Re: [otrs] Active Directory and 2.4.3 issues
Hi Chaps,
I've managed to get OTRS 2.4.3 working with Microsoft AD.
I've just had a quick browse of your config and notice that there is no
AuthSyncModule code in there, you need to sync your agent data to OTRS's
database. For example:
# Now sync data with OTRS DB
$Self-{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self-{'AuthSyncModule::LDAP::Host'} = 'servername.companyname.local';
$Self-{'AuthSyncModule::LDAP::BaseDN'} = 'dc=companyname, dc=local';
$Self-{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
$Self-{'AuthSyncModule::LDAP::SearchUserDN'} = 'cn=OTRS
Searcher,ou=OTRS LDAP Searcher,dc=companyname,dc=local';
$Self-{'AuthSyncModule::LDAP::SearchUserPw'} = 'searcherpassword';
$Self-{'AuthSyncModule::LDAP::UserSyncMap'} = {
# DB - LDAP
UserFirstname = 'givenName',
UserLastname = 'sn',
UserEmail = 'mail',
};
# AuthSyncModule::LDAP::UserSyncInitialGroups
# (sync following group with rw permission after initial create of first
agent
# login)
$Self-{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
'users',
];
If you want I can post my complete LDAP template, which has allowed Agents
to authenticate against AD (as a requirement, must belong to a particular AD
group) and customers to log on too.
Regards,
David
On Tue, Aug 25, 2009 at 10:03 PM, Justin Holt holt.justin...@gmail.comwrote:
Sorry to keep flooding you guys with emails, but disregard that last
email. It didn't work. I only managed to log in because I had created an
account for myself with the same password and it worked, stupid me. So does
anyone know how to get agents to authenticate and to get incoming emails
turned into tickets?
Thank you so much to everyone,
Justin Holt
On Tue, Aug 25, 2009 at 4:52 PM, Justin Holt holt.justin...@gmail.comwrote:
Well, just for laughs, I decided to export my settings through SysConfig
and re-import them to the new setup. I gasped in awe as it actually
worked. My other question, if I exported settings that allowed the old
system to consider emails sent to its email address as tickets, should those
settings come over and work just the same as well?
Thanks
Justin
On Tue, Aug 25, 2009 at 4:07 PM, Justin Holt holt.justin...@gmail.comwrote:
I had it fully working in 2.3.4 and made a full backup of the 2.3.4 otrs
folder. I then uninstalled 2.3.4 and installed 2.4.3. I tried first to
copy and past my whole config.pm file from 2.3.4 to 2.4.3 and that did
not work. I tried just the segment I have below and that still did not
work. Is it somewhere in the documentation and I'm missing it or can you
give me a portion of your config.pm and just have me fill in my stuff?
Thanks,
Justin
On Tue, Aug 25, 2009 at 3:53 PM, Cook, Julian co...@sec.gov wrote:
Justin, I just dealt with this headache myself. Did you have it
working and then it quit or is it a simple question of agent
authentication?
--
Julian Cook
Securities and Exchange Commission
Operations Center
DMZ Ops
On 8/25/09 3:49 PM, Justin Holt holt.justin...@gmail.com wrote:
Is there even a way for the Agent to authenticate over LDAP anymore? It
looks like it has been taken out. I've been going through SysConfig and
can't find anything on it. Anything I also try to throw at it by manually
editing Config.pm leaves the system broken. I've also uninstalled and
reinstalled a few times now.
Justin
On Tue, Aug 25, 2009 at 12:18 PM, guenther.ra...@gmx.de wrote:
Hi,
same problem here, but only with one of 200:
I have tested it, with case-sensitive typed
username, it works - but no problem with
case-sensitive for all the others...
Günther
Original-Nachricht
Datum: Tue, 25 Aug 2009 12:12:17 -0400
Von: Justin Holt holt.justin...@gmail.com
An: otrs@otrs.org
Betreff: [otrs] Active Directory and 2.4.3 issues
I finally went to make the jump to 2.4.3 from 2.3.4 and am having a
bit of
an issue. Customers still authenticate against our Active Directory
Server
just fine, but when an agent tries to authenticate, it all blows up.
Panic, user authenticated but no user data can be found in OTRS DB!!
Perhaps the user is invalid.
Here is the whole LDAP configuration part from my config.pm
http://config.pm that I just
copied and pasted out of the config.pm http://config.pm for 2.3.4.
I have seen that there
are others with this same issue but there have been no responses.
This is
all running on a windows 2003 server with a regurlar install of OTRS.
Any
Ideas?
#---Customer
Data
#Enable LDAP authentication for Customers / Users
$Self-{'Customer::AuthModule'} =
'Kernel::System::CustomerAuth::LDAP';
$Self-{'Customer::AuthModule::LDAP::Host'} = 'vdp-dc-003';
$Self-{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=ci, dc=vernon,
dc=ct,
dc=us
Re: [otrs] Active Directory and 2.4.3 issues
David, you would be my hero if you did that! Please please please post your
current template!
Thanks Much!
Justin Holt
On Wed, Aug 26, 2009 at 9:13 AM, David Holder david.hol...@gmail.comwrote:
Hi Chaps,
I've managed to get OTRS 2.4.3 working with Microsoft AD.
I've just had a quick browse of your config and notice that there is no
AuthSyncModule code in there, you need to sync your agent data to OTRS's
database. For example:
# Now sync data with OTRS DB
$Self-{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self-{'AuthSyncModule::LDAP::Host'} = 'servername.companyname.local';
$Self-{'AuthSyncModule::LDAP::BaseDN'} = 'dc=companyname, dc=local';
$Self-{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
$Self-{'AuthSyncModule::LDAP::SearchUserDN'} = 'cn=OTRS
Searcher,ou=OTRS LDAP Searcher,dc=companyname,dc=local';
$Self-{'AuthSyncModule::LDAP::SearchUserPw'} = 'searcherpassword';
$Self-{'AuthSyncModule::LDAP::UserSyncMap'} = {
# DB - LDAP
UserFirstname = 'givenName',
UserLastname = 'sn',
UserEmail = 'mail',
};
# AuthSyncModule::LDAP::UserSyncInitialGroups
# (sync following group with rw permission after initial create of
first agent
# login)
$Self-{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
'users',
];
If you want I can post my complete LDAP template, which has allowed Agents
to authenticate against AD (as a requirement, must belong to a particular AD
group) and customers to log on too.
Regards,
David
On Tue, Aug 25, 2009 at 10:03 PM, Justin Holt holt.justin...@gmail.comwrote:
Sorry to keep flooding you guys with emails, but disregard that last
email. It didn't work. I only managed to log in because I had created an
account for myself with the same password and it worked, stupid me. So does
anyone know how to get agents to authenticate and to get incoming emails
turned into tickets?
Thank you so much to everyone,
Justin Holt
On Tue, Aug 25, 2009 at 4:52 PM, Justin Holt holt.justin...@gmail.comwrote:
Well, just for laughs, I decided to export my settings through SysConfig
and re-import them to the new setup. I gasped in awe as it actually
worked. My other question, if I exported settings that allowed the old
system to consider emails sent to its email address as tickets, should those
settings come over and work just the same as well?
Thanks
Justin
On Tue, Aug 25, 2009 at 4:07 PM, Justin Holt
holt.justin...@gmail.comwrote:
I had it fully working in 2.3.4 and made a full backup of the 2.3.4 otrs
folder. I then uninstalled 2.3.4 and installed 2.4.3. I tried first to
copy and past my whole config.pm file from 2.3.4 to 2.4.3 and that did
not work. I tried just the segment I have below and that still did not
work. Is it somewhere in the documentation and I'm missing it or can you
give me a portion of your config.pm and just have me fill in my stuff?
Thanks,
Justin
On Tue, Aug 25, 2009 at 3:53 PM, Cook, Julian co...@sec.gov wrote:
Justin, I just dealt with this headache myself. Did you have it
working and then it quit or is it a simple question of agent
authentication?
--
Julian Cook
Securities and Exchange Commission
Operations Center
DMZ Ops
On 8/25/09 3:49 PM, Justin Holt holt.justin...@gmail.com wrote:
Is there even a way for the Agent to authenticate over LDAP anymore?
It looks like it has been taken out. I've been going through SysConfig
and
can't find anything on it. Anything I also try to throw at it by manually
editing Config.pm leaves the system broken. I've also uninstalled and
reinstalled a few times now.
Justin
On Tue, Aug 25, 2009 at 12:18 PM, guenther.ra...@gmx.de wrote:
Hi,
same problem here, but only with one of 200:
I have tested it, with case-sensitive typed
username, it works - but no problem with
case-sensitive for all the others...
Günther
Original-Nachricht
Datum: Tue, 25 Aug 2009 12:12:17 -0400
Von: Justin Holt holt.justin...@gmail.com
An: otrs@otrs.org
Betreff: [otrs] Active Directory and 2.4.3 issues
I finally went to make the jump to 2.4.3 from 2.3.4 and am having a
bit of
an issue. Customers still authenticate against our Active Directory
Server
just fine, but when an agent tries to authenticate, it all blows up.
Panic, user authenticated but no user data can be found in OTRS DB!!
Perhaps the user is invalid.
Here is the whole LDAP configuration part from my config.pm
http://config.pm that I just
copied and pasted out of the config.pm http://config.pm for
2.3.4. I have seen that there
are others with this same issue but there have been no responses.
This is
all running on a windows 2003 server with a regurlar install of OTRS.
Any
Ideas?
#---Customer
Data
#Enable LDAP authentication for Customers
[otrs] Active Directory and 2.4.3 issues
I finally went to make the jump to 2.4.3 from 2.3.4 and am having a bit of
an issue. Customers still authenticate against our Active Directory Server
just fine, but when an agent tries to authenticate, it all blows up.
Panic, user authenticated but no user data can be found in OTRS DB!!
Perhaps the user is invalid.
Here is the whole LDAP configuration part from my config.pm that I just
copied and pasted out of the config.pm for 2.3.4. I have seen that there
are others with this same issue but there have been no responses. This is
all running on a windows 2003 server with a regurlar install of OTRS. Any
Ideas?
#---Customer
Data
#Enable LDAP authentication for Customers / Users
$Self-{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self-{'Customer::AuthModule::LDAP::Host'} = 'vdp-dc-003';
$Self-{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=ci, dc=vernon, dc=ct,
dc=us';
$Self-{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
$Self-{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrs_ldap';
$Self-{'Customer::AuthModule::LDAP::SearchUserPw'} = '1qaz2wsx';
#CustomerUser
#(customer user database backend and settings)
$Self-{CustomerUser} = {
Module = 'Kernel::System::CustomerUser::LDAP',
Params = {
Host = 'vdp-dc-003',
BaseDN = 'dc=ci, dc=vernon, dc=ct, dc=us',
SSCOPE = 'sub',
UserDN ='otrs_ldap',
UserPw = '1qaz2wsx',
},
# customer unique id
CustomerKey = 'sAMAccountName',
# customer #
CustomerID = 'mail',
CustomerUserListFields = ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields = ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix = '',
CustomerUserSearchSuffix = '*',
CustomerUserSearchListLimit = 250,
CustomerUserPostMasterSearchFields = ['mail'],
CustomerUserNameFields = ['givenname', 'sn'],
Map = [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
#[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
#[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
#[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
# -End Customer data-
#--Agent Data-
#Enable LDAP authentication for Customers / Users
$Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self-{'AuthModule::LDAP::Host'} = 'vdp-dc-003';
$Self-{'AuthModule::LDAP::BaseDN'} = 'dc=ci, dc=vernon, dc=ct, dc=us';
$Self-{'AuthModule::LDAP::UID'} = 'sAMAccountName';
#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
$Self-{'AuthModule::LDAP::SearchUserDN'} = 'otrs_ldap';
$Self-{'AuthModule::LDAP::SearchUserPw'} = '1qaz2wsx';
# UserSyncLDAPMap
# (map if agent should create/synced from LDAP to DB after login)
$Self-{UserSyncLDAPMap} = {
# DB - LDAP
UserFirstname = 'givenName',
UserLastname = 'sn',
UserEmail = 'mail',
};
# UserSyncLDAPGroups
# (If LDAP was selected=selected for AuthModule, you can specify
# initial user groups for first login.)
$Self-{UserSyncLDAPGroups} = [
'users',
];
# UserTable
$Self-{DatabaseUserTable} = 'users';
$Self-{DatabaseUserTableUserID} = 'id';
$Self-{DatabaseUserTableUserPW} = 'pw';
$Self-{DatabaseUserTableUser} = 'login';
#Add the following lines when only users are allowed to login if they reside
in the spicified security group
#Remove these lines if you want to provide login to all users specified in
the User Base DN
$Self-{'AuthModule::LDAP::GroupDN'}
='CN=otrs_ldap_allow_A,CN=Builtin,DC=ci,DC=vernon,DC=ct,DC=us';
$Self-{'AuthModule::LDAP::AccessAttr'} = 'member';
$Self-{'AuthModule::LDAP::UserAttr'} = 'DN';
#---End Agent Data
-
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/
Re: [otrs] Active Directory and 2.4.3 issues
Hi,
same problem here, but only with one of 200:
I have tested it, with case-sensitive typed
username, it works - but no problem with
case-sensitive for all the others...
Günther
Original-Nachricht
Datum: Tue, 25 Aug 2009 12:12:17 -0400
Von: Justin Holt holt.justin...@gmail.com
An: otrs@otrs.org
Betreff: [otrs] Active Directory and 2.4.3 issues
I finally went to make the jump to 2.4.3 from 2.3.4 and am having a bit of
an issue. Customers still authenticate against our Active Directory
Server
just fine, but when an agent tries to authenticate, it all blows up.
Panic, user authenticated but no user data can be found in OTRS DB!!
Perhaps the user is invalid.
Here is the whole LDAP configuration part from my config.pm that I just
copied and pasted out of the config.pm for 2.3.4. I have seen that there
are others with this same issue but there have been no responses. This is
all running on a windows 2003 server with a regurlar install of OTRS. Any
Ideas?
#---Customer
Data
#Enable LDAP authentication for Customers / Users
$Self-{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self-{'Customer::AuthModule::LDAP::Host'} = 'vdp-dc-003';
$Self-{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=ci, dc=vernon,
dc=ct,
dc=us';
$Self-{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
$Self-{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrs_ldap';
$Self-{'Customer::AuthModule::LDAP::SearchUserPw'} = '1qaz2wsx';
#CustomerUser
#(customer user database backend and settings)
$Self-{CustomerUser} = {
Module = 'Kernel::System::CustomerUser::LDAP',
Params = {
Host = 'vdp-dc-003',
BaseDN = 'dc=ci, dc=vernon, dc=ct, dc=us',
SSCOPE = 'sub',
UserDN ='otrs_ldap',
UserPw = '1qaz2wsx',
},
# customer unique id
CustomerKey = 'sAMAccountName',
# customer #
CustomerID = 'mail',
CustomerUserListFields = ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields = ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix = '',
CustomerUserSearchSuffix = '*',
CustomerUserSearchListLimit = 250,
CustomerUserPostMasterSearchFields = ['mail'],
CustomerUserNameFields = ['givenname', 'sn'],
Map = [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
#[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
#[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
#[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
# -End Customer data-
#--Agent Data-
#Enable LDAP authentication for Customers / Users
$Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self-{'AuthModule::LDAP::Host'} = 'vdp-dc-003';
$Self-{'AuthModule::LDAP::BaseDN'} = 'dc=ci, dc=vernon, dc=ct, dc=us';
$Self-{'AuthModule::LDAP::UID'} = 'sAMAccountName';
#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
$Self-{'AuthModule::LDAP::SearchUserDN'} = 'otrs_ldap';
$Self-{'AuthModule::LDAP::SearchUserPw'} = '1qaz2wsx';
# UserSyncLDAPMap
# (map if agent should create/synced from LDAP to DB after login)
$Self-{UserSyncLDAPMap} = {
# DB - LDAP
UserFirstname = 'givenName',
UserLastname = 'sn',
UserEmail = 'mail',
};
# UserSyncLDAPGroups
# (If LDAP was selected=selected for AuthModule, you can specify
# initial user groups for first login.)
$Self-{UserSyncLDAPGroups} = [
'users',
];
# UserTable
$Self-{DatabaseUserTable} = 'users';
$Self-{DatabaseUserTableUserID} = 'id';
$Self-{DatabaseUserTableUserPW} = 'pw';
$Self-{DatabaseUserTableUser} = 'login';
#Add the following lines when only users are allowed to login if they
reside
in the spicified security group
#Remove these lines if you want to provide login to all users specified in
the User Base DN
$Self-{'AuthModule::LDAP::GroupDN'}
='CN=otrs_ldap_allow_A,CN=Builtin,DC=ci,DC=vernon,DC=ct,DC=us';
$Self-{'AuthModule::LDAP::AccessAttr'} = 'member';
$Self-{'AuthModule::LDAP::UserAttr'} = 'DN';
#---End Agent Data
Re: [otrs] Active Directory and 2.4.3 issues
Is there even a way for the Agent to authenticate over LDAP anymore? It
looks like it has been taken out. I've been going through SysConfig and
can't find anything on it. Anything I also try to throw at it by manually
editing Config.pm leaves the system broken. I've also uninstalled and
reinstalled a few times now.
Justin
On Tue, Aug 25, 2009 at 12:18 PM, guenther.ra...@gmx.de wrote:
Hi,
same problem here, but only with one of 200:
I have tested it, with case-sensitive typed
username, it works - but no problem with
case-sensitive for all the others...
Günther
Original-Nachricht
Datum: Tue, 25 Aug 2009 12:12:17 -0400
Von: Justin Holt holt.justin...@gmail.com
An: otrs@otrs.org
Betreff: [otrs] Active Directory and 2.4.3 issues
I finally went to make the jump to 2.4.3 from 2.3.4 and am having a bit
of
an issue. Customers still authenticate against our Active Directory
Server
just fine, but when an agent tries to authenticate, it all blows up.
Panic, user authenticated but no user data can be found in OTRS DB!!
Perhaps the user is invalid.
Here is the whole LDAP configuration part from my config.pm that I just
copied and pasted out of the config.pm for 2.3.4. I have seen that
there
are others with this same issue but there have been no responses. This
is
all running on a windows 2003 server with a regurlar install of OTRS.
Any
Ideas?
#---Customer
Data
#Enable LDAP authentication for Customers / Users
$Self-{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self-{'Customer::AuthModule::LDAP::Host'} = 'vdp-dc-003';
$Self-{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=ci, dc=vernon,
dc=ct,
dc=us';
$Self-{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
$Self-{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrs_ldap';
$Self-{'Customer::AuthModule::LDAP::SearchUserPw'} = '1qaz2wsx';
#CustomerUser
#(customer user database backend and settings)
$Self-{CustomerUser} = {
Module = 'Kernel::System::CustomerUser::LDAP',
Params = {
Host = 'vdp-dc-003',
BaseDN = 'dc=ci, dc=vernon, dc=ct, dc=us',
SSCOPE = 'sub',
UserDN ='otrs_ldap',
UserPw = '1qaz2wsx',
},
# customer unique id
CustomerKey = 'sAMAccountName',
# customer #
CustomerID = 'mail',
CustomerUserListFields = ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields = ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix = '',
CustomerUserSearchSuffix = '*',
CustomerUserSearchListLimit = 250,
CustomerUserPostMasterSearchFields = ['mail'],
CustomerUserNameFields = ['givenname', 'sn'],
Map = [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
#[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
#[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
#[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
# -End Customer
data-
#--Agent
Data-
#Enable LDAP authentication for Customers / Users
$Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self-{'AuthModule::LDAP::Host'} = 'vdp-dc-003';
$Self-{'AuthModule::LDAP::BaseDN'} = 'dc=ci, dc=vernon, dc=ct, dc=us';
$Self-{'AuthModule::LDAP::UID'} = 'sAMAccountName';
#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
$Self-{'AuthModule::LDAP::SearchUserDN'} = 'otrs_ldap';
$Self-{'AuthModule::LDAP::SearchUserPw'} = '1qaz2wsx';
# UserSyncLDAPMap
# (map if agent should create/synced from LDAP to DB after login)
$Self-{UserSyncLDAPMap} = {
# DB - LDAP
UserFirstname = 'givenName',
UserLastname = 'sn',
UserEmail = 'mail',
};
# UserSyncLDAPGroups
# (If LDAP was selected=selected for AuthModule, you can specify
# initial user groups for first login.)
$Self-{UserSyncLDAPGroups} = [
'users',
];
# UserTable
$Self-{DatabaseUserTable} = 'users';
$Self-{DatabaseUserTableUserID} = 'id';
$Self-{DatabaseUserTableUserPW} = 'pw';
$Self
Re: [otrs] Active Directory and 2.4.3 issues
I had it fully working in 2.3.4 and made a full backup of the 2.3.4 otrs
folder. I then uninstalled 2.3.4 and installed 2.4.3. I tried first to
copy and past my whole config.pm file from 2.3.4 to 2.4.3 and that did not
work. I tried just the segment I have below and that still did not work.
Is it somewhere in the documentation and I'm missing it or can you give me a
portion of your config.pm and just have me fill in my stuff?
Thanks,
Justin
On Tue, Aug 25, 2009 at 3:53 PM, Cook, Julian co...@sec.gov wrote:
Justin, I just dealt with this headache myself. Did you have it working
and then it quit or is it a simple question of agent authentication?
--
Julian Cook
Securities and Exchange Commission
Operations Center
DMZ Ops
On 8/25/09 3:49 PM, Justin Holt holt.justin...@gmail.com wrote:
Is there even a way for the Agent to authenticate over LDAP anymore? It
looks like it has been taken out. I've been going through SysConfig and
can't find anything on it. Anything I also try to throw at it by manually
editing Config.pm leaves the system broken. I've also uninstalled and
reinstalled a few times now.
Justin
On Tue, Aug 25, 2009 at 12:18 PM, guenther.ra...@gmx.de wrote:
Hi,
same problem here, but only with one of 200:
I have tested it, with case-sensitive typed
username, it works - but no problem with
case-sensitive for all the others...
Günther
Original-Nachricht
Datum: Tue, 25 Aug 2009 12:12:17 -0400
Von: Justin Holt holt.justin...@gmail.com
An: otrs@otrs.org
Betreff: [otrs] Active Directory and 2.4.3 issues
I finally went to make the jump to 2.4.3 from 2.3.4 and am having a bit
of
an issue. Customers still authenticate against our Active Directory
Server
just fine, but when an agent tries to authenticate, it all blows up.
Panic, user authenticated but no user data can be found in OTRS DB!!
Perhaps the user is invalid.
Here is the whole LDAP configuration part from my config.pm
http://config.pm that I just
copied and pasted out of the config.pm http://config.pm for 2.3.4. I
have seen that there
are others with this same issue but there have been no responses. This
is
all running on a windows 2003 server with a regurlar install of OTRS.
Any
Ideas?
#---Customer
Data
#Enable LDAP authentication for Customers / Users
$Self-{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self-{'Customer::AuthModule::LDAP::Host'} = 'vdp-dc-003';
$Self-{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=ci, dc=vernon,
dc=ct,
dc=us';
$Self-{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
$Self-{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrs_ldap';
$Self-{'Customer::AuthModule::LDAP::SearchUserPw'} = '1qaz2wsx';
#CustomerUser
#(customer user database backend and settings)
$Self-{CustomerUser} = {
Module = 'Kernel::System::CustomerUser::LDAP',
Params = {
Host = 'vdp-dc-003',
BaseDN = 'dc=ci, dc=vernon, dc=ct, dc=us',
SSCOPE = 'sub',
UserDN ='otrs_ldap',
UserPw = '1qaz2wsx',
},
# customer unique id
CustomerKey = 'sAMAccountName',
# customer #
CustomerID = 'mail',
CustomerUserListFields = ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields = ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix = '',
CustomerUserSearchSuffix = '*',
CustomerUserSearchListLimit = 250,
CustomerUserPostMasterSearchFields = ['mail'],
CustomerUserNameFields = ['givenname', 'sn'],
Map = [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
#[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
#[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
#[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
# -End Customer
data-
#--Agent
Data-
#Enable LDAP authentication for Customers / Users
$Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self-{'AuthModule::LDAP::Host'} = 'vdp-dc-003';
$Self-{'AuthModule::LDAP::BaseDN'} = 'dc=ci, dc=vernon, dc=ct, dc=us';
$Self-{'AuthModule::LDAP::UID'} = 'sAMAccountName';
#The following
