Re: [otrs] Multiple LDAP agent backends

Fri, 23 Apr 2010 02:46:52 -0700 

Hi,
Do just one config (instead of 2) by changing $Self->{'AuthModule::LDAP::BaseDN'} to dc=domain,dc=ru like this : 

$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';

    $Self->{'AuthModule::LDAP::Host'} = 'dc.domain.ru 
<http://dc.domain.ru>';

    $Self->{'AuthModule::LDAP::BaseDN'} = 'DC=domain, DC=ru';
    $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';

    $Self->{'AuthModule::LDAP::GroupDN'} = 'CN=otrs_allow_Agent, OU=IT, 
OU=City1, DC=domain, DC=ru';

    $Self->{'AuthModule::LDAP::AccessAttr'} = 'member';

    $Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=otrs, OU=Users, 
OU=IT, OU=City1, DC=domain, DC=ru';

    $Self->{'AuthModule::LDAP::SearchUserPw'} = 'anypassword';


You can put in BaseDN your Base Domain Name (domain.ru) and OTRS will 
search in sub ou BECAUSE you have all (city1+city2) your IT guys in 
CN=otrs_allow_Agent, OU=IT, OU=City1, DC=domain, DC=ru AD group.


Hope this help.



Le 22/04/2010 18:34, Ruslan a écrit :

Hello every one. I completely stuck with multiple agent backend. =/


We have two different departments in one domain: DOMAIN.RU 
<http://DOMAIN.RU>
All agents of our domain members of: otrs_allow_agent 
 (CN=otrs_allow_Agent, OU=IT, OU=City1, DC=domain, DC=ru)
Agents from 1st department located in: OU=Users, OU=IT, OU=City1, 
DC=domain, DC=ru';
Agents from 2st department located in: OU=Users, OU=IT, OU=City2, 
DC=domain, DC=ru';
User for reading data from AD: CN=otrs, OU=Users, OU=IT, OU=City1, 
DC=domain, DC=ru';

With password "anypassword"
This user have permission to read both OU in our domain
Here is part of my config.pm <http://config.pm>
########### LDAP Agent Backend   1 ###########
    $Self->{'AuthModule1'} = 'Kernel::System::Auth::LDAP';

    $Self->{'AuthModule::LDAP::Host1'} = 'dc.domain.ru 
<http://dc.domain.ru>';
    $Self->{'AuthModule::LDAP::BaseDN1'} = 'OU=Users, OU=IT, OU=City1, 
DC=domain, DC=ru';

    $Self->{'AuthModule::LDAP::UID1'} = 'sAMAccountName';

    $Self->{'AuthModule::LDAP::GroupDN1'} = 'CN=otrs_allow_Agent, 
OU=IT, OU=City1, DC=domain, DC=ru';

    $Self->{'AuthModule::LDAP::AccessAttr1'} = 'member';

    $Self->{'AuthModule::LDAP::SearchUserDN1'} = 'CN=otrs, OU=Users, 
OU=IT, OU=City1, DC=domain, DC=ru';

    $Self->{'AuthModule::LDAP::SearchUserPw1'} = 'anypassword';

########### LDAP Agent Backend   2 ###########

    $Self->{'AuthModule2'} = 'Kernel::System::Auth::LDAP';

    $Self->{'AuthModule::LDAP::Host2'} = 'dc.domain.ru 
<http://dc.domain.ru>';
    $Self->{'AuthModule::LDAP::BaseDN2'} = 'OU=Users, OU=IT, OU=City2, 
DC=domain, DC=ru';

    $Self->{'AuthModule::LDAP::UID2'} = 'sAMAccountName';

    $Self->{'AuthModule::LDAP::GroupDN2'} = 'CN=otrs_allow_Agent, 
OU=IT, OU=City1, DC=domain, DC=ru';
    $Self->{'AuthModule::LDAP::SearchUserDN2'} = 'CN=otrs, OU=Users, 
OU=IT, OU=City1, DC=domain, DC=ru';

    $Self->{'AuthModule::LDAP::SearchUserPw2'} = 'anypassword';



#         Sync DB                      #

     $Self->{'AuthSyncModule1'} = 'Kernel::System::Auth::Sync::LDAP';

     $Self->{'AuthSyncModule::LDAP::Host1'} = 'dc.domain.ru 
<http://dc.domain.ru>';
     $Self->{'AuthSyncModule::LDAP::BaseDN1'} = 'OU=Users, OU=IT, 
OU=City1, DC=domain, DC=ru';

     $Self->{'AuthSyncModule::LDAP::UID1'} = 'sAMAccountName';

     $Self->{'AuthSyncModule::LDAP::SearchUserDN1'} = 
'CN=otrs_allow_Agent, OU=IT, OU=City1, DC=domain, DC=ru';

     $Self->{'AuthSyncModule::LDAP::SearchUserPw1'} = 'anypassword';

    $Self->{'AuthSyncModule::LDAP::UserSyncMap1'} = {
        # DB -> LDAP
        UserFirstname => 'givenName',
        UserLastname  => 'sn',
        UserEmail     => 'mail',
    };


    $Self->{'AuthSyncModule2'} = 'Kernel::System::Auth::Sync::LDAP';

    $Self->{'AuthSyncModule::LDAP::Host2'} = 'dc.domain.ru 
<http://dc.domain.ru>';
    $Self->{'AuthSyncModule::LDAP::BaseDN2'} = 'OU=Users, OU=IT, 
OU=City2, DC=domain, DC=ru';

    $Self->{'AuthSyncModule::LDAP::UID2'} = 'sAMAccountName';

    $Self->{'AuthSyncModule::LDAP::SearchUserDN2'} = 
'CN=otrs_allow_Agent, OU=IT, OU=City1, DC=domain, DC=ru';

    $Self->{'AuthSyncModule::LDAP::SearchUserPw2'} = 'anypassword';
    $Self->{'AuthSyncModule::LDAP::UserSyncMap2'} = {
        # DB -> LDAP
        UserFirstname => 'givenName',
        UserLastname  => 'sn',
        UserEmail     => 'mail',
    };

And now:
Users from both OU Authenticating in LDAP successfully!
Users from OU=Users, OU=IT, OU=City1, DC=domain, DC=ru
Successfully syncing and can login to OTRS system.

Users from OU=Users, OU=IT, OU=City2, DC=domain, DC=ru

getting error message: Panic, user authenticated but no user data can 
be found in OTRS DB!! Perhaps the user is invalid.


Here is message from log file, with my comments, after user Login attempt:

Its OK. AuthModule1 trying to find User in wrong OU

MY-OTRS OTRS-CGI-10[1353]: [Notice][Kernel::System::Auth::LDAP::Auth] 
User: Admin2 authentication failed, no LDAP entry 
found!BaseDN='OU=Users, OU=IT, OU=City1, DC=domain, DC=ru', 
Filter='(sAMAccountName=Admin2)', (REMOTE_ADDR: x.x.x.x).


Its OK. AuthModule2 trying to find User correct OU. Authentication ok

MY-OTRS OTRS-CGI-10[1353]: [Notice][Kernel::System::Auth::LDAP::Auth] 
User: Admin2 (CN=Admin2,OU=Users, OU=IT, OU=City2, DC=domain, DC=ru') 
authentication ok (REMOTE_ADDR: x.x.x.x).


Hm...AuthSyncModule1 trying to Sync user, but its wrong OU

MY-OTRS OTRS-CGI-10[1353]: 
[Notice][Kernel::System::Auth::Sync::LDAP::Sync] User: Admin2 sync 
failed, no LDAP entry found!BaseDN='OU=Users, OU=IT, OU=City1, 
DC=domain, DC=ru'', Filter='(sAMAccountName=Admin2)', (REMOTE_ADDR: 
x.x.x.x).



And f...@#king V'oila!!!! Where is the second attempt to sync user???? 
With AuthSyncModule2

I'm just getting this:

MY-OTRS OTRS-CGI-10[1353]: [Notice][Kernel::System::User::GetUserData] 
Panic! No UserData for user: Admin2'!!!
MY-OTRS OTRS-CGI-10[1353]: [Notice][Kernel::System::User::GetUserData] 
Panic! No UserData for user: 'Admin2'!!!


What wrong with me?

T_T Any suggestions? Or Config.pm examples with multiple LDAP Auth and 
Sync.

I am in despair.











---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/


--
Guillaume REHM
Centre de Ressources Informatiques
Responsable Sécurité du Système d'Information (RSSI)

Bibliothèque Nationale et Universitaire de Strasbourg
5 rue du Maréchal Joffre
BP 51029
67070 Strasbourg

tél: 03 88 25 28 23
fax: 03 88 25 28 03
mail: [email protected]
web: http://www.bnu.fr


---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/





















					Reply via email to