Re: [otrs] LDAP Intregration

Tue, 24 Nov 2009 08:42:53 -0800 

Hi Mohamed,
a.f.a.i.k. the path to the default container "Users" is not
"ou=Users,dc=some,dc=domain", but "cn=Users,dc=some,dc=domain".
You can check this by searching for a user with the following command:
dsquery user -name someusername
where "someusername" is a user in the container Users or one of its
subcontainers.
Could this be the simple reason for your problem.

Regards Markus

Mohamed Zakaria schrieb:
> Hi,
> 
>  
> 
> I am not able to intergrate my current AD to the otrs system. The system
> log shows this message:
> 
> Tue Nov 24 17:03:25 2009             error      OTRS-CGI-10      First
> bind failed! 80090308: LdapErr: DSID-0C090334, comment:
> AcceptSecurityContext error, data 525, vece�
> 
>  
> 
> This is my config.pm the portion that is above “End of own config”. Can
> anyone help me with this? Thanks.
> 
>  
> 
> #Start of LDAP
> 
> #Enable LDAP authentication for Customers / Users
> 
>   $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
> 
>   $Self->{'Customer::AuthModule::LDAP::Host'} = '10.200.1.1';
> 
>   $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=Users,dc=abc,dc=com';
> 
>   $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
> 
>  
> 
> #The following is valid but would only be necessary if the
> 
> #anonymous user do NOT have permission to read from the LDAP tree
> 
>   $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrs';
> 
>   $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'password';
> 
>  
> 
> #CustomerUser
> 
> #(customer user database backend and settings)
> 
>     $Self->{CustomerUser} = {
> 
>       Module => 'Kernel::System::CustomerUser::LDAP',
> 
>       Params => {
> 
>       Host => '10.200.1.1',
> 
>       BaseDN => 'OU=Users,DC=abc,DC=com',
> 
>       SSCOPE => 'sub',
> 
>       UserDN =>'CN=otrs,OU=Users,DC=abc,DC=com',
> 
>       UserPw => 'password',
> 
>     },
> 
> # customer unique id
> 
>     CustomerKey => 'sAMAccountName',
> 
>     # customer #
> 
>     CustomerID => 'mail',
> 
>     CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
> 
>     CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
> 
>     CustomerUserSearchPrefix => '',
> 
>     CustomerUserSearchSuffix => '*',
> 
>     CustomerUserSearchListLimit => 250,
> 
>     CustomerUserPostMasterSearchFields => ['mail'],
> 
>     CustomerUserNameFields => ['givenname', 'sn'],
> 
>     Map => [
> 
>       # note: Login, Email and CustomerID needed!
> 
>       # var, frontend, storage, shown, required, storage-type
> 
>       #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
> 
>       [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
> 
>       [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
> 
>       [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
> 
>       [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
> 
>       [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
> 
>       [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
> 
>       #[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
> 
>       #[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
> 
>     ],
> 
>   };
> 
>  
> 
> #Add the following lines when only users are allowed to login if they
> reside in the spicified security group
> 
> #Remove these lines if you want to provide login to all users specified
> in the User Base DN
> 
> #example: $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=BaseOU,
> dc=example, dc=com';
> 
>  # $Self->{'Customer::AuthModule::LDAP::GroupDN'} =
> 'CN=otrs_ldap_allow_C,OU=Groups,OU=BaseOU,DC=example,DC=com';
> 
>  # $Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
> 
>  # $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN'
> 
>  
> 
>  
> 
> #End of LDAP
> 
>  
> 
>  
> 
> Regards,
> 
> Zak
> 
> ------------------------------------------------------------------------
> This email is confidential and intended solely for the use of the
> individual to whom it is addressed. If you are not the intended
> recipient, be advised that you have received this email in error and
> that any use, dissemination, forwarding, printing or copying of this
> email is strictly prohibited. If you have received this email in error
> please contact the sender.
> ------------------------------------------------------------------------
> 
> 
> ------------------------------------------------------------------------
> 
> ---------------------------------------------------------------------
> OTRS mailing list: otrs - Webpage: http://otrs.org/
> Archive: http://lists.otrs.org/pipermail/otrs
> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
> 
> NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
> http://www.otrs.com/en/support/enterprise-subscription/

---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/

Reply via email to