Re: [otrs] Active Directory and user + agent authentification
I don't understand. I have already do that. I have a local user that have the same username and password in my Active Directory and in OTRS. If I don't use AD to authenticate, I can access to http://tickets/otrs/index.pl and http://tickets/otrs/customer.pl. If I use AD, I can login to http://tickets/otrs/customer.pl withou error, if I try to login to http://tickets/otrs/index.pl I have this error : Login failed! Your username or password was entered incorrectly. Do you know what is wrong ? Regards, _ Olivier VILLEGENTE Administrateur système & réseau Société Immobilière de Nouvelle-Calédonie Tél : (687) 28.03.78 Fax : (687) 28.43.56 e-Mail : olivier.villege...@sic.nc Steve Hall Envoyé par : otrs-boun...@otrs.org 12/06/2009 20:59 Veuillez répondre à "User questions and discussions about OTRS." A "User questions and discussions about OTRS." cc Objet Re: [otrs] Active Directory and user + agent authentification Even though you are auth'ing via AD, you still need to have local agents created with the same username as the AD username. (Cant comment on customers, as I dont run like that). If you change the $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP'; back to the default, create your admin user as per the name in AD, and try again. Regards I On 12 Jun 2009, at 05:02, olivier.villege...@sic.nc wrote: Hi, I have a little problem that I'm unable to solve. - I need that agents and users (customers) can authenticate using Active Directory. My users can access to the customer page but my agent can't login to the agent page. When agent try to login they have an error message saying "the connection has failed! Your username or password is incorrect". - After edit my Config.pm in order to allow authenticate by Active Directory, I can't connect using a local user. Can you help me to find what is wrong ? I join a copy of my Config.pm Regards, ** My Config.pm ** # # # # # # # Start of your own config options!!! # # # # # # # $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self->{'AuthModule::LDAP::Host'} = 'pollux.sic.intra'; $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=sic, dc=intra'; $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self->{'AuthModule::LDAP::SearchUserDN'} = 'cn=ldap_php,cn=Systeme,dc=sic,dc=intra'; $Self->{'AuthModule::LDAP::SearchUserPw'} = ''; # This is an example configuration for an LDAP auth. backend. # (take care that Net::LDAP is installed!) $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self->{'Customer::AuthModule::LDAP::Host'} = 'pollux.sic.intra'; $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=SIC,dc=sic,dc=intra'; $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName'; # The following is valid but would only be necessary if the # anonymous user do NOT have permission to read from the LDAP tree $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=ldap_php,ou=Systeme,dc=sic,dc=intra'; $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = ''; # CustomerUser # (customer user database backend and settings) $Self->{CustomerUser} = { Name => 'Datenbank', Module => 'Kernel::System::CustomerUser::DB', Params => { Table => 'customer_user', # to use an external database # DSN => 'DBI:odbc:yourdsn', # DSN => 'DBI:mysql:database=customerdb;host=customerdbhost', # User => '', Password => '', }, # customer uniq id CustomerKey => 'login', CustomerID => 'customer_id', CustomerValid => 'valid_id', CustomerUserListFields => ['first_name', 'last_name', 'email'], # CustomerUserListFields => ['login', 'first_name', 'last_name', 'customer_id', 'email'], CustomerUserSearchFields => ['login', 'last_name', 'customer_id'], CustomerUserSearchPrefix =>
Re: [otrs] Active Directory and user + agent authentification
Even though you are auth'ing via AD, you still need to have local agents created with the same username as the AD username. (Cant comment on customers, as I dont run like that). If you change the $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP'; back to the default, create your admin user as per the name in AD, and try again. Regards I On 12 Jun 2009, at 05:02, olivier.villege...@sic.nc wrote: Hi, I have a little problem that I'm unable to solve. - I need that agents and users (customers) can authenticate using Active Directory. My users can access to the customer page but my agent can't login to the agent page. When agent try to login they have an error message saying "the connection has failed! Your username or password is incorrect". - After edit my Config.pm in order to allow authenticate by Active Directory, I can't connect using a local user. Can you help me to find what is wrong ? I join a copy of my Config.pm Regards, ** My Config.pm ** # # # # # # # Start of your own config options!!! # # # # # # # $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self->{'AuthModule::LDAP::Host'} = 'pollux.sic.intra'; $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=sic, dc=intra'; $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self->{'AuthModule::LDAP::SearchUserDN'} = 'cn=ldap_php,cn=Systeme,dc=sic,dc=intra'; $Self->{'AuthModule::LDAP::SearchUserPw'} = ''; # This is an example configuration for an LDAP auth. backend. # (take care that Net::LDAP is installed!) $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self->{'Customer::AuthModule::LDAP::Host'} = 'pollux.sic.intra'; $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=SIC,dc=sic,dc=intra'; $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName'; # The following is valid but would only be necessary if the # anonymous user do NOT have permission to read from the LDAP tree $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=ldap_php,ou=Systeme,dc=sic,dc=intra'; $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = ''; # CustomerUser # (customer user database backend and settings) $Self->{CustomerUser} = { Name => 'Datenbank', Module => 'Kernel::System::CustomerUser::DB', Params => { Table => 'customer_user', # to use an external database # DSN => 'DBI:odbc:yourdsn', # DSN => 'DBI:mysql:database=customerdb;host=customerdbhost', # User => '', Password => '', }, # customer uniq id CustomerKey => 'login', CustomerID => 'customer_id', CustomerValid => 'valid_id', CustomerUserListFields => ['first_name', 'last_name', 'email'], # CustomerUserListFields => ['login', 'first_name', 'last_name', 'customer_id', 'email'], CustomerUserSearchFields => ['login', 'last_name', 'customer_id'], CustomerUserSearchPrefix => '', CustomerUserSearchSuffix => '*', CustomerUserSearchListLimit => 250, CustomerUserPostMasterSearchFields => ['email'], CustomerUserNameFields => ['salutation', 'first_name', 'last_name'], # ReadOnly => 1, Map => [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown, required, storage-type, http-link [ 'UserSalutation', 'Salutation', 'salutation', 1, 0, 'var' ], [ 'UserFirstname', 'Firstname', 'first_name', 1, 1, 'var' ], [ 'UserLastname', 'Lastname', 'last_name', 1, 1, 'var' ], [ 'UserLogin', 'Login', 'login', 1, 1, 'var' ], [ 'UserPassword', 'Password', 'pw', 0, 1, 'var' ], [ 'UserEmail', 'Email', 'email', 0, 1, 'var' ], [ 'UserCustomerID', 'CustomerID', 'customer_id', 0, 1, 'var' ], [ 'UserComment', 'Comment', 'comments', 1, 0, 'var' ], [ 'ValidID', 'Valid', 'valid_id', 0, 1, 'int' ], ], }; # CustomerUser1 # (customer user ldap backend and settings) $Self->{CustomerUser1} = { Module => 'Kernel::System::CustomerUser::LDAP', Params => { # ldap host Host => 'pollux.sic.intra', # ldap base dn BaseDN => 'ou=SIC,dc=sic,dc=intra', # search scope (one|sub) SSCOPE => 'sub', # The following is valid but would only be necessary if the # anonymous user does NOT have permission to read from the LDAP tree UserDN => 'cn=ldap_php,ou=Systeme,dc=sic,dc=intra', UserPw => '', AlwaysFilter => '',
[otrs] Active Directory and user + agent authentification
Hi, I have a little problem that I'm unable to solve. - I need that agents and users (customers) can authenticate using Active Directory. My users can access to the customer page but my agent can't login to the agent page. When agent try to login they have an error message saying "the connection has failed! Your username or password is incorrect". - After edit my Config.pm in order to allow authenticate by Active Directory, I can't connect using a local user. Can you help me to find what is wrong ? I join a copy of my Config.pm Regards, ** My Config.pm ** # # # # # # # Start of your own config options!!! # # # # # # # $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self->{'AuthModule::LDAP::Host'} = 'pollux.sic.intra'; $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=sic, dc=intra'; $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self->{'AuthModule::LDAP::SearchUserDN'} = 'cn=ldap_php,cn=Systeme,dc=sic,dc=intra'; $Self->{'AuthModule::LDAP::SearchUserPw'} = ''; # This is an example configuration for an LDAP auth. backend. # (take care that Net::LDAP is installed!) $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self->{'Customer::AuthModule::LDAP::Host'} = 'pollux.sic.intra'; $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=SIC,dc=sic,dc=intra'; $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName'; # The following is valid but would only be necessary if the # anonymous user do NOT have permission to read from the LDAP tree $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=ldap_php,ou=Systeme,dc=sic,dc=intra'; $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = ''; # CustomerUser # (customer user database backend and settings) $Self->{CustomerUser} = { Name => 'Datenbank', Module => 'Kernel::System::CustomerUser::DB', Params => { Table => 'customer_user', # to use an external database # DSN => 'DBI:odbc:yourdsn', # DSN => 'DBI:mysql:database=customerdb;host=customerdbhost', # User => '', Password => '', }, # customer uniq id CustomerKey => 'login', CustomerID => 'customer_id', CustomerValid => 'valid_id', CustomerUserListFields => ['first_name', 'last_name', 'email'], # CustomerUserListFields => ['login', 'first_name', 'last_name', 'customer_id', 'email'], CustomerUserSearchFields => ['login', 'last_name', 'customer_id'], CustomerUserSearchPrefix => '', CustomerUserSearchSuffix => '*', CustomerUserSearchListLimit => 250, CustomerUserPostMasterSearchFields => ['email'], CustomerUserNameFields => ['salutation', 'first_name', 'last_name'], # ReadOnly => 1, Map => [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown, required, storage-type, http-link [ 'UserSalutation', 'Salutation', 'salutation', 1, 0, 'var' ], [ 'UserFirstname', 'Firstname', 'first_name', 1, 1, 'var' ], [ 'UserLastname', 'Lastname', 'last_name', 1, 1, 'var' ], [ 'UserLogin', 'Login', 'login', 1, 1, 'var' ], [ 'UserPassword', 'Password', 'pw', 0, 1, 'var' ], [ 'UserEmail', 'Email', 'email', 0, 1, 'var' ], [ 'UserCustomerID', 'CustomerID', 'customer_id', 0, 1, 'var' ], [ 'UserComment', 'Comment', 'comments', 1, 0, 'var' ], [ 'ValidID', 'Valid', 'valid_id', 0, 1, 'int' ], ], }; # CustomerUser1 # (customer user ldap backend and settings) $Self->{CustomerUser1} = { Module => 'Kernel::System::CustomerUser::LDAP', Params => { # ldap host Host => 'pollux.sic.intra', # ldap base dn BaseDN => 'ou=SIC,dc=sic,dc=intra', # search scope (one|sub) SSCOPE => 'sub', # The following is valid but would only be necessary if the # anonymous user does NOT have permission to read from the LDAP tree UserDN => 'cn=ldap_php,ou=Systeme,dc=sic,dc=intra', UserPw => '', AlwaysFilter => '', SourceCharset => 'utf-8', DestCharset => 'iso-8859-1', }, # customer uniq id CustomerKey => 'sAMAccountName', # customer # CustomerID => 'mail', CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchPrefix => '', CustomerUserSearchSuffix => '*', CustomerUserSearchListLimit => 250, CustomerUserPostMasterSearchFields =>