
> OTRS via LDAP. Thanks for your help.
>
> Just a quick thing, Once an agent logs in they dont have access to the Admin
> section of OTRS, nor can i log in as r...@localhost.
>
> Is there a way either to give them access to the admin section or log in as
> r...@localhost?
>
> Thanks,
>
> Michiel Beijen wrote:
>>
>> Try:
>> $Self->{'AuthSyncModule::LDAP::Host'} = 'myserver.domain.local';
>> (without the ldap:// bit)
>>
>>
>> --
>> Michiel Beijen
>> Software Consultant
>> +31 6 - 457 42 418
>> Bee Free IT + http://beefreeit.nl
>>
>>
>> On Mon, Aug 3, 2009 at 22:13, David Holder <david.hol...@gmail.com
>> <mailto:david.hol...@gmail.com>> wrote:
>>
>> Hi Michiel,
>>
>> Thank you for your quick response, I thought the LDAP sync was a
>> performance enhancement rather than a necessity, cheers for
>> pointing that out.
>>
>> Unfortunately I'm still having issues with it, it seems my OTRS
>> installation is very sensitive to that extra bit of code, I just
>> implemented the below and I was unable to even get into the logon
>> page. Therefore to prevent any major damage I thought I would post
>> it to see where I'm going wrong:
>>
>>
>> # agent data sync against ldap
>> $Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
>> $Self->{'AuthSyncModule::LDAP::Host'} =
>> 'ldap://myserver.domain.local/';
>> $Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=domain, dc=local';
>> $Self->{'AuthSyncModule::LDAP::UID'} = 'UID';
>> $Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'CN=OTRS
>> Searcher,OU=OTRS LDAP Searcher,DC=domain,DC=local';
>> $Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'myotrspassword';
>> $Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
>> # DB -> LDAP
>> UserFirstname => 'givenName',
>> UserLastname => 'sn',
>> UserEmail => 'mail',
>> };
>> [...]
>>
>> # AuthSyncModule::LDAP::UserSyncInitialGroups
>> # (sync following group with rw permission after initial
>> create of first agent
>> # login)
>> $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
>> 'users',
>> ];
>>
>> Any thoughts as to what I'm doing wrong?
>>
>> Thanks,
>>
>> David
>>
>>
>>
>> On Mon, Aug 3, 2009 at 8:25 PM, Michiel Beijen
>> <mich...@beefreeit.nl <mailto:mich...@beefreeit.nl>> wrote:
>>
>> You'd need to also configure LDAPSync (and, map attributes
>> from LDAP to OTRS) in order for the accounts to automatically
>> synchronize. See the part under "AuthSyncModule" in the Manual:
>>
>> http://doc.otrs.org/2.4/en/html/x1826.html
>>
>> Kind regards,
>> --
>> Michiel Beijen
>> Software Consultant
>> +31 6 - 457 42 418
>> Bee Free IT + http://beefreeit.nl
>>
>>
>> On Mon, Aug 3, 2009 at 21:06, David Holder
>> <david.hol...@gmail.com <mailto:david.hol...@gmail.com>> wrote:
>>
>> Hi Chaps,
>>
>> I'm trying to authenticate agents on my OTRS
>> implementation (OTRSforwin) by adopting the LDAP template
>> like so: (Windows Server 2003 Active Directory domain
>> controller)
>>
>> ########## Start of LDAP Config ##########
>>
>>
>> # This is an example configuration for an LDAP auth.
>> backend.
>> # (take care that Net::LDAP is installed!)
>> $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
>> $Self->{'AuthModule::LDAP::Host'} =
>> 'myserver.domain.local';
>> $Self->{'AuthModule::LDAP::BaseDN'} =
>> 'dc=domain,dc=local';
>> $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
>>
>> # Check if the user is allowed to auth in a posixGroup
>> # (e. g. user needs to be in a group xyz to use otrs)
>> $Self->{'AuthModule::LDAP::GroupDN'} =
>> 'cn=OTRS_Agents,ou=OTRS Admins,dc=domain,dc=local';
>> $Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
>> # for ldap posixGroups objectclass (just uid)
>> #$Self->{'AuthModule::LDAP::UserAttr'} = 'UID';
>> # for non ldap posixGroups objectclass (with full user dn)
>> $Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
>>
>> # The following is valid but would only be necessary
>> if the
>> # anonymous user do NOT have permission to read from
>> the LDAP tree
>> $Self->{'AuthModule::LDAP::SearchUserDN'} = 'cn=OTRS
>> Searcher,ou=OTRS LDAP Searcher,dc=domain,dc=local';
>> $Self->{'AuthModule::LDAP::SearchUserPw'} =
>> 'myotrspassword';
>>
>> # in case you want to add always one filter to each
>> ldap query, use
>> # this option. e. g. AlwaysFilter => '(mail=*)' or
>> AlwaysFilter => '(objectclass=user)'
>> $Self->{'AuthModule::LDAP::AlwaysFilter'} = '';
>>
>> # in case you want to add a suffix to each login name,
>> then
>> # you can use this option. e. g. user just want to use
>> user but
>> # in your ldap directory exists u...@domain.
>> #$Self->{'AuthModule::LDAP::UserSuffix'} =
>> '@domain.com <http://domain.com>';
>>
>> # Net::LDAP new params (if needed - for more info see
>> perldoc Net::LDAP)
>> $Self->{'AuthModule::LDAP::Params'} = {
>> port => 389,
>> timeout => 120,
>> async => 0,
>> version => 3,
>> };
>>
>>
>>
>> Output from Log File:
>>
>>
>>
>> [Mon Aug 3 19:51:40
>> 2009][Notice][Kernel::System::Auth::LDAP::Auth] User:
>> David Holder (CN=David Holder,OU=IT,DC=domain,DC=local)
>> authentication ok (REMOTE_ADDR: 127.0.0.1).
>> [Mon Aug 3 19:51:40
>> 2009][Error][Kernel::System::User::UserLookup][680] No
>> UserID found for 'David Holder'!
>> [Mon Aug 3 19:51:40
>> 2009][Error][Kernel::System::User::UserLookup][680] No
>> UserID found for 'David Holder'!
>> [Mon Aug 3 19:51:40
>> 2009][Notice][Kernel::System::User::GetUserData] Panic! No
>> UserData for user: 'David Holder'!!!
>>
>>
>> Does anyone have any ideas what is wrong with my config?
>>
>> Your help is most appreciated.
>>
>> David
>>
>>
>> ---------------------------------------------------------------------
>> OTRS mailing list: otrs - Webpage: http://otrs.org/
>> Archive: http://lists.otrs.org/pipermail/otrs
>> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
>>
>> NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
>> http://www.otrs.com/en/support/enterprise-subscription/
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> OTRS mailing list: otrs - Webpage: http://otrs.org/
>> Archive: http://lists.otrs.org/pipermail/otrs
>> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
>>
>> NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
>> http://www.otrs.com/en/support/enterprise-subscription/
>>
>>
>>
>> ---------------------------------------------------------------------
>> OTRS mailing list: otrs - Webpage: http://otrs.org/
>> Archive: http://lists.otrs.org/pipermail/otrs
>> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
>>
>> NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
>> http://www.otrs.com/en/support/enterprise-subscription/
>>
>>
>> ------------------------------------------------------------------------
>>
>> ---------------------------------------------------------------------
>> OTRS mailing list: otrs - Webpage: http://otrs.org/
>> Archive: http://lists.otrs.org/pipermail/otrs
>> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
>>
>> NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
>> http://www.otrs.com/en/support/enterprise-subscription/
>
> ---------------------------------------------------------------------
> OTRS mailing list: otrs - Webpage: http://otrs.org/
> Archive: http://lists.otrs.org/pipermail/otrs
> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
>
> NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
> http://www.otrs.com/en/support/enterprise-subscription/
>
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/
