Hi Chaps,
I've managed to get OTRS 2.4.3 working with Microsoft AD.
I've just had a quick browse of your config and notice that there is no
AuthSyncModule code in there, you need to sync your agent data to OTRS's
database. For example:
# Now sync data with OTRS DB
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = 'servername.companyname.local';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=companyname, dc=local';
$Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'cn=OTRS
Searcher,ou=OTRS LDAP Searcher,dc=companyname,dc=local';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'searcherpassword';
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
# DB -> LDAP
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
# AuthSyncModule::LDAP::UserSyncInitialGroups
# (sync following group with rw permission after initial create of first
agent
# login)
$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
'users',
];
If you want I can post my complete LDAP template, which has allowed Agents
to authenticate against AD (as a requirement, must belong to a particular AD
group) and customers to log on too.
Regards,
David
On Tue, Aug 25, 2009 at 10:03 PM, Justin Holt <holt.justin...@gmail.com>wrote:
> Sorry to keep flooding you guys with emails, but disregard that last
> email. It didn't work. I only managed to log in because I had created an
> account for myself with the same password and it worked, stupid me. So does
> anyone know how to get agents to authenticate and to get incoming emails
> turned into tickets?
>
> Thank you so much to everyone,
> Justin Holt
>
>
>
> On Tue, Aug 25, 2009 at 4:52 PM, Justin Holt <holt.justin...@gmail.com>wrote:
>
>> Well, just for laughs, I decided to export my settings through SysConfig
>> and re-import them to the new setup. I gasped in awe as it actually
>> worked. My other question, if I exported settings that allowed the old
>> system to consider emails sent to its email address as tickets, should those
>> settings come over and work just the same as well?
>>
>> Thanks
>> Justin
>>
>>
>> On Tue, Aug 25, 2009 at 4:07 PM, Justin Holt <holt.justin...@gmail.com>wrote:
>>
>>> I had it fully working in 2.3.4 and made a full backup of the 2.3.4 otrs
>>> folder. I then uninstalled 2.3.4 and installed 2.4.3. I tried first to
>>> copy and past my whole config.pm file from 2.3.4 to 2.4.3 and that did
>>> not work. I tried just the segment I have below and that still did not
>>> work. Is it somewhere in the documentation and I'm missing it or can you
>>> give me a portion of your config.pm and just have me fill in my stuff?
>>>
>>> Thanks,
>>> Justin
>>>
>>>
>>> On Tue, Aug 25, 2009 at 3:53 PM, Cook, Julian <co...@sec.gov> wrote:
>>>
>>>> Justin, I just dealt with this headache myself. Did you have it
>>>> working and then it quit or is it a simple question of agent
>>>> authentication?
>>>> --
>>>> Julian Cook
>>>> Securities and Exchange Commission
>>>> Operations Center
>>>> DMZ Ops
>>>>
>>>>
>>>> On 8/25/09 3:49 PM, "Justin Holt" <holt.justin...@gmail.com> wrote:
>>>>
>>>> Is there even a way for the Agent to authenticate over LDAP anymore? It
>>>> looks like it has been taken out. I've been going through SysConfig and
>>>> can't find anything on it. Anything I also try to throw at it by manually
>>>> editing Config.pm leaves the system broken. I've also uninstalled and
>>>> reinstalled a few times now.
>>>>
>>>> Justin
>>>>
>>>> On Tue, Aug 25, 2009 at 12:18 PM, <guenther.ra...@gmx.de> wrote:
>>>>
>>>> Hi,
>>>>
>>>> same problem here, but only with one of 200:
>>>> I have tested it, with case-sensitive typed
>>>> username, it works - but no problem with
>>>> case-sensitive for all the others...
>>>>
>>>> Günther
>>>>
>>>>
>>>> -------- Original-Nachricht --------
>>>> > Datum: Tue, 25 Aug 2009 12:12:17 -0400
>>>> > Von: Justin Holt <holt.justin...@gmail.com>
>>>> > An: otrs@otrs.org
>>>> > Betreff: [otrs] Active Directory and 2.4.3 issues
>>>>
>>>> > I finally went to make the jump to 2.4.3 from 2.3.4 and am having a
>>>> bit of
>>>> > an issue. Customers still authenticate against our Active Directory
>>>> > Server
>>>> > just fine, but when an agent tries to authenticate, it all blows up.
>>>> >
>>>> > "Panic, user authenticated but no user data can be found in OTRS DB!!
>>>> > Perhaps the user is invalid."
>>>> >
>>>> > Here is the whole LDAP configuration part from my config.pm <
>>>> http://config.pm> that I just
>>>> > copied and pasted out of the config.pm <http://config.pm> for 2.3.4.
>>>> I have seen that there
>>>>
>>>> > are others with this same issue but there have been no responses.
>>>> This is
>>>> > all running on a windows 2003 server with a regurlar install of OTRS.
>>>> Any
>>>> > Ideas?
>>>> > #-----------------------Customer
>>>> > Data------------------------------------------------
>>>> >
>>>> >
>>>> > #Enable LDAP authentication for Customers / Users
>>>> > $Self->{'Customer::AuthModule'} =
>>>> 'Kernel::System::CustomerAuth::LDAP';
>>>> > $Self->{'Customer::AuthModule::LDAP::Host'} = 'vdp-dc-003';
>>>> > $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=ci, dc=vernon,
>>>> > dc=ct,
>>>> > dc=us';
>>>> > $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
>>>> >
>>>> > #The following is valid but would only be necessary if the
>>>> > #anonymous user do NOT have permission to read from the LDAP tree
>>>> > $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrs_ldap';
>>>> > $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = '1qaz2wsx';
>>>> >
>>>> > #CustomerUser
>>>> > #(customer user database backend and settings)
>>>> > $Self->{CustomerUser} = {
>>>> > Module => 'Kernel::System::CustomerUser::LDAP',
>>>> > Params => {
>>>> > Host => 'vdp-dc-003',
>>>> > BaseDN => 'dc=ci, dc=vernon, dc=ct, dc=us',
>>>> > SSCOPE => 'sub',
>>>> > UserDN =>'otrs_ldap',
>>>> > UserPw => '1qaz2wsx',
>>>> > },
>>>> > # customer unique id
>>>> > CustomerKey => 'sAMAccountName',
>>>> > # customer #
>>>> > CustomerID => 'mail',
>>>> > CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
>>>> > CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
>>>> > CustomerUserSearchPrefix => '',
>>>> > CustomerUserSearchSuffix => '*',
>>>> > CustomerUserSearchListLimit => 250,
>>>> > CustomerUserPostMasterSearchFields => ['mail'],
>>>> > CustomerUserNameFields => ['givenname', 'sn'],
>>>> > Map => [
>>>> > # note: Login, Email and CustomerID needed!
>>>> > # var, frontend, storage, shown, required, storage-type
>>>> > #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
>>>> > [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
>>>> > [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
>>>> > [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
>>>> > [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
>>>> > [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
>>>> > [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
>>>> > #[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
>>>> > #[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
>>>> > ],
>>>> > };
>>>> > # -------------------------End Customer
>>>> data-----------------------------
>>>> >
>>>> >
>>>> > #------------------------------Agent
>>>> Data---------------------------------
>>>> >
>>>> > #Enable LDAP authentication for Customers / Users
>>>> > $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
>>>> > $Self->{'AuthModule::LDAP::Host'} = 'vdp-dc-003';
>>>> > $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=ci, dc=vernon, dc=ct,
>>>> dc=us';
>>>> > $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
>>>> >
>>>> > #The following is valid but would only be necessary if the
>>>> > #anonymous user do NOT have permission to read from the LDAP tree
>>>> > $Self->{'AuthModule::LDAP::SearchUserDN'} = 'otrs_ldap';
>>>> > $Self->{'AuthModule::LDAP::SearchUserPw'} = '1qaz2wsx';
>>>> >
>>>> > # UserSyncLDAPMap
>>>> > # (map if agent should create/synced from LDAP to DB after login)
>>>> > $Self->{UserSyncLDAPMap} = {
>>>> > # DB -> LDAP
>>>> > UserFirstname => 'givenName',
>>>> > UserLastname => 'sn',
>>>> > UserEmail => 'mail',
>>>> > };
>>>> >
>>>> > # UserSyncLDAPGroups
>>>> > # (If "LDAP" was selected="selected" for AuthModule, you can specify
>>>> > # initial user groups for first login.)
>>>> > $Self->{UserSyncLDAPGroups} = [
>>>> > 'users',
>>>> > ];
>>>> >
>>>> > # UserTable
>>>> > $Self->{DatabaseUserTable} = 'users';
>>>> > $Self->{DatabaseUserTableUserID} = 'id';
>>>> > $Self->{DatabaseUserTableUserPW} = 'pw';
>>>> > $Self->{DatabaseUserTableUser} = 'login';
>>>> >
>>>> > #Add the following lines when only users are allowed to login if they
>>>> > reside
>>>> > in the spicified security group
>>>> > #Remove these lines if you want to provide login to all users
>>>> specified in
>>>> > the User Base DN
>>>> > $Self->{'AuthModule::LDAP::GroupDN'}
>>>> > ='CN=otrs_ldap_allow_A,CN=Builtin,DC=ci,DC=vernon,DC=ct,DC=us';
>>>> > $Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
>>>> > $Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
>>>> >
>>>> > #---------------------------End Agent
>>>> Data--------------------------------
>>>>
>>>> --
>>>> GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT!
>>>> Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01
>>>> ---------------------------------------------------------------------
>>>> OTRS mailing list: otrs - Webpage: http://otrs.org/
>>>> Archive: http://lists.otrs.org/pipermail/otrs
>>>> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
>>>>
>>>> NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
>>>> http://www.otrs.com/en/support/enterprise-subscription/
>>>>
>>>>
>>>>
>>>> ------------------------------
>>>> ---------------------------------------------------------------------
>>>> OTRS mailing list: otrs - Webpage: http://otrs.org/
>>>> Archive: http://lists.otrs.org/pipermail/otrs
>>>> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
>>>>
>>>> NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
>>>> http://www.otrs.com/en/support/enterprise-subscription/
>>>>
>>>>
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> OTRS mailing list: otrs - Webpage: http://otrs.org/
>>>> Archive: http://lists.otrs.org/pipermail/otrs
>>>> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
>>>>
>>>> NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
>>>> http://www.otrs.com/en/support/enterprise-subscription/
>>>>
>>>
>>>
>>
>
> ---------------------------------------------------------------------
> OTRS mailing list: otrs - Webpage: http://otrs.org/
> Archive: http://lists.otrs.org/pipermail/otrs
> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
>
> NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
> http://www.otrs.com/en/support/enterprise-subscription/
>
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/
