Re: [otrs] Active Directory and user + agent authentification
I don't understand. I have already do that. I have a local user that have
the same username and password in my Active Directory and in OTRS. If I
don't use AD to authenticate, I can access to http://tickets/otrs/index.pl
and http://tickets/otrs/customer.pl. If I use AD, I can login to
http://tickets/otrs/customer.pl withou error, if I try to login to
http://tickets/otrs/index.pl I have this error : Login failed! Your
username or password was entered incorrectly.
Do you know what is wrong ?
Regards,
_
Olivier VILLEGENTE
Administrateur système & réseau
Société Immobilière de Nouvelle-Calédonie
Tél : (687) 28.03.78
Fax : (687) 28.43.56
e-Mail : olivier.villege...@sic.nc
Steve Hall
Envoyé par : otrs-boun...@otrs.org
12/06/2009 20:59
Veuillez répondre à
"User questions and discussions about OTRS."
A
"User questions and discussions about OTRS."
cc
Objet
Re: [otrs] Active Directory and user + agent authentification
Even though you are auth'ing via AD, you still need to have local agents
created with the same username as the AD username. (Cant comment on
customers, as I dont run like that).
If you change the
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
back to the default, create your admin user as per the name in AD, and try
again.
Regards
I
On 12 Jun 2009, at 05:02, olivier.villege...@sic.nc wrote:
Hi,
I have a little problem that I'm unable to solve.
- I need that agents and users (customers) can authenticate using Active
Directory. My users can access to the customer page but my agent can't
login to the agent page. When agent try to login they have an error
message saying "the connection has failed! Your username or password is
incorrect".
- After edit my Config.pm in order to allow authenticate by Active
Directory, I can't connect using a local user.
Can you help me to find what is wrong ?
I join a copy of my Config.pm
Regards,
** My Config.pm **
# #
# #
# #
# Start of your own config options!!! #
# #
# #
# #
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'pollux.sic.intra';
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=sic, dc=intra';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::SearchUserDN'} =
'cn=ldap_php,cn=Systeme,dc=sic,dc=intra';
$Self->{'AuthModule::LDAP::SearchUserPw'} = '';
# This is an example configuration for an LDAP auth. backend.
# (take care that Net::LDAP is installed!)
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'pollux.sic.intra';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} =
'ou=SIC,dc=sic,dc=intra';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
# The following is valid but would only be necessary if the
# anonymous user do NOT have permission to read from the LDAP tree
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} =
'cn=ldap_php,ou=Systeme,dc=sic,dc=intra';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = '';
# CustomerUser
# (customer user database backend and settings)
$Self->{CustomerUser} = {
Name => 'Datenbank',
Module => 'Kernel::System::CustomerUser::DB',
Params => { Table => 'customer_user',
# to use an external database
# DSN => 'DBI:odbc:yourdsn',
# DSN => 'DBI:mysql:database=customerdb;host=customerdbhost',
# User => '', Password => '',
},
# customer uniq id
CustomerKey => 'login',
CustomerID => 'customer_id',
CustomerValid => 'valid_id',
CustomerUserListFields => ['first_name', 'last_name', 'email'],
# CustomerUserListFields => ['login', 'first_name', 'last_name',
'customer_id', 'email'],
CustomerUserSearchFields => ['login', 'last_name', 'customer_id'],
CustomerUserSearchPrefix =>
Re: [otrs] Active Directory and user + agent authentification
Even though you are auth'ing via AD, you still need to have local
agents created with the same username as the AD username. (Cant
comment on customers, as I dont run like that).
If you change the
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
back to the default, create your admin user as per the name in AD, and
try again.
Regards
I
On 12 Jun 2009, at 05:02, olivier.villege...@sic.nc wrote:
Hi,
I have a little problem that I'm unable to solve.
- I need that agents and users (customers) can authenticate using
Active Directory. My users can access to the customer page but my
agent can't login to the agent page. When agent try to login they
have an error message saying "the connection has failed! Your
username or password is incorrect".
- After edit my Config.pm in order to allow authenticate by Active
Directory, I can't connect using a local user.
Can you help me to find what is wrong ?
I join a copy of my Config.pm
Regards,
** My Config.pm **
# #
# #
# #
# Start of your own config options!!! #
# #
# #
# #
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'pollux.sic.intra';
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=sic, dc=intra';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::SearchUserDN'} =
'cn=ldap_php,cn=Systeme,dc=sic,dc=intra';
$Self->{'AuthModule::LDAP::SearchUserPw'} = '';
# This is an example configuration for an LDAP auth. backend.
# (take care that Net::LDAP is installed!)
$Self->{'Customer::AuthModule'} =
'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'pollux.sic.intra';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} =
'ou=SIC,dc=sic,dc=intra';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
# The following is valid but would only be necessary if the
# anonymous user do NOT have permission to read from the LDAP tree
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} =
'cn=ldap_php,ou=Systeme,dc=sic,dc=intra';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = '';
# CustomerUser
# (customer user database backend and settings)
$Self->{CustomerUser} = {
Name => 'Datenbank',
Module => 'Kernel::System::CustomerUser::DB',
Params => { Table => 'customer_user',
# to use an external database
# DSN => 'DBI:odbc:yourdsn',
# DSN =>
'DBI:mysql:database=customerdb;host=customerdbhost',
# User => '', Password => '',
},
# customer uniq id
CustomerKey => 'login',
CustomerID => 'customer_id',
CustomerValid => 'valid_id',
CustomerUserListFields => ['first_name', 'last_name',
'email'],
# CustomerUserListFields => ['login', 'first_name',
'last_name', 'customer_id', 'email'],
CustomerUserSearchFields => ['login', 'last_name',
'customer_id'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['email'],
CustomerUserNameFields => ['salutation', 'first_name',
'last_name'],
# ReadOnly => 1,
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type,
http-link
[ 'UserSalutation', 'Salutation', 'salutation', 1, 0,
'var' ],
[ 'UserFirstname', 'Firstname', 'first_name', 1, 1,
'var' ],
[ 'UserLastname', 'Lastname', 'last_name', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'login', 1, 1, 'var' ],
[ 'UserPassword', 'Password', 'pw', 0, 1, 'var' ],
[ 'UserEmail', 'Email', 'email', 0, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'customer_id', 0, 1,
'var' ],
[ 'UserComment', 'Comment', 'comments', 1, 0, 'var' ],
[ 'ValidID', 'Valid', 'valid_id', 0, 1, 'int' ],
],
};
# CustomerUser1
# (customer user ldap backend and settings)
$Self->{CustomerUser1} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
# ldap host
Host => 'pollux.sic.intra',
# ldap base dn
BaseDN => 'ou=SIC,dc=sic,dc=intra',
# search scope (one|sub)
SSCOPE => 'sub',
# The following is valid but would only be necessary if the
# anonymous user does NOT have permission to read from the
LDAP tree
UserDN => 'cn=ldap_php,ou=Systeme,dc=sic,dc=intra',
UserPw => '',
AlwaysFilter => '',
[otrs] Active Directory and user + agent authentification
Hi,
I have a little problem that I'm unable to solve.
- I need that agents and users (customers) can authenticate using Active
Directory. My users can access to the customer page but my agent can't
login to the agent page. When agent try to login they have an error
message saying "the connection has failed! Your username or password is
incorrect".
- After edit my Config.pm in order to allow authenticate by Active
Directory, I can't connect using a local user.
Can you help me to find what is wrong ?
I join a copy of my Config.pm
Regards,
** My Config.pm **
# #
# #
# #
# Start of your own config options!!! #
# #
# #
# #
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'pollux.sic.intra';
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=sic, dc=intra';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::SearchUserDN'} =
'cn=ldap_php,cn=Systeme,dc=sic,dc=intra';
$Self->{'AuthModule::LDAP::SearchUserPw'} = '';
# This is an example configuration for an LDAP auth. backend.
# (take care that Net::LDAP is installed!)
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'pollux.sic.intra';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} =
'ou=SIC,dc=sic,dc=intra';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
# The following is valid but would only be necessary if the
# anonymous user do NOT have permission to read from the LDAP tree
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} =
'cn=ldap_php,ou=Systeme,dc=sic,dc=intra';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = '';
# CustomerUser
# (customer user database backend and settings)
$Self->{CustomerUser} = {
Name => 'Datenbank',
Module => 'Kernel::System::CustomerUser::DB',
Params => { Table => 'customer_user',
# to use an external database
# DSN => 'DBI:odbc:yourdsn',
# DSN => 'DBI:mysql:database=customerdb;host=customerdbhost',
# User => '', Password => '',
},
# customer uniq id
CustomerKey => 'login',
CustomerID => 'customer_id',
CustomerValid => 'valid_id',
CustomerUserListFields => ['first_name', 'last_name', 'email'],
# CustomerUserListFields => ['login', 'first_name', 'last_name',
'customer_id', 'email'],
CustomerUserSearchFields => ['login', 'last_name', 'customer_id'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['email'],
CustomerUserNameFields => ['salutation', 'first_name',
'last_name'],
# ReadOnly => 1,
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type,
http-link
[ 'UserSalutation', 'Salutation', 'salutation', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'first_name', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'last_name', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'login', 1, 1, 'var' ],
[ 'UserPassword', 'Password', 'pw', 0, 1, 'var' ],
[ 'UserEmail', 'Email', 'email', 0, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'customer_id', 0, 1, 'var'
],
[ 'UserComment', 'Comment', 'comments', 1, 0, 'var' ],
[ 'ValidID', 'Valid', 'valid_id', 0, 1, 'int' ],
],
};
# CustomerUser1
# (customer user ldap backend and settings)
$Self->{CustomerUser1} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
# ldap host
Host => 'pollux.sic.intra',
# ldap base dn
BaseDN => 'ou=SIC,dc=sic,dc=intra',
# search scope (one|sub)
SSCOPE => 'sub',
# The following is valid but would only be necessary if the
# anonymous user does NOT have permission to read from the LDAP tree
UserDN => 'cn=ldap_php,ou=Systeme,dc=sic,dc=intra',
UserPw => '',
AlwaysFilter => '',
SourceCharset => 'utf-8',
DestCharset => 'iso-8859-1',
},
# customer uniq id
CustomerKey => 'sAMAccountName',
# customer #
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields =>
