[otrs] Problem with authenticating Active Directory via LDAP

Sun, 25 Oct 2009 05:08:03 -0700 

Ok, I've been working on this issue for 3 days, but  I can't make it work.
I want my agents and customers to autheticate via LDAP (that is
actualy our Win2003 server Active Directory)
Do I need to manualy setup ldap on otrs server (I am running openSUSE
10.2 with openLDAP) ?
Is there any configuration needed to enable authenticating from active
directory ?
This is what I have in Kernel/Config.pm  :

#we want to use LDAP for Auth
    $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
    $Self->{'AuthModule::LDAP::Host'} = 'myAD.company-bih.corp';
    $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=company-bih,dc=corp';

#DO I NEED TO CHANGE THIS sAMAccountName TO SOMETHING ELSE ?
    $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';

# WHAT USER DO I NEED TO ENTER AS SEARCHUSERDN ? IS THAT USER FROM AD,
OR FROM SUSE? OR FROM OTRS DB ?
# WHAT I USE IS  MY ACTIVE DIRECTORY USER
    #The username and password of the user you setup to access LDAP
information in AD
    $Self->{'AuthModule::LDAP::SearchUserDN'}
='CN=devuser,OU=Users,DC=company-bih,DC=corp';
    $Self->{'AuthModule::LDAP::SearchUserPw'} = 'devpwd';

    #We want our Customer/users to Auth using LDAP
    $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
    $Self->{'Customer::AuthModule::LDAP::Host'} = 'myAD.company-bih.corp';
    $Self->{'Customer::AuthModule::LDAP::BaseDN'}
='OU=Users,DC=company-bih,DC=corp';
    $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
    $Self->{'Customer::AuthModule::LDAP::SearchUserDN'}
='CN=devuser,OU=Users,DC=agrokor-bih,DC=corp';
    $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} ='devpwd';

    $Self->{CustomerUser} = {
      Module => 'Kernel::System::CustomerUser::LDAP',
      Params => {
      Host => 'myAD.company-bih.corp',
      BaseDN => 'OU=Users,DC=company-bih,DC=corp',
      SSCOPE => 'sub',
      UserDN =>'CN=devuser,OU=Users,DC=agrokor-bih,DC=corp',
      UserPw => 'devpwd',
    },
    CustomerKey => 'sAMAccountName',
    CustomerID => 'userPrincipalName',
    CustomerUserListFields => ['displayName', 'userPrincipalName'],
    CustomerUserSearchFields => ['displayName', 'userPrincipalName'],
    CustomerUserPostMasterSearchFields => userPrincipalName,
    CustomerUserNameFields => ['givenName', 'sn'],
    #the following must map to valid fields in your
AD(givenname,sn,sAMAccountName,...)
    Map => [
      [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
      [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
      [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
      [ 'UserEmail', 'Email', 'userPrincipalName', 1, 1, 'var' ],
      [ 'UserCustomerID', 'CustomerID', 'userPrincipalName', 0, 1, 'var' ],
    ],
  };


  #OK now lets have our agents use LDAP
  $Self->{'AuthModule::LDAP::GroupDN'}
='CN=devuser,OU=Users,DC=company-bih,DC=corp';
  $Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
  $Self->{'AuthModule::LDAP::UserAttr'} = 'DN';

  $Self->{'Customer::AuthModule::LDAP::GroupDN'}
='CN=devuser,OU=Users,DC=company-bih,DC=corp';
  $Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
  $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN';

  # UserSyncLDAPMap
  # (map if agent should create/synced from LDAP to DB after login
must match your AD)
  $Self->{UserSyncLDAPMap} = {
  # DB -> LDAP
     Firstname => 'givenName',
     Lastname => 'sn',
     Email => 'userPrincipalName',
  };

    # UserSyncLDAPGroups
    # (If "LDAP" was selected for AuthModule, you can specify
    # initial user groups for first login.)
    $Self->{UserSyncLDAPGroups} = [
        'users',
    ];

But i Get following errors in log file (and it repeats all the time in
log file):
Oct 25 12:36:29 otrs OTRS-CGI-10[30148]:
[Error][Kernel::System::CustomerUser::LDAP::new][Line:151]: First bind
failed! 80090308: LdapErr: DSID-0C090334, comment:
AcceptSecurityContext error, data 525, vece
Oct 25 12:54:23 otrs OTRS-CGI-10[30220]:
[Error][Kernel::System::Auth::LDAP::Auth][Line:187]: First bind
failed! 80090308: LdapErr: DSID-0C090334, comment:
AcceptSecurityContext error, data 525, vece

Can anyone help me with this ?
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/

Reply via email to