Hi Chaps, I've managed to get OTRS 2.4.3 working with Microsoft AD.
I've just had a quick browse of your config and notice that there is no AuthSyncModule code in there, you need to sync your agent data to OTRS's database. For example: # Now sync data with OTRS DB $Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP'; $Self->{'AuthSyncModule::LDAP::Host'} = 'servername.companyname.local'; $Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=companyname, dc=local'; $Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName'; $Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'cn=OTRS Searcher,ou=OTRS LDAP Searcher,dc=companyname,dc=local'; $Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'searcherpassword'; $Self->{'AuthSyncModule::LDAP::UserSyncMap'} = { # DB -> LDAP UserFirstname => 'givenName', UserLastname => 'sn', UserEmail => 'mail', }; # AuthSyncModule::LDAP::UserSyncInitialGroups # (sync following group with rw permission after initial create of first agent # login) $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [ 'users', ]; If you want I can post my complete LDAP template, which has allowed Agents to authenticate against AD (as a requirement, must belong to a particular AD group) and customers to log on too. Regards, David On Tue, Aug 25, 2009 at 10:03 PM, Justin Holt <holt.justin...@gmail.com>wrote: > Sorry to keep flooding you guys with emails, but disregard that last > email. It didn't work. I only managed to log in because I had created an > account for myself with the same password and it worked, stupid me. So does > anyone know how to get agents to authenticate and to get incoming emails > turned into tickets? > > Thank you so much to everyone, > Justin Holt > > > > On Tue, Aug 25, 2009 at 4:52 PM, Justin Holt <holt.justin...@gmail.com>wrote: > >> Well, just for laughs, I decided to export my settings through SysConfig >> and re-import them to the new setup. I gasped in awe as it actually >> worked. My other question, if I exported settings that allowed the old >> system to consider emails sent to its email address as tickets, should those >> settings come over and work just the same as well? >> >> Thanks >> Justin >> >> >> On Tue, Aug 25, 2009 at 4:07 PM, Justin Holt <holt.justin...@gmail.com>wrote: >> >>> I had it fully working in 2.3.4 and made a full backup of the 2.3.4 otrs >>> folder. I then uninstalled 2.3.4 and installed 2.4.3. I tried first to >>> copy and past my whole config.pm file from 2.3.4 to 2.4.3 and that did >>> not work. I tried just the segment I have below and that still did not >>> work. Is it somewhere in the documentation and I'm missing it or can you >>> give me a portion of your config.pm and just have me fill in my stuff? >>> >>> Thanks, >>> Justin >>> >>> >>> On Tue, Aug 25, 2009 at 3:53 PM, Cook, Julian <co...@sec.gov> wrote: >>> >>>> Justin, I just dealt with this headache myself. Did you have it >>>> working and then it quit or is it a simple question of agent >>>> authentication? >>>> -- >>>> Julian Cook >>>> Securities and Exchange Commission >>>> Operations Center >>>> DMZ Ops >>>> >>>> >>>> On 8/25/09 3:49 PM, "Justin Holt" <holt.justin...@gmail.com> wrote: >>>> >>>> Is there even a way for the Agent to authenticate over LDAP anymore? It >>>> looks like it has been taken out. I've been going through SysConfig and >>>> can't find anything on it. Anything I also try to throw at it by manually >>>> editing Config.pm leaves the system broken. I've also uninstalled and >>>> reinstalled a few times now. >>>> >>>> Justin >>>> >>>> On Tue, Aug 25, 2009 at 12:18 PM, <guenther.ra...@gmx.de> wrote: >>>> >>>> Hi, >>>> >>>> same problem here, but only with one of 200: >>>> I have tested it, with case-sensitive typed >>>> username, it works - but no problem with >>>> case-sensitive for all the others... >>>> >>>> Günther >>>> >>>> >>>> -------- Original-Nachricht -------- >>>> > Datum: Tue, 25 Aug 2009 12:12:17 -0400 >>>> > Von: Justin Holt <holt.justin...@gmail.com> >>>> > An: otrs@otrs.org >>>> > Betreff: [otrs] Active Directory and 2.4.3 issues >>>> >>>> > I finally went to make the jump to 2.4.3 from 2.3.4 and am having a >>>> bit of >>>> > an issue. Customers still authenticate against our Active Directory >>>> > Server >>>> > just fine, but when an agent tries to authenticate, it all blows up. >>>> > >>>> > "Panic, user authenticated but no user data can be found in OTRS DB!! >>>> > Perhaps the user is invalid." >>>> > >>>> > Here is the whole LDAP configuration part from my config.pm < >>>> http://config.pm> that I just >>>> > copied and pasted out of the config.pm <http://config.pm> for 2.3.4. >>>> I have seen that there >>>> >>>> > are others with this same issue but there have been no responses. >>>> This is >>>> > all running on a windows 2003 server with a regurlar install of OTRS. >>>> Any >>>> > Ideas? >>>> > #-----------------------Customer >>>> > Data------------------------------------------------ >>>> > >>>> > >>>> > #Enable LDAP authentication for Customers / Users >>>> > $Self->{'Customer::AuthModule'} = >>>> 'Kernel::System::CustomerAuth::LDAP'; >>>> > $Self->{'Customer::AuthModule::LDAP::Host'} = 'vdp-dc-003'; >>>> > $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=ci, dc=vernon, >>>> > dc=ct, >>>> > dc=us'; >>>> > $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName'; >>>> > >>>> > #The following is valid but would only be necessary if the >>>> > #anonymous user do NOT have permission to read from the LDAP tree >>>> > $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrs_ldap'; >>>> > $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = '1qaz2wsx'; >>>> > >>>> > #CustomerUser >>>> > #(customer user database backend and settings) >>>> > $Self->{CustomerUser} = { >>>> > Module => 'Kernel::System::CustomerUser::LDAP', >>>> > Params => { >>>> > Host => 'vdp-dc-003', >>>> > BaseDN => 'dc=ci, dc=vernon, dc=ct, dc=us', >>>> > SSCOPE => 'sub', >>>> > UserDN =>'otrs_ldap', >>>> > UserPw => '1qaz2wsx', >>>> > }, >>>> > # customer unique id >>>> > CustomerKey => 'sAMAccountName', >>>> > # customer # >>>> > CustomerID => 'mail', >>>> > CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'], >>>> > CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'], >>>> > CustomerUserSearchPrefix => '', >>>> > CustomerUserSearchSuffix => '*', >>>> > CustomerUserSearchListLimit => 250, >>>> > CustomerUserPostMasterSearchFields => ['mail'], >>>> > CustomerUserNameFields => ['givenname', 'sn'], >>>> > Map => [ >>>> > # note: Login, Email and CustomerID needed! >>>> > # var, frontend, storage, shown, required, storage-type >>>> > #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ], >>>> > [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ], >>>> > [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ], >>>> > [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ], >>>> > [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ], >>>> > [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ], >>>> > [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ], >>>> > #[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ], >>>> > #[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ], >>>> > ], >>>> > }; >>>> > # -------------------------End Customer >>>> data----------------------------- >>>> > >>>> > >>>> > #------------------------------Agent >>>> Data--------------------------------- >>>> > >>>> > #Enable LDAP authentication for Customers / Users >>>> > $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP'; >>>> > $Self->{'AuthModule::LDAP::Host'} = 'vdp-dc-003'; >>>> > $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=ci, dc=vernon, dc=ct, >>>> dc=us'; >>>> > $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName'; >>>> > >>>> > #The following is valid but would only be necessary if the >>>> > #anonymous user do NOT have permission to read from the LDAP tree >>>> > $Self->{'AuthModule::LDAP::SearchUserDN'} = 'otrs_ldap'; >>>> > $Self->{'AuthModule::LDAP::SearchUserPw'} = '1qaz2wsx'; >>>> > >>>> > # UserSyncLDAPMap >>>> > # (map if agent should create/synced from LDAP to DB after login) >>>> > $Self->{UserSyncLDAPMap} = { >>>> > # DB -> LDAP >>>> > UserFirstname => 'givenName', >>>> > UserLastname => 'sn', >>>> > UserEmail => 'mail', >>>> > }; >>>> > >>>> > # UserSyncLDAPGroups >>>> > # (If "LDAP" was selected="selected" for AuthModule, you can specify >>>> > # initial user groups for first login.) >>>> > $Self->{UserSyncLDAPGroups} = [ >>>> > 'users', >>>> > ]; >>>> > >>>> > # UserTable >>>> > $Self->{DatabaseUserTable} = 'users'; >>>> > $Self->{DatabaseUserTableUserID} = 'id'; >>>> > $Self->{DatabaseUserTableUserPW} = 'pw'; >>>> > $Self->{DatabaseUserTableUser} = 'login'; >>>> > >>>> > #Add the following lines when only users are allowed to login if they >>>> > reside >>>> > in the spicified security group >>>> > #Remove these lines if you want to provide login to all users >>>> specified in >>>> > the User Base DN >>>> > $Self->{'AuthModule::LDAP::GroupDN'} >>>> > ='CN=otrs_ldap_allow_A,CN=Builtin,DC=ci,DC=vernon,DC=ct,DC=us'; >>>> > $Self->{'AuthModule::LDAP::AccessAttr'} = 'member'; >>>> > $Self->{'AuthModule::LDAP::UserAttr'} = 'DN'; >>>> > >>>> > #---------------------------End Agent >>>> Data-------------------------------- >>>> >>>> -- >>>> GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT! >>>> Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01 >>>> --------------------------------------------------------------------- >>>> OTRS mailing list: otrs - Webpage: http://otrs.org/ >>>> Archive: http://lists.otrs.org/pipermail/otrs >>>> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs >>>> >>>> NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! >>>> http://www.otrs.com/en/support/enterprise-subscription/ >>>> >>>> >>>> >>>> ------------------------------ >>>> --------------------------------------------------------------------- >>>> OTRS mailing list: otrs - Webpage: http://otrs.org/ >>>> Archive: http://lists.otrs.org/pipermail/otrs >>>> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs >>>> >>>> NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! >>>> http://www.otrs.com/en/support/enterprise-subscription/ >>>> >>>> >>>> >>>> >>>> --------------------------------------------------------------------- >>>> OTRS mailing list: otrs - Webpage: http://otrs.org/ >>>> Archive: http://lists.otrs.org/pipermail/otrs >>>> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs >>>> >>>> NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! >>>> http://www.otrs.com/en/support/enterprise-subscription/ >>>> >>> >>> >> > > --------------------------------------------------------------------- > OTRS mailing list: otrs - Webpage: http://otrs.org/ > Archive: http://lists.otrs.org/pipermail/otrs > To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs > > NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! > http://www.otrs.com/en/support/enterprise-subscription/ >
--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/