Dejan Miklavcic wrote:
Ok, I've been working on this issue for 3 days, but I can't make it work.
I want my agents and customers to autheticate via LDAP (that is
actualy our Win2003 server Active Directory)
Do I need to manualy setup ldap on otrs server (I am running openSUSE
10.2 with openLDAP) ?
Is there any configuration needed to enable authenticating from active
directory ?
...........
But i Get following errors in log file (and it repeats all the time in
log file):
Oct 25 12:36:29 otrs OTRS-CGI-10[30148]:
[Error][Kernel::System::CustomerUser::LDAP::new][Line:151]: First bind
failed! 80090308: LdapErr: DSID-0C090334, comment:
AcceptSecurityContext error, data 525, vece
Oct 25 12:54:23 otrs OTRS-CGI-10[30220]:
[Error][Kernel::System::Auth::LDAP::Auth][Line:187]: First bind
failed! 80090308: LdapErr: DSID-0C090334, comment:
AcceptSecurityContext error, data 525, vece
Can anyone help me with this ?
Hi Dejan,
First of all, you must create user account for otrs in Active directory.
You do not need to install LDAP manually. A week ago I enabled LDAP
authentication for both agents and customers. My LDAP server is Windows
server 2003 and OTRS is running on FreeBSD. Am sending you copy of
working Conpig.pm file. I hope this will help you.
Second, by enabling LDAP authentication for agents you would not log
in as r...@localhost (actually admin user). So you need to add user who
has admin privileges befor enable LDAP authentication. Also this users'
name must be exist in your AD tree.
#----------------------------------------------------- #
# LDAP for agents #
#----------------------------------------------------- #
#Enable LDAP authentication for Agents
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'domain.xxx.com';
$Self->{'AuthModule::LDAP::BaseDN'} = 'DC=xxx,DC=com';
$Self->{'AuthModule::LDAP::UID'} = 'CN';
$Self->{'Customer::AuthModule::LDAP::GroupDN'} =
'CN=OTRS_Agents,OU=Technic,DC=xxx,DC=com';
$Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN';
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=otrs_ldap, DC=xxx,
DC=com'; #otrs_ldap is an user for LDAP search
$Self->{'AuthModule::LDAP::SearchUserPw'} = '*****;
$Self->{'AuthModule::LDAP::AlwaysFilter'} = '';
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
# agent data sync against ldap
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = 'domain.xxx.com';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'DC=xxx, DC=com';
$Self->{'AuthSyncModule::LDAP::UID'} = 'CN';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} =
'CN=otrs_ldap,DC=xxx, DC=com';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = '*****';
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
# DB -> LDAP
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
'users',
];
# ---------------------------------------------------- #
#
#
# LDAP configuration for customers #
#
#
# ---------------------------------------------------- #
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'domain.xxx.com';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'DC=xxx,DC=com';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} =
'CN=otrs_ldap, DC=xxx,DC=com';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = '*****';
#CustomerUser
#(customer user database backend and settings)
$Self->{CustomerUser} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'domain.xxx.com',
BaseDN => 'DC=xxx,DC=com',
SSCOPE => 'sub',
UserDN =>'CN=otrs_ldap, DC=xxx, DC=com',
UserPw => '*****',
},
# customer unique id
CustomerKey => 'sAMAccountName',
# customer #
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
#[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
#[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
#[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
$Self->{'Customer::AuthModule::LDAP::GroupDN'} =
'CN=otrs_group,DC=xxx,DC=com';
$Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN';
Good luck :)
BR,
Altangerel .G
Plan for the future, because that is where you are going to spend the rest of
your life.
Mark Twain
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/
