Ok, I've been working on this issue for 3 days, but I can't make it work. I want my agents and customers to autheticate via LDAP (that is actualy our Win2003 server Active Directory) Do I need to manualy setup ldap on otrs server (I am running openSUSE 10.2 with openLDAP) ? Is there any configuration needed to enable authenticating from active directory ? This is what I have in Kernel/Config.pm :
#we want to use LDAP for Auth $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self->{'AuthModule::LDAP::Host'} = 'myAD.company-bih.corp'; $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=company-bih,dc=corp'; #DO I NEED TO CHANGE THIS sAMAccountName TO SOMETHING ELSE ? $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName'; # WHAT USER DO I NEED TO ENTER AS SEARCHUSERDN ? IS THAT USER FROM AD, OR FROM SUSE? OR FROM OTRS DB ? # WHAT I USE IS MY ACTIVE DIRECTORY USER #The username and password of the user you setup to access LDAP information in AD $Self->{'AuthModule::LDAP::SearchUserDN'} ='CN=devuser,OU=Users,DC=company-bih,DC=corp'; $Self->{'AuthModule::LDAP::SearchUserPw'} = 'devpwd'; #We want our Customer/users to Auth using LDAP $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self->{'Customer::AuthModule::LDAP::Host'} = 'myAD.company-bih.corp'; $Self->{'Customer::AuthModule::LDAP::BaseDN'} ='OU=Users,DC=company-bih,DC=corp'; $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} ='CN=devuser,OU=Users,DC=agrokor-bih,DC=corp'; $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} ='devpwd'; $Self->{CustomerUser} = { Module => 'Kernel::System::CustomerUser::LDAP', Params => { Host => 'myAD.company-bih.corp', BaseDN => 'OU=Users,DC=company-bih,DC=corp', SSCOPE => 'sub', UserDN =>'CN=devuser,OU=Users,DC=agrokor-bih,DC=corp', UserPw => 'devpwd', }, CustomerKey => 'sAMAccountName', CustomerID => 'userPrincipalName', CustomerUserListFields => ['displayName', 'userPrincipalName'], CustomerUserSearchFields => ['displayName', 'userPrincipalName'], CustomerUserPostMasterSearchFields => userPrincipalName, CustomerUserNameFields => ['givenName', 'sn'], #the following must map to valid fields in your AD(givenname,sn,sAMAccountName,...) Map => [ [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ], [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ], [ 'UserEmail', 'Email', 'userPrincipalName', 1, 1, 'var' ], [ 'UserCustomerID', 'CustomerID', 'userPrincipalName', 0, 1, 'var' ], ], }; #OK now lets have our agents use LDAP $Self->{'AuthModule::LDAP::GroupDN'} ='CN=devuser,OU=Users,DC=company-bih,DC=corp'; $Self->{'AuthModule::LDAP::AccessAttr'} = 'member'; $Self->{'AuthModule::LDAP::UserAttr'} = 'DN'; $Self->{'Customer::AuthModule::LDAP::GroupDN'} ='CN=devuser,OU=Users,DC=company-bih,DC=corp'; $Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member'; $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN'; # UserSyncLDAPMap # (map if agent should create/synced from LDAP to DB after login must match your AD) $Self->{UserSyncLDAPMap} = { # DB -> LDAP Firstname => 'givenName', Lastname => 'sn', Email => 'userPrincipalName', }; # UserSyncLDAPGroups # (If "LDAP" was selected for AuthModule, you can specify # initial user groups for first login.) $Self->{UserSyncLDAPGroups} = [ 'users', ]; But i Get following errors in log file (and it repeats all the time in log file): Oct 25 12:36:29 otrs OTRS-CGI-10[30148]: [Error][Kernel::System::CustomerUser::LDAP::new][Line:151]: First bind failed! 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece Oct 25 12:54:23 otrs OTRS-CGI-10[30220]: [Error][Kernel::System::Auth::LDAP::Auth][Line:187]: First bind failed! 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece Can anyone help me with this ? --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/