[otrs] Active Directory integration with multiple OU
Hello, How can i add customers from multiple OUs in the OTRS ? In the config.pm file as i`ve seen you can only add one OU from which the users are fetched using LDAP. Regards, - OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
[otrs] Active Directory integration with multiple OU
Hello, How can i add customers from multiple OUs in the OTRS ? In the config.pm file as i`ve seen you can only add one OU from which the users are fetched using LDAP. Regards, Paul Andurnache Junior Security Officer Aviva Group Romania Tel: +4 021 2038300 Fax: +4 021 2038301 Email: paul.andurna...@aviva.ro www.aviva.ro Aviva Asigurari de Viata SA - str. Buzesti 76-80, et. 1-3, sector 1, Bucuresti, cod 011017 - Tel. 021-203.83.00, Fax 021 203 83 01 Aviva Societate de Administrare a unui Fond de Pensii Privat - str. Buzesti 76-80, et. 4, sector 1, Bucuresti, cod 011017 - Tel. 021 203 84 00, Fax 021 203 84, 02 Privileged/Confidential Information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. Please advise immediately if you or your employer does not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of Aviva shall be understood as neither given nor endorsed by it Prezentul mesaj poate contine informatii confidentiale. In cazul in care nu sunteti persoana mentionata ca destinatar (sau persoana nominalizata pentru a trimite mesajul catre destinatar), nu puteti copia sau trimite acest mesaj catre o terta persoana. In acest caz, va rugam sa stergeti acest mesaj si sa anuntati emitentul prin trimiterea unui raspuns. Va rugam sa ne anuntati imediat in cazul in care dumneavoastra sau angajatorul dumneavoastra nu accepta comunicarea unor astfel de mesaje prin intermediul email-ului. Opiniile, concluziile sau orice alte informatii din acest mesaj care nu au legatura cu activitatea companiei Aviva vor fi interpretate ca nefiind date sau aprobate de catre aceasta. Please don't print this e-mail unless you really need to. image/jpegimage/jpeg- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Re: [otrs] Active Directory integration with multiple OU
Hi Paul, You can use the OU that is the parent to all the OUs containing the customers. When the LDAP lookup occurs it will search recursively through all the Child OUs. Kind regards, Rory Clerkin On 20 July 2011 15:40, paul.andurna...@aviva.ro wrote: Hello, How can i add customers from multiple OUs in the OTRS ? In the config.pm file as i`ve seen you can only add one OU from which the users are fetched using LDAP. Regards, * Paul Andurnache ** Junior Security Officer Aviva Group Romania* Tel: +4 021 2038300 Fax: +4 021 2038301 Email: paul.andurna...@aviva.ro www.aviva.ro *Aviva Asigurari de Viata SA *- str. Buzesti 76-80, et. 1-3, sector 1, Bucuresti, cod 011017 - Tel. 021-203.83.00, Fax 021 203 83 01* Aviva Societate de Administrare a unui Fond de Pensii Privat* - str. Buzesti 76-80, et. 4, sector 1, Bucuresti, cod 011017 - Tel. 021 203 84 00, Fax 021 203 84, 02 Privileged/Confidential Information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. Please advise immediately if you or your employer does not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of Aviva shall be understood as neither given nor endorsed by it Prezentul mesaj poate contine informatii confidentiale. In cazul in care nu sunteti persoana mentionata ca destinatar (sau persoana nominalizata pentru a trimite mesajul catre destinatar), nu puteti copia sau trimite acest mesaj catre o terta persoana. In acest caz, va rugam sa stergeti acest mesaj si sa anuntati emitentul prin trimiterea unui raspuns. Va rugam sa ne anuntati imediat in cazul in care dumneavoastra sau angajatorul dumneavoastra nu accepta comunicarea unor astfel de mesaje prin intermediul email-ului. Opiniile, concluziile sau orice alte informatii din acest mesaj care nu au legatura cu activitatea companiei Aviva vor fi interpretate ca nefiind date sau aprobate de catre aceasta. Please don't print this e-mail unless you really need to. - OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs image/jpegimage/jpeg- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Re: [otrs] Active Directory integration with multiple OU
You can also list multiple LDAP bases and/or filters in numbered customer DBs. -- From: Rory Sent: Wednesday, July 20, 2011 11:22 AM To: User questions and discussions about OTRS. Subject: Re: [otrs] Active Directory integration with multiple OU Hi Paul, You can use the OU that is the parent to all the OUs containing the customers. When the LDAP lookup occurs it will search recursively through all the Child OUs. Kind regards, Rory Clerkin On 20 July 2011 15:40, paul.andurna...@aviva.ro wrote: Hello, How can i add customers from multiple OUs in the OTRS ? In the config.pm file as i`ve seen you can only add one OU from which the users are fetched using LDAP. Regards, * Paul Andurnache ** Junior Security Officer Aviva Group Romania* Tel: +4 021 2038300 Fax: +4 021 2038301 Email: paul.andurna...@aviva.ro www.aviva.ro *Aviva Asigurari de Viata SA *- str. Buzesti 76-80, et. 1-3, sector 1, Bucuresti, cod 011017 - Tel. 021-203.83.00, Fax 021 203 83 01* Aviva Societate de Administrare a unui Fond de Pensii Privat* - str. Buzesti 76-80, et. 4, sector 1, Bucuresti, cod 011017 - Tel. 021 203 84 00, Fax 021 203 84, 02 Privileged/Confidential Information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. Please advise immediately if you or your employer does not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of Aviva shall be understood as neither given nor endorsed by it Prezentul mesaj poate contine informatii confidentiale. In cazul in care nu sunteti persoana mentionata ca destinatar (sau persoana nominalizata pentru a trimite mesajul catre destinatar), nu puteti copia sau trimite acest mesaj catre o terta persoana. In acest caz, va rugam sa stergeti acest mesaj si sa anuntati emitentul prin trimiterea unui raspuns. Va rugam sa ne anuntati imediat in cazul in care dumneavoastra sau angajatorul dumneavoastra nu accepta comunicarea unor astfel de mesaje prin intermediul email-ului. Opiniile, concluziile sau orice alte informatii din acest mesaj care nu au legatura cu activitatea companiei Aviva vor fi interpretate ca nefiind date sau aprobate de catre aceasta. Please don't print this e-mail unless you really need to. - OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs image/jpegimage/jpeg- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
[otrs] Active Directory Integration - Please Help
I'm having problems with Active Directory integration of the customers - i get the following error [Fri May 7 09:35:52 2010][Notice][Kernel::System::CustomerAuth::LDAP::Auth] CustomerUser: ion (CN=ion,CN=Users,DC=test,DC=local) authentication ok (REMOTE_ADDR: 192.168.0.1). [Fri May 7 09:35:52 2010][Error][Kernel::System::CustomerUser::LDAP::CustomerUserDataGet][580] 20D6: SvcErr: DSID-03100754, problem 5012 (DIR_ERROR), data 0 Please Help Me ! - OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
[otrs] Active Directory Integration
Hello, I have some problems with the OTRS system and Active Directory. 1. I try to sync agents roles ( admin in AD - admin in OTRS ). With the config bellow agents are capable to login with Active Directory credentials but no roles sync. # This is an example configuration for an LDAP auth. backend. # (take care that Net::LDAP is installed!) $Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self-{'AuthModule::LDAP::Host'} = 'pdc.test.local'; $Self-{'AuthModule::LDAP::BaseDN'} = 'dc=test,dc=local'; $Self-{'AuthModule::LDAP::UID'} = 'sAMAccountName'; # Check if the user is allowed to auth in a posixGroup # (e. g. user needs to be in a group xyz to use otrs) #$Self-{'AuthModule::LDAP::GroupDN'} = 'cn=otrsallow,ou=posixGroups,dc=example,dc=com'; #$Self-{'AuthModule::LDAP::AccessAttr'} = 'memberUid'; # for ldap posixGroups objectclass (just uid) #$Self-{'AuthModule::LDAP::UserAttr'} = 'UID'; # for non ldap posixGroups objectclass (with full user dn) #$Self-{'AuthModule::LDAP::UserAttr'} = 'DN'; # The following is valid but would only be necessary if the # anonymous user do NOT have permission to read from the LDAP tree $Self-{'AuthModule::LDAP::SearchUserDN'} = 'CN=otrs_ldap,CN=Users,DC=test,DC=local'; $Self-{'AuthModule::LDAP::SearchUserPw'} = 'vali1982!'; # in case you want to add always one filter to each ldap query, use # this option. e. g. AlwaysFilter = '(mail=*)' or AlwaysFilter = '(objectclass=user)' # $Self-{'AuthModule::LDAP::AlwaysFilter'} = ''; # in case you want to add a suffix to each login name, then # you can use this option. e. g. user just want to use user but # in your ldap directory exists u...@domain. #$Self-{'AuthModule::LDAP::UserSuffix'} = '@domain.com'; # In case you want to convert all given usernames to lower letters you # should activate this option. It might be helpfull if databases are # in use that do not distinguish selects for upper and lower case letters # (Oracle, postgresql). User might be synched twice, if this option # is not in use. #$Self-{'AuthModule::LDAP::UserLowerCase'} = 0; # In case you need to use OTRS in iso-charset, you can define this # by using this option (converts utf-8 data from LDAP to iso). #$Self-{'AuthModule::LDAP::Charset'} = 'iso-8859-1'; # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP) $Self-{'AuthModule::LDAP::Params'} = { port= 389, timeout = 120, async = 0, version = 3, }; # Die if backend can't work, e. g. can't connect to server. $Self-{'AuthModule::LDAP::Die'} = 1; # --- # # authentication sync settings# # (enable agent data sync. after succsessful # # authentication) # # --- # # This is an example configuration for an LDAP auth sync. backend. # (take care that Net::LDAP is installed!) $Self-{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP'; $Self-{'AuthSyncModule::LDAP::Host'} = 'pdc.test.local'; $Self-{'AuthSyncModule::LDAP::BaseDN'} = 'dc=test,dc=local'; $Self-{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName'; # The following is valid but would only be necessary if the # anonymous user do NOT have permission to read from the LDAP tree $Self-{'AuthSyncModule::LDAP::SearchUserDN'} = 'CN=otrs_ldap,CN=Users,DC=test,DC=local'; $Self-{'AuthSyncModule::LDAP::SearchUserPw'} = 'vali1982!'; # in case you want to add always one filter to each ldap query, use # this option. e. g. AlwaysFilter = '(mail=*)' or AlwaysFilter = '(objectclass=user)' #$Self-{'AuthSyncModule::LDAP::AlwaysFilter'} = ''; # AuthSyncModule::LDAP::UserSyncMap # (map if agent should create/synced from LDAP to DB after successful login) $Self-{'AuthSyncModule::LDAP::UserSyncMap'} = { # DB - LDAP UserFirstname = 'givenName', UserLastname = 'sn', UserEmail = 'mail', }; # In case you need to use OTRS in iso-charset, you can define this # by using this option (converts utf-8 data from LDAP to iso). #$Self-{'AuthSyncModule::LDAP::Charset'} = 'iso-8859-1'; # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP) $Self-{'AuthSyncModule::LDAP::Params'} = { port= 389, timeout = 120, async = 0, version = 3, }; # Die if backend can't work, e. g. can't connect to server. $Self-{'AuthSyncModule::LDAP::Die'} = 1; # Attributes needed for group syncs # (attribute name for group value key) # $Self-{'AuthSyncModule::LDAP::AccessAttr'} = 'memberUid'; # (attribute for type of group content UID/DN for full ldap name) # $Self-{'AuthSyncModule::LDAP::UserAttr'} = 'UID'; # $Self-{'AuthSyncModule::LDAP::UserAttr'} =
Re: [otrs] Active Directory Integration
Hi, Try to uncomment this: # $Self-{'AuthSyncModule::LDAP::UserAttr'} = 'DN'; Le 07/05/2010 09:34, Valentin a écrit : # $Self-{'AuthSyncModule::LDAP::UserAttr'} = 'DN'; -- Guillaume REHM Centre de Ressources Informatiques Responsable Sécurité du Système d'Information (RSSI) Bibliothèque Nationale et Universitaire de Strasbourg 5 rue du Maréchal Joffre BP 51029 67070 Strasbourg tél: 03 88 25 28 23 fax: 03 88 25 28 03 mail: guillaume.r...@bnu.fr web: http://www.bnu.fr - OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
[otrs] Active Directory Integration
Thank you Guillaume for the solution but still not working. Domain admin is capable of login with ad credentials but administration section does not appear. I disabled ad authentication and i login with root and make an ad user administrator but does not work. Hi, Try to uncomment this: # $Self-{'AuthSyncModule::LDAP::UserAttr'} = 'DN'; Le 07/05/2010 09:34, Valentin a écrit : # $Self-{'AuthSyncModule::LDAP::UserAttr'} = 'DN'; -- Guillaume REHM Centre de Ressources Informatiques Responsable Sécurité du Système d'Information (RSSI) Bibliothèque Nationale et Universitaire de Strasbourg 5 rue du Maréchal Joffre BP 51029 67070 Strasbourg tél: 03 88 25 28 23 fax: 03 88 25 28 03 mail: guillaume.rehm at bnu.fr web: http://www.bnu.fr - OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
Re: [otrs] Active Directory Integration
Have you created before your roles in OTRS ? In my config.pm my role association with AD group is written like that: $Self-{'AuthSyncModule::LDAP::UserSyncRolesDefinition'} = { # ldap group 'cn=ADRole1Group,ou=myOU,ou=Pro,dc=domain,dc=local' = { # otrs role 'MYOTRSRole1' = 1, }, 'cn=ADRole2Group,ou=myOU,ou=Pro,dc=domain,dc=local' = { # otrs role 'MYOTRSRole2' = 1, } } Le 07/05/2010 10:42, Valentin a écrit : Thank you Guillaume for the solution but still not working. Domain admin is capable of login with ad credentials but administration section does not appear. I disabled ad authentication and i login with root and make an ad user administrator but does not work. Hi, Try to uncomment this: # $Self-{'AuthSyncModule::LDAP::UserAttr'} = 'DN'; Le 07/05/2010 09:34, Valentin a écrit : # $Self-{'AuthSyncModule::LDAP::UserAttr'} = 'DN'; -- Guillaume REHM Centre de Ressources Informatiques Responsable Sécurité du Système d'Information (RSSI) Bibliothèque Nationale et Universitaire de Strasbourg 5 rue du Maréchal Joffre BP 51029 67070 Strasbourg tél: 03 88 25 28 23 fax: 03 88 25 28 03 mail: guillaume.rehm at bnu.fr web: http://www.bnu.fr - OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/ -- Guillaume REHM Centre de Ressources Informatiques Responsable Sécurité du Système d'Information (RSSI) Bibliothèque Nationale et Universitaire de Strasbourg 5 rue du Maréchal Joffre BP 51029 67070 Strasbourg tél: 03 88 25 28 23 fax: 03 88 25 28 03 mail: guillaume.r...@bnu.fr web: http://www.bnu.fr - OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
Re: [otrs] Active Directory Integration
Roles are default. I did not modify any. On Fri, May 7, 2010 at 11:42, Valentin vali.ple...@gmail.com wrote: Thank you Guillaume for the solution but still not working. Domain admin is capable of login with ad credentials but administration section does not appear. I disabled ad authentication and i login with root and make an ad user administrator but does not work. Hi, Try to uncomment this: # $Self-{'AuthSyncModule::LDAP::UserAttr'} = 'DN'; Le 07/05/2010 09:34, Valentin a écrit : # $Self-{'AuthSyncModule::LDAP::UserAttr'} = 'DN'; -- Guillaume REHM Centre de Ressources Informatiques Responsable Sécurité du Système d'Information (RSSI) Bibliothèque Nationale et Universitaire de Strasbourg 5 rue du Maréchal Joffre BP 51029 67070 Strasbourg tél: 03 88 25 28 23 fax: 03 88 25 28 03 mail: guillaume.rehm at bnu.fr web: http://www.bnu.fr - OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
Re: [otrs] Active Directory extended
Hi Arnold, I have configured my otrs to set relations between role and agent from my AD. All my agents are member (or not) of AD groups (1 group = 1 OTRS role). And in config.pm I put to link role - agents to AD groups. In this case, after create roles, queues, groups, in OTRS, I manage my agents rights in AD. # AuthSyncModule::LDAP::UserSyncInitialGroups # (sync following group with rw permission after initial create of first agent login) $Self-{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [ 'users', ]; $Self-{'AuthSyncModule::LDAP::UserSyncRolesDefinition'} = { # ldap group 'cn=ADGroupForRole1,ou=OTRS,dc=domain,dc=local' = { # otrs role 'OTRSRole1' = 1, }, 'cn=ADGroupForRole2,ou=OTRS,dc=domain,dc=local' = { # otrs role 'OTRSRole2' = 1, } }; See this from OTRS list: http://lists.otrs.org/pipermail/otrs/2009-November/029206.html What do you mean by relation between customer-user and company ? Hope this help. Regards, Le 23/03/2010 22:08, Arnold Ligtvoet a écrit : Hi, I have a question about Active Directory and OTRS. Suppose I would want to control more via AD than 'just' logons. I would like to explore if it is possible to control the relation between a customer-user and a company and the relation between agents and queues in AD. Questions: - Is anyone aware of such a project? - Is there a specific snap-in for MMC users and computers that controls OTRS specific configs? - Better ideas? The reason to move this config to AD is that I want system admins to be able to control this data, without having to have access to OTRS (or knowledge of OTRS), plus I like to have all user related data in a singel location. Thanks, Arnold. - OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/ -- Guillaume REHM Centre de Ressources Informatiques Responsable Sécurité du Système d'Information (RSSI) Bibliothèque Nationale et Universitaire de Strasbourg 5 rue du Maréchal Joffre BP 51029 67070 Strasbourg tél: 03 88 25 28 23 fax: 03 88 25 28 03 mail: guillaume.r...@bnu.fr web: http://www.bnu.fr - OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
[otrs] Active Directory extended
Hi, I have a question about Active Directory and OTRS. Suppose I would want to control more via AD than 'just' logons. I would like to explore if it is possible to control the relation between a customer-user and a company and the relation between agents and queues in AD. Questions: - Is anyone aware of such a project? - Is there a specific snap-in for MMC users and computers that controls OTRS specific configs? - Better ideas? The reason to move this config to AD is that I want system admins to be able to control this data, without having to have access to OTRS (or knowledge of OTRS), plus I like to have all user related data in a singel location. Thanks, Arnold. - OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
[otrs] Active Directory memberOf
Hi, I was wondering if anyone had figured out a way to map Active Directory memberOf information to OTRS roles. The main reason I want to do this is that I'm in the process of setting up OTRS for use by 200+ agents who will be authenticating via AD's LDAP, and I'd rather like to avoid having to assign roles to all those users manually. I already tried the below code, but it doesn't work at all. #$Self-{'AuthSyncModule::LDAP::UserSyncRolesDefinition'} = { ## ldap group #'CN=groupName1,OU=department,DC=example,DC=com' = { ## otrs role #'Role_1' = 1, #}, #'CN=groupName2,OU=department,DC=example,DC=com' = { #'Role_2' = 1, #} #}; The above code gives the following error: User: someUser not in GroupDN='CN=groupName1,OU=department,DC=example,DC=com', Filter='(memberUid=CN=Some User,OU=department,DC=example,DC=com)'! (REMOTE_ADDR: 10.10.0.19). I believe that the issue is that OTRS is looking at the wrong LDAP property when doing the lookup, but I can't find a place to change it. Any ideas (or code) would be most helpful. Thanks, -- Esteban Santana Santana When life hands you lemons, ask for tequila and salt. -Anonymous - OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
Re: [otrs] Active Directory and 2.4.3 issues
Hi Chaps, I've managed to get OTRS 2.4.3 working with Microsoft AD. I've just had a quick browse of your config and notice that there is no AuthSyncModule code in there, you need to sync your agent data to OTRS's database. For example: # Now sync data with OTRS DB $Self-{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP'; $Self-{'AuthSyncModule::LDAP::Host'} = 'servername.companyname.local'; $Self-{'AuthSyncModule::LDAP::BaseDN'} = 'dc=companyname, dc=local'; $Self-{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName'; $Self-{'AuthSyncModule::LDAP::SearchUserDN'} = 'cn=OTRS Searcher,ou=OTRS LDAP Searcher,dc=companyname,dc=local'; $Self-{'AuthSyncModule::LDAP::SearchUserPw'} = 'searcherpassword'; $Self-{'AuthSyncModule::LDAP::UserSyncMap'} = { # DB - LDAP UserFirstname = 'givenName', UserLastname = 'sn', UserEmail = 'mail', }; # AuthSyncModule::LDAP::UserSyncInitialGroups # (sync following group with rw permission after initial create of first agent # login) $Self-{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [ 'users', ]; If you want I can post my complete LDAP template, which has allowed Agents to authenticate against AD (as a requirement, must belong to a particular AD group) and customers to log on too. Regards, David On Tue, Aug 25, 2009 at 10:03 PM, Justin Holt holt.justin...@gmail.comwrote: Sorry to keep flooding you guys with emails, but disregard that last email. It didn't work. I only managed to log in because I had created an account for myself with the same password and it worked, stupid me. So does anyone know how to get agents to authenticate and to get incoming emails turned into tickets? Thank you so much to everyone, Justin Holt On Tue, Aug 25, 2009 at 4:52 PM, Justin Holt holt.justin...@gmail.comwrote: Well, just for laughs, I decided to export my settings through SysConfig and re-import them to the new setup. I gasped in awe as it actually worked. My other question, if I exported settings that allowed the old system to consider emails sent to its email address as tickets, should those settings come over and work just the same as well? Thanks Justin On Tue, Aug 25, 2009 at 4:07 PM, Justin Holt holt.justin...@gmail.comwrote: I had it fully working in 2.3.4 and made a full backup of the 2.3.4 otrs folder. I then uninstalled 2.3.4 and installed 2.4.3. I tried first to copy and past my whole config.pm file from 2.3.4 to 2.4.3 and that did not work. I tried just the segment I have below and that still did not work. Is it somewhere in the documentation and I'm missing it or can you give me a portion of your config.pm and just have me fill in my stuff? Thanks, Justin On Tue, Aug 25, 2009 at 3:53 PM, Cook, Julian co...@sec.gov wrote: Justin, I just dealt with this headache myself. Did you have it working and then it quit or is it a simple question of agent authentication? -- Julian Cook Securities and Exchange Commission Operations Center DMZ Ops On 8/25/09 3:49 PM, Justin Holt holt.justin...@gmail.com wrote: Is there even a way for the Agent to authenticate over LDAP anymore? It looks like it has been taken out. I've been going through SysConfig and can't find anything on it. Anything I also try to throw at it by manually editing Config.pm leaves the system broken. I've also uninstalled and reinstalled a few times now. Justin On Tue, Aug 25, 2009 at 12:18 PM, guenther.ra...@gmx.de wrote: Hi, same problem here, but only with one of 200: I have tested it, with case-sensitive typed username, it works - but no problem with case-sensitive for all the others... Günther Original-Nachricht Datum: Tue, 25 Aug 2009 12:12:17 -0400 Von: Justin Holt holt.justin...@gmail.com An: otrs@otrs.org Betreff: [otrs] Active Directory and 2.4.3 issues I finally went to make the jump to 2.4.3 from 2.3.4 and am having a bit of an issue. Customers still authenticate against our Active Directory Server just fine, but when an agent tries to authenticate, it all blows up. Panic, user authenticated but no user data can be found in OTRS DB!! Perhaps the user is invalid. Here is the whole LDAP configuration part from my config.pm http://config.pm that I just copied and pasted out of the config.pm http://config.pm for 2.3.4. I have seen that there are others with this same issue but there have been no responses. This is all running on a windows 2003 server with a regurlar install of OTRS. Any Ideas? #---Customer Data #Enable LDAP authentication for Customers / Users $Self-{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self-{'Customer::AuthModule::LDAP::Host'} = 'vdp-dc-003'; $Self-{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=ci, dc=vernon, dc=ct, dc=us
Re: [otrs] Active Directory and 2.4.3 issues
David, you would be my hero if you did that! Please please please post your current template! Thanks Much! Justin Holt On Wed, Aug 26, 2009 at 9:13 AM, David Holder david.hol...@gmail.comwrote: Hi Chaps, I've managed to get OTRS 2.4.3 working with Microsoft AD. I've just had a quick browse of your config and notice that there is no AuthSyncModule code in there, you need to sync your agent data to OTRS's database. For example: # Now sync data with OTRS DB $Self-{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP'; $Self-{'AuthSyncModule::LDAP::Host'} = 'servername.companyname.local'; $Self-{'AuthSyncModule::LDAP::BaseDN'} = 'dc=companyname, dc=local'; $Self-{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName'; $Self-{'AuthSyncModule::LDAP::SearchUserDN'} = 'cn=OTRS Searcher,ou=OTRS LDAP Searcher,dc=companyname,dc=local'; $Self-{'AuthSyncModule::LDAP::SearchUserPw'} = 'searcherpassword'; $Self-{'AuthSyncModule::LDAP::UserSyncMap'} = { # DB - LDAP UserFirstname = 'givenName', UserLastname = 'sn', UserEmail = 'mail', }; # AuthSyncModule::LDAP::UserSyncInitialGroups # (sync following group with rw permission after initial create of first agent # login) $Self-{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [ 'users', ]; If you want I can post my complete LDAP template, which has allowed Agents to authenticate against AD (as a requirement, must belong to a particular AD group) and customers to log on too. Regards, David On Tue, Aug 25, 2009 at 10:03 PM, Justin Holt holt.justin...@gmail.comwrote: Sorry to keep flooding you guys with emails, but disregard that last email. It didn't work. I only managed to log in because I had created an account for myself with the same password and it worked, stupid me. So does anyone know how to get agents to authenticate and to get incoming emails turned into tickets? Thank you so much to everyone, Justin Holt On Tue, Aug 25, 2009 at 4:52 PM, Justin Holt holt.justin...@gmail.comwrote: Well, just for laughs, I decided to export my settings through SysConfig and re-import them to the new setup. I gasped in awe as it actually worked. My other question, if I exported settings that allowed the old system to consider emails sent to its email address as tickets, should those settings come over and work just the same as well? Thanks Justin On Tue, Aug 25, 2009 at 4:07 PM, Justin Holt holt.justin...@gmail.comwrote: I had it fully working in 2.3.4 and made a full backup of the 2.3.4 otrs folder. I then uninstalled 2.3.4 and installed 2.4.3. I tried first to copy and past my whole config.pm file from 2.3.4 to 2.4.3 and that did not work. I tried just the segment I have below and that still did not work. Is it somewhere in the documentation and I'm missing it or can you give me a portion of your config.pm and just have me fill in my stuff? Thanks, Justin On Tue, Aug 25, 2009 at 3:53 PM, Cook, Julian co...@sec.gov wrote: Justin, I just dealt with this headache myself. Did you have it working and then it quit or is it a simple question of agent authentication? -- Julian Cook Securities and Exchange Commission Operations Center DMZ Ops On 8/25/09 3:49 PM, Justin Holt holt.justin...@gmail.com wrote: Is there even a way for the Agent to authenticate over LDAP anymore? It looks like it has been taken out. I've been going through SysConfig and can't find anything on it. Anything I also try to throw at it by manually editing Config.pm leaves the system broken. I've also uninstalled and reinstalled a few times now. Justin On Tue, Aug 25, 2009 at 12:18 PM, guenther.ra...@gmx.de wrote: Hi, same problem here, but only with one of 200: I have tested it, with case-sensitive typed username, it works - but no problem with case-sensitive for all the others... Günther Original-Nachricht Datum: Tue, 25 Aug 2009 12:12:17 -0400 Von: Justin Holt holt.justin...@gmail.com An: otrs@otrs.org Betreff: [otrs] Active Directory and 2.4.3 issues I finally went to make the jump to 2.4.3 from 2.3.4 and am having a bit of an issue. Customers still authenticate against our Active Directory Server just fine, but when an agent tries to authenticate, it all blows up. Panic, user authenticated but no user data can be found in OTRS DB!! Perhaps the user is invalid. Here is the whole LDAP configuration part from my config.pm http://config.pm that I just copied and pasted out of the config.pm http://config.pm for 2.3.4. I have seen that there are others with this same issue but there have been no responses. This is all running on a windows 2003 server with a regurlar install of OTRS. Any Ideas? #---Customer Data #Enable LDAP authentication for Customers
[otrs] Active Directory and 2.4.3 issues
I finally went to make the jump to 2.4.3 from 2.3.4 and am having a bit of an issue. Customers still authenticate against our Active Directory Server just fine, but when an agent tries to authenticate, it all blows up. Panic, user authenticated but no user data can be found in OTRS DB!! Perhaps the user is invalid. Here is the whole LDAP configuration part from my config.pm that I just copied and pasted out of the config.pm for 2.3.4. I have seen that there are others with this same issue but there have been no responses. This is all running on a windows 2003 server with a regurlar install of OTRS. Any Ideas? #---Customer Data #Enable LDAP authentication for Customers / Users $Self-{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self-{'Customer::AuthModule::LDAP::Host'} = 'vdp-dc-003'; $Self-{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=ci, dc=vernon, dc=ct, dc=us'; $Self-{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName'; #The following is valid but would only be necessary if the #anonymous user do NOT have permission to read from the LDAP tree $Self-{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrs_ldap'; $Self-{'Customer::AuthModule::LDAP::SearchUserPw'} = '1qaz2wsx'; #CustomerUser #(customer user database backend and settings) $Self-{CustomerUser} = { Module = 'Kernel::System::CustomerUser::LDAP', Params = { Host = 'vdp-dc-003', BaseDN = 'dc=ci, dc=vernon, dc=ct, dc=us', SSCOPE = 'sub', UserDN ='otrs_ldap', UserPw = '1qaz2wsx', }, # customer unique id CustomerKey = 'sAMAccountName', # customer # CustomerID = 'mail', CustomerUserListFields = ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchFields = ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchPrefix = '', CustomerUserSearchSuffix = '*', CustomerUserSearchListLimit = 250, CustomerUserPostMasterSearchFields = ['mail'], CustomerUserNameFields = ['givenname', 'sn'], Map = [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown, required, storage-type #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ], [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ], [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ], [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ], [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ], #[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ], #[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ], ], }; # -End Customer data- #--Agent Data- #Enable LDAP authentication for Customers / Users $Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self-{'AuthModule::LDAP::Host'} = 'vdp-dc-003'; $Self-{'AuthModule::LDAP::BaseDN'} = 'dc=ci, dc=vernon, dc=ct, dc=us'; $Self-{'AuthModule::LDAP::UID'} = 'sAMAccountName'; #The following is valid but would only be necessary if the #anonymous user do NOT have permission to read from the LDAP tree $Self-{'AuthModule::LDAP::SearchUserDN'} = 'otrs_ldap'; $Self-{'AuthModule::LDAP::SearchUserPw'} = '1qaz2wsx'; # UserSyncLDAPMap # (map if agent should create/synced from LDAP to DB after login) $Self-{UserSyncLDAPMap} = { # DB - LDAP UserFirstname = 'givenName', UserLastname = 'sn', UserEmail = 'mail', }; # UserSyncLDAPGroups # (If LDAP was selected=selected for AuthModule, you can specify # initial user groups for first login.) $Self-{UserSyncLDAPGroups} = [ 'users', ]; # UserTable $Self-{DatabaseUserTable} = 'users'; $Self-{DatabaseUserTableUserID} = 'id'; $Self-{DatabaseUserTableUserPW} = 'pw'; $Self-{DatabaseUserTableUser} = 'login'; #Add the following lines when only users are allowed to login if they reside in the spicified security group #Remove these lines if you want to provide login to all users specified in the User Base DN $Self-{'AuthModule::LDAP::GroupDN'} ='CN=otrs_ldap_allow_A,CN=Builtin,DC=ci,DC=vernon,DC=ct,DC=us'; $Self-{'AuthModule::LDAP::AccessAttr'} = 'member'; $Self-{'AuthModule::LDAP::UserAttr'} = 'DN'; #---End Agent Data - OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
Re: [otrs] Active Directory and 2.4.3 issues
Hi, same problem here, but only with one of 200: I have tested it, with case-sensitive typed username, it works - but no problem with case-sensitive for all the others... Günther Original-Nachricht Datum: Tue, 25 Aug 2009 12:12:17 -0400 Von: Justin Holt holt.justin...@gmail.com An: otrs@otrs.org Betreff: [otrs] Active Directory and 2.4.3 issues I finally went to make the jump to 2.4.3 from 2.3.4 and am having a bit of an issue. Customers still authenticate against our Active Directory Server just fine, but when an agent tries to authenticate, it all blows up. Panic, user authenticated but no user data can be found in OTRS DB!! Perhaps the user is invalid. Here is the whole LDAP configuration part from my config.pm that I just copied and pasted out of the config.pm for 2.3.4. I have seen that there are others with this same issue but there have been no responses. This is all running on a windows 2003 server with a regurlar install of OTRS. Any Ideas? #---Customer Data #Enable LDAP authentication for Customers / Users $Self-{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self-{'Customer::AuthModule::LDAP::Host'} = 'vdp-dc-003'; $Self-{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=ci, dc=vernon, dc=ct, dc=us'; $Self-{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName'; #The following is valid but would only be necessary if the #anonymous user do NOT have permission to read from the LDAP tree $Self-{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrs_ldap'; $Self-{'Customer::AuthModule::LDAP::SearchUserPw'} = '1qaz2wsx'; #CustomerUser #(customer user database backend and settings) $Self-{CustomerUser} = { Module = 'Kernel::System::CustomerUser::LDAP', Params = { Host = 'vdp-dc-003', BaseDN = 'dc=ci, dc=vernon, dc=ct, dc=us', SSCOPE = 'sub', UserDN ='otrs_ldap', UserPw = '1qaz2wsx', }, # customer unique id CustomerKey = 'sAMAccountName', # customer # CustomerID = 'mail', CustomerUserListFields = ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchFields = ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchPrefix = '', CustomerUserSearchSuffix = '*', CustomerUserSearchListLimit = 250, CustomerUserPostMasterSearchFields = ['mail'], CustomerUserNameFields = ['givenname', 'sn'], Map = [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown, required, storage-type #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ], [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ], [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ], [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ], [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ], #[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ], #[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ], ], }; # -End Customer data- #--Agent Data- #Enable LDAP authentication for Customers / Users $Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self-{'AuthModule::LDAP::Host'} = 'vdp-dc-003'; $Self-{'AuthModule::LDAP::BaseDN'} = 'dc=ci, dc=vernon, dc=ct, dc=us'; $Self-{'AuthModule::LDAP::UID'} = 'sAMAccountName'; #The following is valid but would only be necessary if the #anonymous user do NOT have permission to read from the LDAP tree $Self-{'AuthModule::LDAP::SearchUserDN'} = 'otrs_ldap'; $Self-{'AuthModule::LDAP::SearchUserPw'} = '1qaz2wsx'; # UserSyncLDAPMap # (map if agent should create/synced from LDAP to DB after login) $Self-{UserSyncLDAPMap} = { # DB - LDAP UserFirstname = 'givenName', UserLastname = 'sn', UserEmail = 'mail', }; # UserSyncLDAPGroups # (If LDAP was selected=selected for AuthModule, you can specify # initial user groups for first login.) $Self-{UserSyncLDAPGroups} = [ 'users', ]; # UserTable $Self-{DatabaseUserTable} = 'users'; $Self-{DatabaseUserTableUserID} = 'id'; $Self-{DatabaseUserTableUserPW} = 'pw'; $Self-{DatabaseUserTableUser} = 'login'; #Add the following lines when only users are allowed to login if they reside in the spicified security group #Remove these lines if you want to provide login to all users specified in the User Base DN $Self-{'AuthModule::LDAP::GroupDN'} ='CN=otrs_ldap_allow_A,CN=Builtin,DC=ci,DC=vernon,DC=ct,DC=us'; $Self-{'AuthModule::LDAP::AccessAttr'} = 'member'; $Self-{'AuthModule::LDAP::UserAttr'} = 'DN'; #---End Agent Data
Re: [otrs] Active Directory and 2.4.3 issues
Is there even a way for the Agent to authenticate over LDAP anymore? It looks like it has been taken out. I've been going through SysConfig and can't find anything on it. Anything I also try to throw at it by manually editing Config.pm leaves the system broken. I've also uninstalled and reinstalled a few times now. Justin On Tue, Aug 25, 2009 at 12:18 PM, guenther.ra...@gmx.de wrote: Hi, same problem here, but only with one of 200: I have tested it, with case-sensitive typed username, it works - but no problem with case-sensitive for all the others... Günther Original-Nachricht Datum: Tue, 25 Aug 2009 12:12:17 -0400 Von: Justin Holt holt.justin...@gmail.com An: otrs@otrs.org Betreff: [otrs] Active Directory and 2.4.3 issues I finally went to make the jump to 2.4.3 from 2.3.4 and am having a bit of an issue. Customers still authenticate against our Active Directory Server just fine, but when an agent tries to authenticate, it all blows up. Panic, user authenticated but no user data can be found in OTRS DB!! Perhaps the user is invalid. Here is the whole LDAP configuration part from my config.pm that I just copied and pasted out of the config.pm for 2.3.4. I have seen that there are others with this same issue but there have been no responses. This is all running on a windows 2003 server with a regurlar install of OTRS. Any Ideas? #---Customer Data #Enable LDAP authentication for Customers / Users $Self-{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self-{'Customer::AuthModule::LDAP::Host'} = 'vdp-dc-003'; $Self-{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=ci, dc=vernon, dc=ct, dc=us'; $Self-{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName'; #The following is valid but would only be necessary if the #anonymous user do NOT have permission to read from the LDAP tree $Self-{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrs_ldap'; $Self-{'Customer::AuthModule::LDAP::SearchUserPw'} = '1qaz2wsx'; #CustomerUser #(customer user database backend and settings) $Self-{CustomerUser} = { Module = 'Kernel::System::CustomerUser::LDAP', Params = { Host = 'vdp-dc-003', BaseDN = 'dc=ci, dc=vernon, dc=ct, dc=us', SSCOPE = 'sub', UserDN ='otrs_ldap', UserPw = '1qaz2wsx', }, # customer unique id CustomerKey = 'sAMAccountName', # customer # CustomerID = 'mail', CustomerUserListFields = ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchFields = ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchPrefix = '', CustomerUserSearchSuffix = '*', CustomerUserSearchListLimit = 250, CustomerUserPostMasterSearchFields = ['mail'], CustomerUserNameFields = ['givenname', 'sn'], Map = [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown, required, storage-type #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ], [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ], [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ], [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ], [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ], #[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ], #[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ], ], }; # -End Customer data- #--Agent Data- #Enable LDAP authentication for Customers / Users $Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self-{'AuthModule::LDAP::Host'} = 'vdp-dc-003'; $Self-{'AuthModule::LDAP::BaseDN'} = 'dc=ci, dc=vernon, dc=ct, dc=us'; $Self-{'AuthModule::LDAP::UID'} = 'sAMAccountName'; #The following is valid but would only be necessary if the #anonymous user do NOT have permission to read from the LDAP tree $Self-{'AuthModule::LDAP::SearchUserDN'} = 'otrs_ldap'; $Self-{'AuthModule::LDAP::SearchUserPw'} = '1qaz2wsx'; # UserSyncLDAPMap # (map if agent should create/synced from LDAP to DB after login) $Self-{UserSyncLDAPMap} = { # DB - LDAP UserFirstname = 'givenName', UserLastname = 'sn', UserEmail = 'mail', }; # UserSyncLDAPGroups # (If LDAP was selected=selected for AuthModule, you can specify # initial user groups for first login.) $Self-{UserSyncLDAPGroups} = [ 'users', ]; # UserTable $Self-{DatabaseUserTable} = 'users'; $Self-{DatabaseUserTableUserID} = 'id'; $Self-{DatabaseUserTableUserPW} = 'pw'; $Self
Re: [otrs] Active Directory and 2.4.3 issues
I had it fully working in 2.3.4 and made a full backup of the 2.3.4 otrs folder. I then uninstalled 2.3.4 and installed 2.4.3. I tried first to copy and past my whole config.pm file from 2.3.4 to 2.4.3 and that did not work. I tried just the segment I have below and that still did not work. Is it somewhere in the documentation and I'm missing it or can you give me a portion of your config.pm and just have me fill in my stuff? Thanks, Justin On Tue, Aug 25, 2009 at 3:53 PM, Cook, Julian co...@sec.gov wrote: Justin, I just dealt with this headache myself. Did you have it working and then it quit or is it a simple question of agent authentication? -- Julian Cook Securities and Exchange Commission Operations Center DMZ Ops On 8/25/09 3:49 PM, Justin Holt holt.justin...@gmail.com wrote: Is there even a way for the Agent to authenticate over LDAP anymore? It looks like it has been taken out. I've been going through SysConfig and can't find anything on it. Anything I also try to throw at it by manually editing Config.pm leaves the system broken. I've also uninstalled and reinstalled a few times now. Justin On Tue, Aug 25, 2009 at 12:18 PM, guenther.ra...@gmx.de wrote: Hi, same problem here, but only with one of 200: I have tested it, with case-sensitive typed username, it works - but no problem with case-sensitive for all the others... Günther Original-Nachricht Datum: Tue, 25 Aug 2009 12:12:17 -0400 Von: Justin Holt holt.justin...@gmail.com An: otrs@otrs.org Betreff: [otrs] Active Directory and 2.4.3 issues I finally went to make the jump to 2.4.3 from 2.3.4 and am having a bit of an issue. Customers still authenticate against our Active Directory Server just fine, but when an agent tries to authenticate, it all blows up. Panic, user authenticated but no user data can be found in OTRS DB!! Perhaps the user is invalid. Here is the whole LDAP configuration part from my config.pm http://config.pm that I just copied and pasted out of the config.pm http://config.pm for 2.3.4. I have seen that there are others with this same issue but there have been no responses. This is all running on a windows 2003 server with a regurlar install of OTRS. Any Ideas? #---Customer Data #Enable LDAP authentication for Customers / Users $Self-{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self-{'Customer::AuthModule::LDAP::Host'} = 'vdp-dc-003'; $Self-{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=ci, dc=vernon, dc=ct, dc=us'; $Self-{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName'; #The following is valid but would only be necessary if the #anonymous user do NOT have permission to read from the LDAP tree $Self-{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrs_ldap'; $Self-{'Customer::AuthModule::LDAP::SearchUserPw'} = '1qaz2wsx'; #CustomerUser #(customer user database backend and settings) $Self-{CustomerUser} = { Module = 'Kernel::System::CustomerUser::LDAP', Params = { Host = 'vdp-dc-003', BaseDN = 'dc=ci, dc=vernon, dc=ct, dc=us', SSCOPE = 'sub', UserDN ='otrs_ldap', UserPw = '1qaz2wsx', }, # customer unique id CustomerKey = 'sAMAccountName', # customer # CustomerID = 'mail', CustomerUserListFields = ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchFields = ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchPrefix = '', CustomerUserSearchSuffix = '*', CustomerUserSearchListLimit = 250, CustomerUserPostMasterSearchFields = ['mail'], CustomerUserNameFields = ['givenname', 'sn'], Map = [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown, required, storage-type #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ], [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ], [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ], [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ], [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ], #[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ], #[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ], ], }; # -End Customer data- #--Agent Data- #Enable LDAP authentication for Customers / Users $Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self-{'AuthModule::LDAP::Host'} = 'vdp-dc-003'; $Self-{'AuthModule::LDAP::BaseDN'} = 'dc=ci, dc=vernon, dc=ct, dc=us'; $Self-{'AuthModule::LDAP::UID'} = 'sAMAccountName'; #The following
[otrs] Active Directory Authentication
Hello, I just installed OTRS 2.4.2-01 on Fedora 10. I have successfully enabled Agent authentication with Active Directory via LDAP module on otrs. Users' LDAP backend seems to be working too, as I can search for users in otrs and otrs finds them from Active Directory. However, User authentication with AD does not work. The following comes up on the logs when a user tries to login: [Error][Kernel::System::User::UserLookup][Line:680]: No UserID found for 'jsmith'! Capturing traffic while a user login shows otrs makes a successful bind to AD, but then no query is executed. It just unbind. Here is the Users LDAP backend configuration on Config.pm # Customer Info from LDAP: $Self-{CustomerUser} = { Name = 'Active Directory', Module = 'Kernel::System::CustomerUser::LDAP', Params = { Host = 'dc.domain.net', BaseDN = 'dc=domain,dc=net', SSCOPE = 'sub', UserDN = 'adbrowse', UserPw = 'mypassword', }, CustomerKey = 'sAMAccountName', CustomerID = 'mail', CustomerUserListFields = ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchFields = ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchPrefix = '', CustomerUserSearchSuffix = '*', CustomerUserSearchListLimit = 250, CustomerUserPostMasterSearchFields = ['mail'], CustomerUserNameFields = ['givenname', 'sn'], Map = [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown, required, storage-type # [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ], [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ], [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ], [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ], # [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ], # [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ], # [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ], ], }; # Customer Authentication against LDAP # $Self-{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self-{'Customer::AuthModule::LDAP::Host'} = 'dc.domain.net'; $Self-{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=domain, dc=net'; $Self-{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self-{'Customer::AuthModule::LDAP::SearchUserDN'} = 'adbrowse'; $Self-{'Customer::AuthModule::LDAP::SearchUserPw'} = 'mypassword'; $Self-{'Customer::AuthModule::LDAP::AlwaysFilter'} = ''; $Self-{'Customer::AuthModule::LDAP::GroupDN'} = 'CN=All Staff,CN=Users,DC=domain,DC=net'; $Self-{'Customer::AuthModule::LDAP::AccessAttr'} = 'member'; $Self-{'Customer::AuthModule::LDAP::UserAttr'} = 'DN'; $Self-{'Customer::AuthModule::LDAP::Params'} = { port = 3268, timeout = 120, async = 0, #version = 3, }; I don't know what I am missing... Do I need somehow to create users in otrs database first? I tried by enabling Database and LDAP bases both, then going to the users webpage and trying creating one user on the database, but when I try to create a user on the Database it says User already exist. Please help!! Guillermo Vargas-Dellacasa Computer Operations Manager North Hunterdon-Voorhees Regional High School District gvargas-dellac...@nhvweb.net - OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
Re: [otrs] Active Directory Authentication
Never Mind. I was trying to login to the admin interface and not the customer interface. What can I say.. I'm a newbie... It works just fine on the customer interface... Thanks.. -Original Message- From: otrs-boun...@otrs.org [mailto:otrs-boun...@otrs.org] On Behalf Of Guillermo Vargas-DellaCasa Sent: Wednesday, August 05, 2009 12:06 AM To: otrs@otrs.org Subject: [otrs] Active Directory Authentication Hello, I just installed OTRS 2.4.2-01 on Fedora 10. I have successfully enabled Agent authentication with Active Directory via LDAP module on otrs. Users' LDAP backend seems to be working too, as I can search for users in otrs and otrs finds them from Active Directory. However, User authentication with AD does not work. The following comes up on the logs when a user tries to login: [Error][Kernel::System::User::UserLookup][Line:680]: No UserID found for 'jsmith'! Capturing traffic while a user login shows otrs makes a successful bind to AD, but then no query is executed. It just unbind. Here is the Users LDAP backend configuration on Config.pm # Customer Info from LDAP: $Self-{CustomerUser} = { Name = 'Active Directory', Module = 'Kernel::System::CustomerUser::LDAP', Params = { Host = 'dc.domain.net', BaseDN = 'dc=domain,dc=net', SSCOPE = 'sub', UserDN = 'adbrowse', UserPw = 'mypassword', }, CustomerKey = 'sAMAccountName', CustomerID = 'mail', CustomerUserListFields = ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchFields = ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchPrefix = '', CustomerUserSearchSuffix = '*', CustomerUserSearchListLimit = 250, CustomerUserPostMasterSearchFields = ['mail'], CustomerUserNameFields = ['givenname', 'sn'], Map = [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown, required, storage-type # [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ], [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ], [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ], [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ], # [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ], # [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ], # [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ], ], }; # Customer Authentication against LDAP # $Self-{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self-{'Customer::AuthModule::LDAP::Host'} = 'dc.domain.net'; $Self-{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=domain, dc=net'; $Self-{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self-{'Customer::AuthModule::LDAP::SearchUserDN'} = 'adbrowse'; $Self-{'Customer::AuthModule::LDAP::SearchUserPw'} = 'mypassword'; $Self-{'Customer::AuthModule::LDAP::AlwaysFilter'} = ''; $Self-{'Customer::AuthModule::LDAP::GroupDN'} = 'CN=All Staff,CN=Users,DC=domain,DC=net'; $Self-{'Customer::AuthModule::LDAP::AccessAttr'} = 'member'; $Self-{'Customer::AuthModule::LDAP::UserAttr'} = 'DN'; $Self-{'Customer::AuthModule::LDAP::Params'} = { port = 3268, timeout = 120, async = 0, #version = 3, }; I don't know what I am missing... Do I need somehow to create users in otrs database first? I tried by enabling Database and LDAP bases both, then going to the users webpage and trying creating one user on the database, but when I try to create a user on the Database it says User already exist. Please help!! Guillermo Vargas-Dellacasa Computer Operations Manager North Hunterdon-Voorhees Regional High School District gvargas-dellac...@nhvweb.net - OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/ - OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
Re: [otrs] Active Directory and user + agent authentification
I don't understand. I have already do that. I have a local user that have the same username and password in my Active Directory and in OTRS. If I don't use AD to authenticate, I can access to http://tickets/otrs/index.pl and http://tickets/otrs/customer.pl. If I use AD, I can login to http://tickets/otrs/customer.pl withou error, if I try to login to http://tickets/otrs/index.pl I have this error : Login failed! Your username or password was entered incorrectly. Do you know what is wrong ? Regards, _ Olivier VILLEGENTE Administrateur système réseau Société Immobilière de Nouvelle-Calédonie Tél : (687) 28.03.78 Fax : (687) 28.43.56 e-Mail : olivier.villege...@sic.nc Steve Hall st...@tarkie.net Envoyé par : otrs-boun...@otrs.org 12/06/2009 20:59 Veuillez répondre à User questions and discussions about OTRS. otrs@otrs.org A User questions and discussions about OTRS. otrs@otrs.org cc Objet Re: [otrs] Active Directory and user + agent authentification Even though you are auth'ing via AD, you still need to have local agents created with the same username as the AD username. (Cant comment on customers, as I dont run like that). If you change the $Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP'; back to the default, create your admin user as per the name in AD, and try again. Regards I On 12 Jun 2009, at 05:02, olivier.villege...@sic.nc wrote: Hi, I have a little problem that I'm unable to solve. - I need that agents and users (customers) can authenticate using Active Directory. My users can access to the customer page but my agent can't login to the agent page. When agent try to login they have an error message saying the connection has failed! Your username or password is incorrect. - After edit my Config.pm in order to allow authenticate by Active Directory, I can't connect using a local user. Can you help me to find what is wrong ? I join a copy of my Config.pm Regards, ** My Config.pm ** # # # # # # # Start of your own config options!!! # # # # # # # $Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self-{'AuthModule::LDAP::Host'} = 'pollux.sic.intra'; $Self-{'AuthModule::LDAP::BaseDN'} = 'dc=sic, dc=intra'; $Self-{'AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self-{'AuthModule::LDAP::SearchUserDN'} = 'cn=ldap_php,cn=Systeme,dc=sic,dc=intra'; $Self-{'AuthModule::LDAP::SearchUserPw'} = ''; # This is an example configuration for an LDAP auth. backend. # (take care that Net::LDAP is installed!) $Self-{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self-{'Customer::AuthModule::LDAP::Host'} = 'pollux.sic.intra'; $Self-{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=SIC,dc=sic,dc=intra'; $Self-{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName'; # The following is valid but would only be necessary if the # anonymous user do NOT have permission to read from the LDAP tree $Self-{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=ldap_php,ou=Systeme,dc=sic,dc=intra'; $Self-{'Customer::AuthModule::LDAP::SearchUserPw'} = ''; # CustomerUser # (customer user database backend and settings) $Self-{CustomerUser} = { Name = 'Datenbank', Module = 'Kernel::System::CustomerUser::DB', Params = { Table = 'customer_user', # to use an external database # DSN = 'DBI:odbc:yourdsn', # DSN = 'DBI:mysql:database=customerdb;host=customerdbhost', # User = '', Password = '', }, # customer uniq id CustomerKey = 'login', CustomerID = 'customer_id', CustomerValid = 'valid_id', CustomerUserListFields = ['first_name', 'last_name', 'email'], # CustomerUserListFields = ['login', 'first_name', 'last_name', 'customer_id', 'email'], CustomerUserSearchFields = ['login', 'last_name', 'customer_id'], CustomerUserSearchPrefix = '', CustomerUserSearchSuffix = '*', CustomerUserSearchListLimit = 250, CustomerUserPostMasterSearchFields = ['email'], CustomerUserNameFields = ['salutation', 'first_name', 'last_name'], # ReadOnly = 1, Map = [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown, required, storage-type, http-link [ 'UserSalutation', 'Salutation', 'salutation', 1, 0, 'var' ], [ 'UserFirstname', 'Firstname', 'first_name', 1, 1, 'var' ], [ 'UserLastname', 'Lastname', 'last_name', 1, 1
Re: [otrs] Active Directory and user + agent authentification
Even though you are auth'ing via AD, you still need to have local agents created with the same username as the AD username. (Cant comment on customers, as I dont run like that). If you change the $Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP'; back to the default, create your admin user as per the name in AD, and try again. Regards I On 12 Jun 2009, at 05:02, olivier.villege...@sic.nc wrote: Hi, I have a little problem that I'm unable to solve. - I need that agents and users (customers) can authenticate using Active Directory. My users can access to the customer page but my agent can't login to the agent page. When agent try to login they have an error message saying the connection has failed! Your username or password is incorrect. - After edit my Config.pm in order to allow authenticate by Active Directory, I can't connect using a local user. Can you help me to find what is wrong ? I join a copy of my Config.pm Regards, ** My Config.pm ** # # # # # # # Start of your own config options!!! # # # # # # # $Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self-{'AuthModule::LDAP::Host'} = 'pollux.sic.intra'; $Self-{'AuthModule::LDAP::BaseDN'} = 'dc=sic, dc=intra'; $Self-{'AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self-{'AuthModule::LDAP::SearchUserDN'} = 'cn=ldap_php,cn=Systeme,dc=sic,dc=intra'; $Self-{'AuthModule::LDAP::SearchUserPw'} = ''; # This is an example configuration for an LDAP auth. backend. # (take care that Net::LDAP is installed!) $Self-{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self-{'Customer::AuthModule::LDAP::Host'} = 'pollux.sic.intra'; $Self-{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=SIC,dc=sic,dc=intra'; $Self-{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName'; # The following is valid but would only be necessary if the # anonymous user do NOT have permission to read from the LDAP tree $Self-{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=ldap_php,ou=Systeme,dc=sic,dc=intra'; $Self-{'Customer::AuthModule::LDAP::SearchUserPw'} = ''; # CustomerUser # (customer user database backend and settings) $Self-{CustomerUser} = { Name = 'Datenbank', Module = 'Kernel::System::CustomerUser::DB', Params = { Table = 'customer_user', # to use an external database # DSN = 'DBI:odbc:yourdsn', # DSN = 'DBI:mysql:database=customerdb;host=customerdbhost', # User = '', Password = '', }, # customer uniq id CustomerKey = 'login', CustomerID = 'customer_id', CustomerValid = 'valid_id', CustomerUserListFields = ['first_name', 'last_name', 'email'], # CustomerUserListFields = ['login', 'first_name', 'last_name', 'customer_id', 'email'], CustomerUserSearchFields = ['login', 'last_name', 'customer_id'], CustomerUserSearchPrefix = '', CustomerUserSearchSuffix = '*', CustomerUserSearchListLimit = 250, CustomerUserPostMasterSearchFields = ['email'], CustomerUserNameFields = ['salutation', 'first_name', 'last_name'], # ReadOnly = 1, Map = [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown, required, storage-type, http-link [ 'UserSalutation', 'Salutation', 'salutation', 1, 0, 'var' ], [ 'UserFirstname', 'Firstname', 'first_name', 1, 1, 'var' ], [ 'UserLastname', 'Lastname', 'last_name', 1, 1, 'var' ], [ 'UserLogin', 'Login', 'login', 1, 1, 'var' ], [ 'UserPassword', 'Password', 'pw', 0, 1, 'var' ], [ 'UserEmail', 'Email', 'email', 0, 1, 'var' ], [ 'UserCustomerID', 'CustomerID', 'customer_id', 0, 1, 'var' ], [ 'UserComment', 'Comment', 'comments', 1, 0, 'var' ], [ 'ValidID', 'Valid', 'valid_id', 0, 1, 'int' ], ], }; # CustomerUser1 # (customer user ldap backend and settings) $Self-{CustomerUser1} = { Module = 'Kernel::System::CustomerUser::LDAP', Params = { # ldap host Host = 'pollux.sic.intra', # ldap base dn BaseDN = 'ou=SIC,dc=sic,dc=intra', # search scope (one|sub) SSCOPE = 'sub', # The following is valid but would only be necessary if the # anonymous user does NOT have permission to read from the LDAP tree UserDN = 'cn=ldap_php,ou=Systeme,dc=sic,dc=intra', UserPw = '', AlwaysFilter = '', SourceCharset = 'utf-8', DestCharset =
[otrs] Active Directory and user + agent authentification
Hi, I have a little problem that I'm unable to solve. - I need that agents and users (customers) can authenticate using Active Directory. My users can access to the customer page but my agent can't login to the agent page. When agent try to login they have an error message saying the connection has failed! Your username or password is incorrect. - After edit my Config.pm in order to allow authenticate by Active Directory, I can't connect using a local user. Can you help me to find what is wrong ? I join a copy of my Config.pm Regards, ** My Config.pm ** # # # # # # # Start of your own config options!!! # # # # # # # $Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self-{'AuthModule::LDAP::Host'} = 'pollux.sic.intra'; $Self-{'AuthModule::LDAP::BaseDN'} = 'dc=sic, dc=intra'; $Self-{'AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self-{'AuthModule::LDAP::SearchUserDN'} = 'cn=ldap_php,cn=Systeme,dc=sic,dc=intra'; $Self-{'AuthModule::LDAP::SearchUserPw'} = ''; # This is an example configuration for an LDAP auth. backend. # (take care that Net::LDAP is installed!) $Self-{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self-{'Customer::AuthModule::LDAP::Host'} = 'pollux.sic.intra'; $Self-{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=SIC,dc=sic,dc=intra'; $Self-{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName'; # The following is valid but would only be necessary if the # anonymous user do NOT have permission to read from the LDAP tree $Self-{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=ldap_php,ou=Systeme,dc=sic,dc=intra'; $Self-{'Customer::AuthModule::LDAP::SearchUserPw'} = ''; # CustomerUser # (customer user database backend and settings) $Self-{CustomerUser} = { Name = 'Datenbank', Module = 'Kernel::System::CustomerUser::DB', Params = { Table = 'customer_user', # to use an external database # DSN = 'DBI:odbc:yourdsn', # DSN = 'DBI:mysql:database=customerdb;host=customerdbhost', # User = '', Password = '', }, # customer uniq id CustomerKey = 'login', CustomerID = 'customer_id', CustomerValid = 'valid_id', CustomerUserListFields = ['first_name', 'last_name', 'email'], # CustomerUserListFields = ['login', 'first_name', 'last_name', 'customer_id', 'email'], CustomerUserSearchFields = ['login', 'last_name', 'customer_id'], CustomerUserSearchPrefix = '', CustomerUserSearchSuffix = '*', CustomerUserSearchListLimit = 250, CustomerUserPostMasterSearchFields = ['email'], CustomerUserNameFields = ['salutation', 'first_name', 'last_name'], # ReadOnly = 1, Map = [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown, required, storage-type, http-link [ 'UserSalutation', 'Salutation', 'salutation', 1, 0, 'var' ], [ 'UserFirstname', 'Firstname', 'first_name', 1, 1, 'var' ], [ 'UserLastname', 'Lastname', 'last_name', 1, 1, 'var' ], [ 'UserLogin', 'Login', 'login', 1, 1, 'var' ], [ 'UserPassword', 'Password', 'pw', 0, 1, 'var' ], [ 'UserEmail', 'Email', 'email', 0, 1, 'var' ], [ 'UserCustomerID', 'CustomerID', 'customer_id', 0, 1, 'var' ], [ 'UserComment', 'Comment', 'comments', 1, 0, 'var' ], [ 'ValidID', 'Valid', 'valid_id', 0, 1, 'int' ], ], }; # CustomerUser1 # (customer user ldap backend and settings) $Self-{CustomerUser1} = { Module = 'Kernel::System::CustomerUser::LDAP', Params = { # ldap host Host = 'pollux.sic.intra', # ldap base dn BaseDN = 'ou=SIC,dc=sic,dc=intra', # search scope (one|sub) SSCOPE = 'sub', # The following is valid but would only be necessary if the # anonymous user does NOT have permission to read from the LDAP tree UserDN = 'cn=ldap_php,ou=Systeme,dc=sic,dc=intra', UserPw = '', AlwaysFilter = '', SourceCharset = 'utf-8', DestCharset = 'iso-8859-1', }, # customer uniq id CustomerKey = 'sAMAccountName', # customer # CustomerID = 'mail', CustomerUserListFields = ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchFields = ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchPrefix = '', CustomerUserSearchSuffix = '*', CustomerUserSearchListLimit = 250, CustomerUserPostMasterSearchFields = ['mail'], CustomerUserNameFields = ['givenname',
RE: [otrs] OTRS - Active Directory
Sorry i tried that but, i cannot authenticate with AD I Only receive the message Identification incorrect your user or password was entered incorrect Do you have an idea about the problem Daniel Zamorano Mejía -Original Message- From: Shawn Beasley [mailto:[EMAIL PROTECTED] Sent: Martes, 12 de Febrero de 2008 04:41 a.m. To: User questions and discussions about OTRS.org Subject: Re: [otrs] OTRS - Active Directory Hi Daniel, try this $Self-{'AuthModule::LDAP::Host'} = 'serverdemo'; instead of this $Self-{'AuthModule::LDAP::Host'} = 'serverdemo. demo.com http://demo.com/'; i.e remove the demo.com http://demo.com bit On 2/11/08, *Daniel Zamorano* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Additionally, when you have no users in your DB with matching info, you have to use the UserSyncLDAPMap section - it can be copied out of the Defaults.pm. Otherwise, you will get Panic! No user data. Hi. I have a problem; I can't configure OTRS to authenticate whit Active Directory, I was configuring and I cannot log me in the system whit AD. I have that questions: I should configure each agent in the database after to try configure the Active Directory?, if yes(whit password?) I have the next info User Administrator in AD: adminotrs à in the Users folder Server: serverdemo Domain : demo.com http://demo.com/ that is my config.pm http://config.pm/, $Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self-{'AuthModule::LDAP::Host'} = 'serverdemo. demo.com http://demo.com/'; $Self-{'AuthModule::LDAP::BaseDN'} = 'ou=Users, dc=demo, dc=com'; $Self-{'AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self-{'AuthModule::LDAP::SearchUserDN'} = 'cn=adminotrs, ou=Users, dc=demo, dc=com'; $Self-{'AuthModule::LDAP::SearchUserPw'} = 'adminpsw'; Do I need another configuration? Or is bad my configuration? -- Shawn Beasley ((otrs)) :: OTRS AG :: Norsk-Data-Straße 1 :: 61352 Bad Homburg Fon: +49 (0) 9421 56818 0 :: Fax: +49 (0) 9421 56818 18 http://www.otrs.com/ :: Communication with success! Geschäftssitz: Bad Homburg Amtsgericht Bad Homburg, HRB 10751 Steuernummer: 003/240/97521 Aufsichtsratsvorsitzender: Burchard Steinbild Vorstandsvorsitzender: André Mindermann ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support or consulting for your OTRS system? = http://www.otrs.com/
Re: [otrs] OTRS - Active Directory
okay, i really want to help you because I had the exact same problem and i solve it its my best bet your setting one of the parameter wrong! so try this perl script use strict; use warnings; use Net::Ldap; my $ldap = Net::LDAP-new ( active_directory_server) or die $@; my $mesg = $ldap-bind ( 'CN=xxx, OU=xxx, DC=xxx, DC=xxx', password = 'x', Version = 3) or die $@; my $schema = $ldap-schema (); print $schema; ## if all goes right! the script will print nthe reference value of the $schema , its a meaningless value but it means you actually use the corrent DN for the user, and you did connect to the AD also download windows xp support tools and user the adsi edit tool to read all the DN or your AD in the otrs parameters baseDN is the dn of the parent entry of all your user these are all the tips i have On 2/13/08, Daniel Zamorano [EMAIL PROTECTED] wrote: Sorry i tried that but, i cannot authenticate with AD I Only receive the message Identification incorrect your user or password was entered incorrect Do you have an idea about the problem Daniel Zamorano Mejía -Original Message- From: Shawn Beasley [mailto:[EMAIL PROTECTED] Sent: Martes, 12 de Febrero de 2008 04:41 a.m. To: User questions and discussions about OTRS.org Subject: Re: [otrs] OTRS - Active Directory Hi Daniel, try this $Self-{'AuthModule::LDAP::Host'} = 'serverdemo'; instead of this $Self-{'AuthModule::LDAP::Host'} = 'serverdemo. demo.com http://demo.com/'; i.e remove the demo.com http://demo.com bit On 2/11/08, *Daniel Zamorano* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Additionally, when you have no users in your DB with matching info, you have to use the UserSyncLDAPMap section - it can be copied out of the Defaults.pm. Otherwise, you will get Panic! No user data. Hi. I have a problem; I can't configure OTRS to authenticate whit Active Directory, I was configuring and I cannot log me in the system whit AD. I have that questions: I should configure each agent in the database after to try configure the Active Directory?, if yes(whit password?) I have the next info User Administrator in AD: adminotrs à in the Users folder Server: serverdemo Domain : demo.com http://demo.com/ that is my config.pm http://config.pm/, $Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self-{'AuthModule::LDAP::Host'} = 'serverdemo. demo.com http://demo.com/'; $Self-{'AuthModule::LDAP::BaseDN'} = 'ou=Users, dc=demo, dc=com'; $Self-{'AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self-{'AuthModule::LDAP::SearchUserDN'} = 'cn=adminotrs, ou=Users, dc=demo, dc=com'; $Self-{'AuthModule::LDAP::SearchUserPw'} = 'adminpsw'; Do I need another configuration? Or is bad my configuration? -- Shawn Beasley ((otrs)) :: OTRS AG :: Norsk-Data-Straße 1 :: 61352 Bad Homburg Fon: +49 (0) 9421 56818 0 :: Fax: +49 (0) 9421 56818 18 http://www.otrs.com/ :: Communication with success! Geschäftssitz: Bad Homburg Amtsgericht Bad Homburg, HRB 10751 Steuernummer: 003/240/97521 Aufsichtsratsvorsitzender: Burchard Steinbild Vorstandsvorsitzender: André Mindermann ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support or consulting for your OTRS system? http://www.otrs.com/ ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support or consulting for your OTRS system? = http://www.otrs.com/
[otrs] OTRS - Active Directory
Hi. I have a problem; I cant configure OTRS to authenticate whit Active Directory, I was configuring and I cannot log me in the system whit AD. I have that questions: I should configure each agent in the database after to try configure the Active Directory?, if yes(whit password?) I have the next info User Administrator in AD: adminotrs à in the Users folder Server: serverdemo Domain : demo.com that is my config.pm, $Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self-{'AuthModule::LDAP::Host'} = 'serverdemo. demo.com'; $Self-{'AuthModule::LDAP::BaseDN'} = 'ou=Users, dc=demo, dc=com'; $Self-{'AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self-{'AuthModule::LDAP::SearchUserDN'} = 'cn=adminotrs, ou=Users, dc=demo, dc=com'; $Self-{'AuthModule::LDAP::SearchUserPw'} = 'adminpsw'; Do I need another configuration? Or is bad my configuration? Thanks ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support or consulting for your OTRS system? = http://www.otrs.com/
Re: [otrs] OTRS - Active Directory
try this $Self-{'AuthModule::LDAP::Host'} = 'serverdemo'; instead of this $Self-{'AuthModule::LDAP::Host'} = 'serverdemo. demo.com'; i.e remove the demo.com bit On 2/11/08, Daniel Zamorano [EMAIL PROTECTED] wrote: Hi. I have a problem; I can't configure OTRS to authenticate whit Active Directory, I was configuring and I cannot log me in the system whit AD. I have that questions: I should configure each agent in the database after to try configure the Active Directory?, if yes(whit password?) I have the next info User Administrator in AD: adminotrs à in the Users folder Server: serverdemo Domain : demo.com that is my config.pm, $Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self-{'AuthModule::LDAP::Host'} = 'serverdemo. demo.com'; $Self-{'AuthModule::LDAP::BaseDN'} = 'ou=Users, dc=demo, dc=com'; $Self-{'AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self-{'AuthModule::LDAP::SearchUserDN'} = 'cn=adminotrs, ou=Users, dc=demo, dc=com'; $Self-{'AuthModule::LDAP::SearchUserPw'} = 'adminpsw'; Do I need another configuration? Or is bad my configuration? Thanks ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support or consulting for your OTRS system? = http://www.otrs.com/ ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support or consulting for your OTRS system? = http://www.otrs.com/
RE: [otrs] Active Directory Authentication
Hi Jason, Same authentication setup here, and i think that i might have experienced something like this. Try adding this line to the config: $Self-{'AuthModule::LDAP::AccessAttr'} = 'member'; I think that the otrs default setting is: $Self-{'AuthModule::LDAP::AccessAttr'} = 'memberUid'; And that's not quite what the AD LDAP has to offer. As for the host failover, i don't know if you can use multiple host names. I'm using just the domain name. That is: example.org, and the DNS round-robins it. Not entirely failover, but better than nothing. -- /Sune _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Benedick, Jason Sent: 21. maj 2007 00:49 To: otrs@otrs.org Subject: [otrs] Active Directory Authentication I have active directory authentication working with the exception of the GroupDN for the admin interface. When I comment out the GroupDN and the UserAttr lines everything works fine again. We are running Windows Server 2003 on our DCs if that matters. $Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self-{'AuthModule::LDAP::Host'} = 'dc1.example.org'; $Self-{'AuthModule::LDAP::BaseDN'} = 'OU=users,dc=example,dc=org'; $Self-{'AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self-{'AuthModule::LDAP::SearchUserDN'} = 'CN=LDAP\\, Linux,OU=Service Accounts,DC=example,DC=org'; $Self-{'AuthModule::LDAP::SearchUserPw'} = 'password'; $Self-{'AuthModule::LDAP::GroupDN'} = 'CN=otrs,OU=users,DC=example,DC=org'; $Self-{'AuthModule::LDAP::UserAttr'} = 'DN'; $Self-{UserSyncLDAPMap} = { #DB - LDAP Firstname = 'givenName', Lastname = 'sn', Email = 'mail', }; Also while I'm asking can I put multiple DCs in under host for failover? IE can I do something like: $Self-{'AuthModule::LDAP::Host'} = 'dc1.example.org;dc2.example.org'; and will OTRS use dc2 if dc1 is down? Thanks, Jason R. Benedick Workstation Technician Thaddeus Stevens College of Technology ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support or consulting for your OTRS system? = http://www.otrs.com/
RE: [otrs] Active Directory Authentication
Adding that line doesn't solve the problem I'm having. Thanks, Jason R. Benedick Workstation Technician Thaddeus Stevens College of Technology (717) 391-6957 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sune T. Tougaard Sent: Monday, May 21, 2007 5:10 AM To: User questions and discussions about OTRS.org Subject: RE: [otrs] Active Directory Authentication Hi Jason, Same authentication setup here, and i think that i might have experienced something like this. Try adding this line to the config: $Self-{'AuthModule::LDAP::AccessAttr'} = 'member'; I think that the otrs default setting is: $Self-{'AuthModule::LDAP::AccessAttr'} = 'memberUid'; And that's not quite what the AD LDAP has to offer. As for the host failover, i don't know if you can use multiple host names. I'm using just the domain name. That is: example.org, and the DNS round-robins it. Not entirely failover, but better than nothing. -- /Sune From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Benedick, Jason Sent: 21. maj 2007 00:49 To: otrs@otrs.org Subject: [otrs] Active Directory Authentication I have active directory authentication working with the exception of the GroupDN for the admin interface. When I comment out the GroupDN and the UserAttr lines everything works fine again. We are running Windows Server 2003 on our DCs if that matters. $Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self-{'AuthModule::LDAP::Host'} = 'dc1.example.org'; $Self-{'AuthModule::LDAP::BaseDN'} = 'OU=users,dc=example,dc=org'; $Self-{'AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self-{'AuthModule::LDAP::SearchUserDN'} = 'CN=LDAP\\, Linux,OU=Service Accounts,DC=example,DC=org'; $Self-{'AuthModule::LDAP::SearchUserPw'} = 'password'; $Self-{'AuthModule::LDAP::GroupDN'} = 'CN=otrs,OU=users,DC=example,DC=org'; $Self-{'AuthModule::LDAP::UserAttr'} = 'DN'; $Self-{UserSyncLDAPMap} = { #DB - LDAP Firstname = 'givenName', Lastname = 'sn', Email = 'mail', }; Also while I'm asking can I put multiple DCs in under host for failover? IE can I do something like: $Self-{'AuthModule::LDAP::Host'} = 'dc1.example.org;dc2.example.org'; and will OTRS use dc2 if dc1 is down? Thanks, Jason R. Benedick Workstation Technician Thaddeus Stevens College of Technology ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support or consulting for your OTRS system? = http://www.otrs.com/
RE: [otrs] Active Directory Authentication
Any details in the logfile? Also, i don't think that nested groups works, so the members has to be direct members of the group. -- /Sune _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Benedick, Jason Sent: 21. maj 2007 15:18 To: User questions and discussions about OTRS.org Subject: RE: [otrs] Active Directory Authentication Adding that line doesn't solve the problem I'm having. Thanks, Jason R. Benedick Workstation Technician Thaddeus Stevens College of Technology (717) 391-6957 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sune T. Tougaard Sent: Monday, May 21, 2007 5:10 AM To: User questions and discussions about OTRS.org Subject: RE: [otrs] Active Directory Authentication Hi Jason, Same authentication setup here, and i think that i might have experienced something like this. Try adding this line to the config: $Self-{'AuthModule::LDAP::AccessAttr'} = 'member'; I think that the otrs default setting is: $Self-{'AuthModule::LDAP::AccessAttr'} = 'memberUid'; And that's not quite what the AD LDAP has to offer. As for the host failover, i don't know if you can use multiple host names. I'm using just the domain name. That is: example.org, and the DNS round-robins it. Not entirely failover, but better than nothing. -- /Sune _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Benedick, Jason Sent: 21. maj 2007 00:49 To: otrs@otrs.org Subject: [otrs] Active Directory Authentication I have active directory authentication working with the exception of the GroupDN for the admin interface. When I comment out the GroupDN and the UserAttr lines everything works fine again. We are running Windows Server 2003 on our DCs if that matters. $Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self-{'AuthModule::LDAP::Host'} = 'dc1.example.org'; $Self-{'AuthModule::LDAP::BaseDN'} = 'OU=users,dc=example,dc=org'; $Self-{'AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self-{'AuthModule::LDAP::SearchUserDN'} = 'CN=LDAP\\, Linux,OU=Service Accounts,DC=example,DC=org'; $Self-{'AuthModule::LDAP::SearchUserPw'} = 'password'; $Self-{'AuthModule::LDAP::GroupDN'} = 'CN=otrs,OU=users,DC=example,DC=org'; $Self-{'AuthModule::LDAP::UserAttr'} = 'DN'; $Self-{UserSyncLDAPMap} = { #DB - LDAP Firstname = 'givenName', Lastname = 'sn', Email = 'mail', }; Also while I'm asking can I put multiple DCs in under host for failover? IE can I do something like: $Self-{'AuthModule::LDAP::Host'} = 'dc1.example.org;dc2.example.org'; and will OTRS use dc2 if dc1 is down? Thanks, Jason R. Benedick Workstation Technician Thaddeus Stevens College of Technology ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support or consulting for your OTRS system? = http://www.otrs.com/
RE: [otrs] Active Directory Authentication
I'm getting this error: May 21 15:30:05 websvr OTRS-CGI-10[21731]: [Notice][Kernel::System::Auth::LDAP::Auth] User: benedick authentication failed, no LDAP group entry foundGroupDN='CN=otrs,OU=users,DC=example,DC=org', Filter='(member=CN=Benedick\, Jason,OU=users,DC=example,DC=org)'! Jason R. Benedick Workstation Technician Thaddeus Stevens College of Technology (717) 391-6957 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sune T. Tougaard Sent: Monday, May 21, 2007 10:53 AM To: User questions and discussions about OTRS.org Subject: RE: [otrs] Active Directory Authentication Any details in the logfile? Also, i don't think that nested groups works, so the members has to be direct members of the group. -- /Sune From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Benedick, Jason Sent: 21. maj 2007 15:18 To: User questions and discussions about OTRS.org Subject: RE: [otrs] Active Directory Authentication Adding that line doesn't solve the problem I'm having. Thanks, Jason R. Benedick Workstation Technician Thaddeus Stevens College of Technology (717) 391-6957 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sune T. Tougaard Sent: Monday, May 21, 2007 5:10 AM To: User questions and discussions about OTRS.org Subject: RE: [otrs] Active Directory Authentication Hi Jason, Same authentication setup here, and i think that i might have experienced something like this. Try adding this line to the config: $Self-{'AuthModule::LDAP::AccessAttr'} = 'member'; I think that the otrs default setting is: $Self-{'AuthModule::LDAP::AccessAttr'} = 'memberUid'; And that's not quite what the AD LDAP has to offer. As for the host failover, i don't know if you can use multiple host names. I'm using just the domain name. That is: example.org, and the DNS round-robins it. Not entirely failover, but better than nothing. -- /Sune From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Benedick, Jason Sent: 21. maj 2007 00:49 To: otrs@otrs.org Subject: [otrs] Active Directory Authentication I have active directory authentication working with the exception of the GroupDN for the admin interface. When I comment out the GroupDN and the UserAttr lines everything works fine again. We are running Windows Server 2003 on our DCs if that matters. $Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self-{'AuthModule::LDAP::Host'} = 'dc1.example.org'; $Self-{'AuthModule::LDAP::BaseDN'} = 'OU=users,dc=example,dc=org'; $Self-{'AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self-{'AuthModule::LDAP::SearchUserDN'} = 'CN=LDAP\\, Linux,OU=Service Accounts,DC=example,DC=org'; $Self-{'AuthModule::LDAP::SearchUserPw'} = 'password'; $Self-{'AuthModule::LDAP::GroupDN'} = 'CN=otrs,OU=users,DC=example,DC=org'; $Self-{'AuthModule::LDAP::UserAttr'} = 'DN'; $Self-{UserSyncLDAPMap} = { #DB - LDAP Firstname = 'givenName', Lastname = 'sn', Email = 'mail', }; Also while I'm asking can I put multiple DCs in under host for failover? IE can I do something like: $Self-{'AuthModule::LDAP::Host'} = 'dc1.example.org;dc2.example.org'; and will OTRS use dc2 if dc1 is down? Thanks, Jason R. Benedick Workstation Technician Thaddeus Stevens College of Technology ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support or consulting for your OTRS system? = http://www.otrs.com/
RE: [otrs] Active Directory Authentication
Hm, that error message... Don't know if it's because of cleaning before publication of your config, but one thing that comes to mind, is that the default Users container is just that: A container. Not an OU. So, yet another suggestion: Change the OU to CN in the lines: $Self-{'AuthModule::LDAP::BaseDN'} = 'OU=users,dc=example,dc=org'; and $Self-{'AuthModule::LDAP::GroupDN'} = 'CN=otrs,OU=users,DC=example,DC=org'; -- /Sune _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Benedick, Jason Sent: 21. maj 2007 21:51 To: User questions and discussions about OTRS.org Subject: RE: [otrs] Active Directory Authentication I'm getting this error: May 21 15:30:05 websvr OTRS-CGI-10[21731]: [Notice][Kernel::System::Auth::LDAP::Auth] User: benedick authentication failed, no LDAP group entry foundGroupDN='CN=otrs,OU=users,DC=example,DC=org', Filter='(member=CN=Benedick\, Jason,OU=users,DC=example,DC=org)'! Jason R. Benedick Workstation Technician Thaddeus Stevens College of Technology (717) 391-6957 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sune T. Tougaard Sent: Monday, May 21, 2007 10:53 AM To: User questions and discussions about OTRS.org Subject: RE: [otrs] Active Directory Authentication Any details in the logfile? Also, i don't think that nested groups works, so the members has to be direct members of the group. -- /Sune _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Benedick, Jason Sent: 21. maj 2007 15:18 To: User questions and discussions about OTRS.org Subject: RE: [otrs] Active Directory Authentication Adding that line doesn't solve the problem I'm having. Thanks, Jason R. Benedick Workstation Technician Thaddeus Stevens College of Technology (717) 391-6957 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sune T. Tougaard Sent: Monday, May 21, 2007 5:10 AM To: User questions and discussions about OTRS.org Subject: RE: [otrs] Active Directory Authentication Hi Jason, Same authentication setup here, and i think that i might have experienced something like this. Try adding this line to the config: $Self-{'AuthModule::LDAP::AccessAttr'} = 'member'; I think that the otrs default setting is: $Self-{'AuthModule::LDAP::AccessAttr'} = 'memberUid'; And that's not quite what the AD LDAP has to offer. As for the host failover, i don't know if you can use multiple host names. I'm using just the domain name. That is: example.org, and the DNS round-robins it. Not entirely failover, but better than nothing. -- /Sune _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Benedick, Jason Sent: 21. maj 2007 00:49 To: otrs@otrs.org Subject: [otrs] Active Directory Authentication I have active directory authentication working with the exception of the GroupDN for the admin interface. When I comment out the GroupDN and the UserAttr lines everything works fine again. We are running Windows Server 2003 on our DCs if that matters. $Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self-{'AuthModule::LDAP::Host'} = 'dc1.example.org'; $Self-{'AuthModule::LDAP::BaseDN'} = 'OU=users,dc=example,dc=org'; $Self-{'AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self-{'AuthModule::LDAP::SearchUserDN'} = 'CN=LDAP\\, Linux,OU=Service Accounts,DC=example,DC=org'; $Self-{'AuthModule::LDAP::SearchUserPw'} = 'password'; $Self-{'AuthModule::LDAP::GroupDN'} = 'CN=otrs,OU=users,DC=example,DC=org'; $Self-{'AuthModule::LDAP::UserAttr'} = 'DN'; $Self-{UserSyncLDAPMap} = { #DB - LDAP Firstname = 'givenName', Lastname = 'sn', Email = 'mail', }; Also while I'm asking can I put multiple DCs in under host for failover? IE can I do something like: $Self-{'AuthModule::LDAP::Host'} = 'dc1.example.org;dc2.example.org'; and will OTRS use dc2 if dc1 is down? Thanks, Jason R. Benedick Workstation Technician Thaddeus Stevens College of Technology ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support or consulting for your OTRS system? = http://www.otrs.com/
RE: [otrs] Active Directory Authentication
The DNs are correct I've verified them in the AD. I copied the pasted both DNs directly from the program LDP.exe. Jason R. Benedick Workstation Technician Thaddeus Stevens College of Technology (717) 391-6957 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sune T. Tougaard Sent: Monday, May 21, 2007 4:52 PM To: User questions and discussions about OTRS.org Subject: RE: [otrs] Active Directory Authentication Hm, that error message... Don't know if it's because of cleaning before publication of your config, but one thing that comes to mind, is that the default Users container is just that: A container. Not an OU. So, yet another suggestion: Change the OU to CN in the lines: $Self-{'AuthModule::LDAP::BaseDN'} = 'OU=users,dc=example,dc=org'; and $Self-{'AuthModule::LDAP::GroupDN'} = 'CN=otrs,OU=users,DC=example,DC=org'; -- /Sune From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Benedick, Jason Sent: 21. maj 2007 21:51 To: User questions and discussions about OTRS.org Subject: RE: [otrs] Active Directory Authentication I'm getting this error: May 21 15:30:05 websvr OTRS-CGI-10[21731]: [Notice][Kernel::System::Auth::LDAP::Auth] User: benedick authentication failed, no LDAP group entry foundGroupDN='CN=otrs,OU=users,DC=example,DC=org', Filter='(member=CN=Benedick\, Jason,OU=users,DC=example,DC=org)'! Jason R. Benedick Workstation Technician Thaddeus Stevens College of Technology (717) 391-6957 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sune T. Tougaard Sent: Monday, May 21, 2007 10:53 AM To: User questions and discussions about OTRS.org Subject: RE: [otrs] Active Directory Authentication Any details in the logfile? Also, i don't think that nested groups works, so the members has to be direct members of the group. -- /Sune From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Benedick, Jason Sent: 21. maj 2007 15:18 To: User questions and discussions about OTRS.org Subject: RE: [otrs] Active Directory Authentication Adding that line doesn't solve the problem I'm having. Thanks, Jason R. Benedick Workstation Technician Thaddeus Stevens College of Technology (717) 391-6957 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sune T. Tougaard Sent: Monday, May 21, 2007 5:10 AM To: User questions and discussions about OTRS.org Subject: RE: [otrs] Active Directory Authentication Hi Jason, Same authentication setup here, and i think that i might have experienced something like this. Try adding this line to the config: $Self-{'AuthModule::LDAP::AccessAttr'} = 'member'; I think that the otrs default setting is: $Self-{'AuthModule::LDAP::AccessAttr'} = 'memberUid'; And that's not quite what the AD LDAP has to offer. As for the host failover, i don't know if you can use multiple host names. I'm using just the domain name. That is: example.org, and the DNS round-robins it. Not entirely failover, but better than nothing. -- /Sune From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Benedick, Jason Sent: 21. maj 2007 00:49 To: otrs@otrs.org Subject: [otrs] Active Directory Authentication I have active directory authentication working with the exception of the GroupDN for the admin interface. When I comment out the GroupDN and the UserAttr lines everything works fine again. We are running Windows Server 2003 on our DCs if that matters. $Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self-{'AuthModule::LDAP::Host'} = 'dc1.example.org'; $Self-{'AuthModule::LDAP::BaseDN'} = 'OU=users,dc=example,dc=org'; $Self-{'AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self-{'AuthModule::LDAP::SearchUserDN'} = 'CN=LDAP\\, Linux,OU=Service Accounts,DC=example,DC=org'; $Self-{'AuthModule::LDAP::SearchUserPw'} = 'password'; $Self-{'AuthModule::LDAP::GroupDN'} = 'CN=otrs,OU=users,DC=example,DC=org'; $Self-{'AuthModule::LDAP::UserAttr'} = 'DN'; $Self-{UserSyncLDAPMap} = { #DB - LDAP Firstname = 'givenName', Lastname = 'sn', Email = 'mail', }; Also while I'm asking can I put multiple DCs in under host for failover? IE can I do something like: $Self-{'AuthModule::LDAP::Host'} = 'dc1.example.org;dc2.example.org'; and will OTRS use dc2 if dc1 is down? Thanks, Jason R. Benedick Workstation Technician Thaddeus Stevens College of Technology ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support or consulting for your OTRS system? = http://www.otrs.com/
RE: [otrs] Active Directory Authentication
Looks like it doesn't like the , in the name. Or perhaps the single escape. At least i can get it to produce the same error if i put a , in my name. Don't know what to do about that, other than removing them. Not really a solution, though. -- /Sune _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Benedick, Jason Sent: 21. maj 2007 23:13 To: User questions and discussions about OTRS.org Subject: RE: [otrs] Active Directory Authentication The DNs are correct I've verified them in the AD. I copied the pasted both DNs directly from the program LDP.exe. Jason R. Benedick Workstation Technician Thaddeus Stevens College of Technology (717) 391-6957 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sune T. Tougaard Sent: Monday, May 21, 2007 4:52 PM To: User questions and discussions about OTRS.org Subject: RE: [otrs] Active Directory Authentication Hm, that error message... Don't know if it's because of cleaning before publication of your config, but one thing that comes to mind, is that the default Users container is just that: A container. Not an OU. So, yet another suggestion: Change the OU to CN in the lines: $Self-{'AuthModule::LDAP::BaseDN'} = 'OU=users,dc=example,dc=org'; and $Self-{'AuthModule::LDAP::GroupDN'} = 'CN=otrs,OU=users,DC=example,DC=org'; -- /Sune _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Benedick, Jason Sent: 21. maj 2007 21:51 To: User questions and discussions about OTRS.org Subject: RE: [otrs] Active Directory Authentication I'm getting this error: May 21 15:30:05 websvr OTRS-CGI-10[21731]: [Notice][Kernel::System::Auth::LDAP::Auth] User: benedick authentication failed, no LDAP group entry foundGroupDN='CN=otrs,OU=users,DC=example,DC=org', Filter='(member=CN=Benedick\, Jason,OU=users,DC=example,DC=org)'! Jason R. Benedick Workstation Technician Thaddeus Stevens College of Technology (717) 391-6957 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sune T. Tougaard Sent: Monday, May 21, 2007 10:53 AM To: User questions and discussions about OTRS.org Subject: RE: [otrs] Active Directory Authentication Any details in the logfile? Also, i don't think that nested groups works, so the members has to be direct members of the group. -- /Sune _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Benedick, Jason Sent: 21. maj 2007 15:18 To: User questions and discussions about OTRS.org Subject: RE: [otrs] Active Directory Authentication Adding that line doesn't solve the problem I'm having. Thanks, Jason R. Benedick Workstation Technician Thaddeus Stevens College of Technology (717) 391-6957 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sune T. Tougaard Sent: Monday, May 21, 2007 5:10 AM To: User questions and discussions about OTRS.org Subject: RE: [otrs] Active Directory Authentication Hi Jason, Same authentication setup here, and i think that i might have experienced something like this. Try adding this line to the config: $Self-{'AuthModule::LDAP::AccessAttr'} = 'member'; I think that the otrs default setting is: $Self-{'AuthModule::LDAP::AccessAttr'} = 'memberUid'; And that's not quite what the AD LDAP has to offer. As for the host failover, i don't know if you can use multiple host names. I'm using just the domain name. That is: example.org, and the DNS round-robins it. Not entirely failover, but better than nothing. -- /Sune _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Benedick, Jason Sent: 21. maj 2007 00:49 To: otrs@otrs.org Subject: [otrs] Active Directory Authentication I have active directory authentication working with the exception of the GroupDN for the admin interface. When I comment out the GroupDN and the UserAttr lines everything works fine again. We are running Windows Server 2003 on our DCs if that matters. $Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self-{'AuthModule::LDAP::Host'} = 'dc1.example.org'; $Self-{'AuthModule::LDAP::BaseDN'} = 'OU=users,dc=example,dc=org'; $Self-{'AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self-{'AuthModule::LDAP::SearchUserDN'} = 'CN=LDAP\\, Linux,OU=Service Accounts,DC=example,DC=org'; $Self-{'AuthModule::LDAP::SearchUserPw'} = 'password'; $Self-{'AuthModule::LDAP::GroupDN'} = 'CN=otrs,OU=users,DC=example,DC=org'; $Self-{'AuthModule::LDAP::UserAttr'} = 'DN'; $Self-{UserSyncLDAPMap} = { #DB - LDAP Firstname = 'givenName', Lastname = 'sn', Email = 'mail', }; Also while I'm asking can I put multiple DCs in under host for failover? IE can I do something like: $Self-{'AuthModule::LDAP::Host'} = 'dc1.example.org;dc2.example.org'; and will OTRS use dc2 if dc1 is down? Thanks, Jason R. Benedick Workstation Technician Thaddeus Stevens
[otrs] Active Directory Authentication
I have active directory authentication working with the exception of the GroupDN for the admin interface. When I comment out the GroupDN and the UserAttr lines everything works fine again. We are running Windows Server 2003 on our DCs if that matters. $Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self-{'AuthModule::LDAP::Host'} = 'dc1.example.org'; $Self-{'AuthModule::LDAP::BaseDN'} = 'OU=users,dc=example,dc=org'; $Self-{'AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self-{'AuthModule::LDAP::SearchUserDN'} = 'CN=LDAP\\, Linux,OU=Service Accounts,DC=example,DC=org'; $Self-{'AuthModule::LDAP::SearchUserPw'} = 'password'; $Self-{'AuthModule::LDAP::GroupDN'} = 'CN=otrs,OU=users,DC=example,DC=org'; $Self-{'AuthModule::LDAP::UserAttr'} = 'DN'; $Self-{UserSyncLDAPMap} = { #DB - LDAP Firstname = 'givenName', Lastname = 'sn', Email = 'mail', }; Also while I'm asking can I put multiple DCs in under host for failover? IE can I do something like: $Self-{'AuthModule::LDAP::Host'} = 'dc1.example.org;dc2.example.org'; and will OTRS use dc2 if dc1 is down? Thanks, Jason R. Benedick Workstation Technician Thaddeus Stevens College of Technology ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support or consulting for your OTRS system? = http://www.otrs.com/
[otrs] Active Directory integration charset
Hi list, I've setup Otrs 2.1.1 with active directory integration. Integration works fine, but in french, I've a problem with special caractères like this : Assistante Création / Transmission in place of Assistante Création / Transmission I've tried a solution in http://bugs.otrs.org/show_bug.cgi?id=1056, changing charset in Config.pm to utf-8 does'nt work. Any Ideas ? Is it a bug ? Thanks Olivier BATARD Service Informatique CMALA Tel : 02 51 13 83 74 TP : 06 79 66 17 29 ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support orr consulting for your OTRS system? = http://www.otrs.com/
[otrs] active directory and otrs 2.0
Hi! i want to config AD over otrs 2.0 but I do not find the documentation in the handbook.. someone knows where I can find it??? thank Luca ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support orr consulting for your OTRS system? = http://www.otrs.com/
Re: [otrs] active directory and otrs 2.0
Luca Tebaldi wrote: i want to config AD over otrs 2.0 but I do not find the documentation in the handbook.. someone knows where I can find it??? I haven't done it myself, but AD is an LDAP server, right? http://doc.otrs.org/2.0/en/html/x1362.html#customer-backend-ldap Nils Breunese. ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support orr consulting for your OTRS system? = http://www.otrs.com/
Re: [otrs] Active Directory and OTRS2?
Priyadarsan Roy ha scritto: I am using 2 and it works fine in it. Al you have to do is to add the necessary items in OTRS_HOME/Kernel/Config.pm That's good news, I'll try it asap. I just would like to read about it also in OTRS 2 docs... or did I miss it? -- -- Boniforti Flavio Provincia del Verbano-Cusio-Ossola Ufficio Informatica Tecnoparco del Lago Maggiore Via dell'Industria, 25 28924 Verbania -- ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support orr consulting for your OTRS system? = http://www.otrs.com/
Re: [otrs] Active Directory and OTRS2?
Boniforti Flavio ha scritto: That's good news, I'll try it asap. I just would like to read about it also in OTRS 2 docs... or did I miss it? OK, I missed it and now I'm reading about that. So here are some of my doubts and not-understandings: What do I have to put in here??? $Self-{'AuthModule::LDAP::UID'} = 'uid'; And what does this mean? Do I have to define an Active Directory group which will have permit to use OTRS? If so, what's the difference between cn=otrsallow and ou=posixGroups? # Check if the user is allowed to auth in a posixGroup # (e. g. user needs to be in a group xyz to use otrs) $Self-{'AuthModule::LDAP::GroupDN'} = 'cn=otrsallow,ou=posixGroups,dc=provincia,dc=verbania,dc=it'; $Self-{'AuthModule::LDAP::AccessAttr'} = 'memberUid'; # for ldap posixGroups objectclass (just uid) #$Self-{'AuthModule::LDAP::UserAttr'} = 'UID'; # for non ldap posixGroups objectclass (with full user dn) #$Self-{'AuthModule::LDAP::UserAttr'} = 'DN'; Many thanks so far! -- -- Boniforti Flavio Provincia del Verbano-Cusio-Ossola Ufficio Informatica Tecnoparco del Lago Maggiore Via dell'Industria, 25 28924 Verbania -- ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support orr consulting for your OTRS system? = http://www.otrs.com/
[otrs] Active Directory and OTRS2?
Hello list, is the integration with Active Directory still done as in version 1.3 on OTRS 2? Or is there any particular thing to do? Many thanks. -- -- Boniforti Flavio Provincia del Verbano-Cusio-Ossola Ufficio Informatica Tecnoparco del Lago Maggiore Via dell'Industria, 25 28924 Verbania -- ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support orr consulting for your OTRS system? = http://www.otrs.com/
Re: [otrs] Active Directory and OTRS2?
Boniforti Flavio wrote: Hello list, is the integration with Active Directory still done as in version 1.3 on OTRS 2? Or is there any particular thing to do? Many thanks. I am using 2 and it works fine in it. Al you have to do is to add the necessary items in OTRS_HOME/Kernel/Config.pm PD ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support orr consulting for your OTRS system? = http://www.otrs.com/
FW: [otrs] Active Directory
Title: Re: [otrs] Active Directory Can some one please help me, how can I disable the Customer User Management. I am trying to sort the problem below. Thanks From: Mamakwa M. Sefiri Sent: 23 June 2006 08:06 AM To: User questions and discussions about OTRS.org Subject: RE: [otrs] Active Directory One of my customers who joined our organization last week tried to log in yesterday and today, and this is the error that she gets Login failed! Your username or password was entered incorrectly. I have checked on the Customer User Management her details are not there. From: Andy Lubel [mailto:[EMAIL PROTECTED] Sent: 22 June 2006 04:20 PM To: User questions and discussions about OTRS.org Subject: Re: [otrs] Active Directory They need to log in. On 6/22/06 8:40 AM, Mamakwa M. Sefiri [EMAIL PROTECTED] wrote: I have activated the Customer User Groups Management some time ago, and it works fine, but the problem is it does not automatically update itself. I have added new Customer on our Active Directory and the do not appear on Customer User Groups Management. Please advise. Thanks Mamakwa ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support orr consulting for your OTRS system? = http://www.otrs.com/ -- ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support orr consulting for your OTRS system? = http://www.otrs.com/___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support orr consulting for your OTRS system? = http://www.otrs.com/
[otrs] Active directory
One of my customers who joined our organization last week tried to log in yesterday and today, and this is the error that she gets Login failed! Your username or password was entered incorrectly. I have checked on the Customer User Management her details are not there. The system does not pick up changes made on the active directory. Please advice thanks ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support orr consulting for your OTRS system? = http://www.otrs.com/
RE: [otrs] Active Directory
Title: Re: [otrs] Active Directory One of my customers who joined our organization last week tried to log in yesterday and today, and this is the error that she gets Login failed! Your username or password was entered incorrectly. I have checked on the Customer User Management her details are not there. From: Andy Lubel [mailto:[EMAIL PROTECTED] Sent: 22 June 2006 04:20 PM To: User questions and discussions about OTRS.org Subject: Re: [otrs] Active Directory They need to log in. On 6/22/06 8:40 AM, Mamakwa M. Sefiri [EMAIL PROTECTED] wrote: I have activated the Customer User Groups Management some time ago, and it works fine, but the problem is it does not automatically update itself. I have added new Customer on our Active Directory and the do not appear on Customer User Groups Management. Please advise. Thanks Mamakwa ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support orr consulting for your OTRS system? = http://www.otrs.com/ -- ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support orr consulting for your OTRS system? = http://www.otrs.com/
Re: [otrs] Active Directory
Title: Re: [otrs] Active Directory They need to log in. On 6/22/06 8:40 AM, Mamakwa M. Sefiri [EMAIL PROTECTED] wrote: I have activated the Customer User Groups Management some time ago, and it works fine, but the problem is it does not automatically update itself. I have added new Customer on our Active Directory and the do not appear on Customer User Groups Management. Please advise. Thanks Mamakwa ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support orr consulting for your OTRS system? = http://www.otrs.com/ -- ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support orr consulting for your OTRS system? = http://www.otrs.com/
Re: [otrs] Active Directory integration
', 'Email', 'mail', 1, 1, 'var' ], [ 'UserCustomerID', 'CustomerID', 'company', 0, 1, 'var' ], # [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ], # [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ], # [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ], ], }; Possibly send your config Isaac Gonzalez Systems Administrator AutoReturn Phone: (415)575-2359 Fax: (415)575-2379 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Guillaume Rehm Sent: Thursday, April 13, 2006 3:06 AM To: otrs@otrs.org Subject: [otrs] Active Directory integration Hi all, I integrate Active Directory into OTRS. I can log in OTRS with the account specified to search in active directory. But all others account can't be activated by OTRS. Moreover, [EMAIL PROTECTED] (local root account) can't log in now. Anyone have an idea ? Thanks in advance ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? = http://www.otrs.de/ ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? = http://www.otrs.de/
Re: [otrs] Active Directory integration
Hi, By all others I mean local users in OTRS database ([EMAIL PROTECTED] for example) Guillaume REHM Service Informatique Bibliothèque Nationale et Universitaire de Strasbourg 5 rue du Maréchal Joffre BP 51029 67070 Strasbourg tél: 03 88 25 28 43 fax: 03 88 25 28 03 mail: [EMAIL PROTECTED] web: http://www.bnu.fr Mike McGrath a écrit : Guillaume Rehm wrote: Hi all, I integrate Active Directory into OTRS. I can log in OTRS with the account specified to search in active directory. But all others account can't be activated by OTRS. Moreover, [EMAIL PROTECTED] (local root account) can't log in now. Anyone have an idea ? Thanks in advance By all others do you mean customers? There's agents and customers and both have different config settings in the Config.pm. -Mike ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? = http://www.otrs.de/ ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? = http://www.otrs.de/
Re: [otrs] Active Directory integration
hi, This is my Config.pm file: # # # INTEGRATION ACTIVE DIRECTORY # # $Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self-{'AuthModule::LDAP::Host'} = 'hostxx'; $Self-{'AuthModule::LDAP::BaseDN'} = 'ou=Pro,dc=exploitation,dc=local'; $Self-{'AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self-{'AuthModule::LDAP::SearchUserDN'} = 'cn=Guillaume Rehm,ou=Pro,dc=exploitation,dc=local'; $Self-{'AuthModule::LDAP::SearchUserPw'} = 'xxx'; $Self-{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self-{'Customer::AuthModule::LDAP::Host'} = 'hostxx'; $Self-{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=Pro,dc=exploitation,dc=local'; $Self-{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self-{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=Guillaume Rehm,ou=Pro,dc=exploitation,dc=local'; $Self-{'Customer::AuthModule::LDAP::SearchUserPw'} = 'xxx'; $Self-{CustomerUser} = { Module = 'Kernel::System::CustomerUser::LDAP', Params = { Host = 'hostxx', BaseDN = 'ou=Pro,dc=exploitation,dc=local', SSCOPE = 'sub', UserDN = 'cn=Guillaume Rehm,ou=Pro,dc=exploitation,dc=local', UserPw = 'xxx', }, CustomerKey = 'sAMAccountName', CustomerID = 'mail', CustomerUserListFields = ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchFields = ['sAMAccountName', 'cn', 'mail'], CustomerUserPostMasterSearchFields = 'mail', CustomerUserNameFields = ['givenname', 'sn'], Map = [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown, required, storage-type # [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ], [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ], [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ], [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ], # [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ], # [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ], # [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ], ], }; Thanks in advance Guillaume REHM Service Informatique Bibliothèque Nationale et Universitaire de Strasbourg 5 rue du Maréchal Joffre BP 51029 67070 Strasbourg tél: 03 88 25 28 43 fax: 03 88 25 28 03 mail: [EMAIL PROTECTED] web: http://www.bnu.fr Isaac Gonzalez a écrit : What have you specified as your mappings The following work fine for me: CustomerKey = 'sAMAccountName', CustomerID = '[customer_id]', CustomerUserListFields = ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchFields = ['sAMAccountName', 'cn', 'mail'], CustomerUserPostMasterSearchFields = ['mail'], CustomerUserNameFields = ['givenname', 'sn'], Map = [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown, required, storage-type # [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ], [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ], [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ], [ 'UserCustomerID', 'CustomerID', 'company', 0, 1, 'var' ], # [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ], # [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ], # [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ], ], }; Possibly send your config Isaac Gonzalez Systems Administrator AutoReturn Phone: (415)575-2359 Fax: (415)575-2379 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Guillaume Rehm Sent: Thursday, April 13, 2006 3:06 AM To: otrs@otrs.org Subject: [otrs] Active Directory integration Hi all, I integrate Active Directory into OTRS. I can log in OTRS with the account specified to search in active directory. But all others account can't be activated by OTRS. Moreover, [EMAIL PROTECTED] (local root account) can't log in now. Anyone have an idea ? Thanks in advance ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? = http://www.otrs.de/
Re: [otrs] Active Directory integration
Hi again, All works fine now. My test users accounts don't have mail in there users settings !!! Is that why. But now, I can't login into root (admin otrs). Anyone have an idea ? When I log into root, OTRS search into Active Directory a root user. How can I say: users=Active Directory and Admin=local DB ? How can I say: this Active Directory users is admin of otrs ? Thanks in advance Guillaume REHM Service Informatique Bibliothèque Nationale et Universitaire de Strasbourg 5 rue du Maréchal Joffre BP 51029 67070 Strasbourg tél: 03 88 25 28 43 fax: 03 88 25 28 03 mail: [EMAIL PROTECTED] web: http://www.bnu.fr Guillaume Rehm a écrit : hi, This is my Config.pm file: # # # INTEGRATION ACTIVE DIRECTORY # # $Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self-{'AuthModule::LDAP::Host'} = 'hostxx'; $Self-{'AuthModule::LDAP::BaseDN'} = 'ou=Pro,dc=exploitation,dc=local'; $Self-{'AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self-{'AuthModule::LDAP::SearchUserDN'} = 'cn=Guillaume Rehm,ou=Pro,dc=exploitation,dc=local'; $Self-{'AuthModule::LDAP::SearchUserPw'} = 'xxx'; $Self-{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self-{'Customer::AuthModule::LDAP::Host'} = 'hostxx'; $Self-{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=Pro,dc=exploitation,dc=local'; $Self-{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self-{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=Guillaume Rehm,ou=Pro,dc=exploitation,dc=local'; $Self-{'Customer::AuthModule::LDAP::SearchUserPw'} = 'xxx'; $Self-{CustomerUser} = { Module = 'Kernel::System::CustomerUser::LDAP', Params = { Host = 'hostxx', BaseDN = 'ou=Pro,dc=exploitation,dc=local', SSCOPE = 'sub', UserDN = 'cn=Guillaume Rehm,ou=Pro,dc=exploitation,dc=local', UserPw = 'xxx', }, CustomerKey = 'sAMAccountName', CustomerID = 'mail', CustomerUserListFields = ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchFields = ['sAMAccountName', 'cn', 'mail'], CustomerUserPostMasterSearchFields = 'mail', CustomerUserNameFields = ['givenname', 'sn'], Map = [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown, required, storage-type # [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ], [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ], [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ], [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ], # [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ], # [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ], # [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ], ], }; Thanks in advance Guillaume REHM Service Informatique Bibliothèque Nationale et Universitaire de Strasbourg 5 rue du Maréchal Joffre BP 51029 67070 Strasbourg tél: 03 88 25 28 43 fax: 03 88 25 28 03 mail: [EMAIL PROTECTED] web: http://www.bnu.fr Isaac Gonzalez a écrit : What have you specified as your mappings The following work fine for me: CustomerKey = 'sAMAccountName', CustomerID = '[customer_id]', CustomerUserListFields = ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchFields = ['sAMAccountName', 'cn', 'mail'], CustomerUserPostMasterSearchFields = ['mail'], CustomerUserNameFields = ['givenname', 'sn'], Map = [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown, required, storage-type # [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ], [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ], [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ], [ 'UserCustomerID', 'CustomerID', 'company', 0, 1, 'var' ], # [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ], # [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ], # [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ], ], }; Possibly send your config Isaac Gonzalez Systems Administrator AutoReturn Phone: (415)575-2359 Fax: (415)575-2379 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Guillaume Rehm Sent: Thursday, April 13, 2006 3:06 AM To: otrs@otrs.org Subject: [otrs] Active Directory integration Hi all, I integrate Active Directory into OTRS. I can log in OTRS with the account specified
Re: [otrs] Active Directory integration
Gonzalez Systems Administrator AutoReturn Phone: (415)575-2359 Fax: (415)575-2379 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Guillaume Rehm Sent: Thursday, April 13, 2006 3:06 AM To: otrs@otrs.org Subject: [otrs] Active Directory integration Hi all, I integrate Active Directory into OTRS. I can log in OTRS with the account specified to search in active directory. But all others account can't be activated by OTRS. Moreover, [EMAIL PROTECTED] (local root account) can't log in now. Anyone have an idea ? Thanks in advance ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? = http://www.otrs.de/
Re: [otrs] Active Directory integration
Guillaume Rehm wrote: Hi all, I integrate Active Directory into OTRS. I can log in OTRS with the account specified to search in active directory. But all others account can't be activated by OTRS. Moreover, [EMAIL PROTECTED] (local root account) can't log in now. Anyone have an idea ? Thanks in advance By all others do you mean customers? There's agents and customers and both have different config settings in the Config.pm. -Mike ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? = http://www.otrs.de/
RE: [otrs] Active Directory integration
What have you specified as your mappings The following work fine for me: CustomerKey = 'sAMAccountName', CustomerID = '[customer_id]', CustomerUserListFields = ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchFields = ['sAMAccountName', 'cn', 'mail'], CustomerUserPostMasterSearchFields = ['mail'], CustomerUserNameFields = ['givenname', 'sn'], Map = [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown, required, storage-type # [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ], [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ], [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ], [ 'UserCustomerID', 'CustomerID', 'company', 0, 1, 'var' ], # [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ], # [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ], # [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ], ], }; Possibly send your config Isaac Gonzalez Systems Administrator AutoReturn Phone: (415)575-2359 Fax: (415)575-2379 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Guillaume Rehm Sent: Thursday, April 13, 2006 3:06 AM To: otrs@otrs.org Subject: [otrs] Active Directory integration Hi all, I integrate Active Directory into OTRS. I can log in OTRS with the account specified to search in active directory. But all others account can't be activated by OTRS. Moreover, [EMAIL PROTECTED] (local root account) can't log in now. Anyone have an idea ? Thanks in advance -- Guillaume REHM Service Informatique Bibliothèque Nationale et Universitaire de Strasbourg 5 rue du Maréchal Joffre BP 51029 67070 Strasbourg tél: 03 88 25 28 43 fax: 03 88 25 28 03 mail: [EMAIL PROTECTED] web: http://www.bnu.fr ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? = http://www.otrs.de/ ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? = http://www.otrs.de/
RE: [otrs] Active Directory/LDAP authentication problem
On Thu, 2006-01-19 at 10:03 -0800, Hames, Joel wrote: When I say that I have made progress, I am mostly referring to a login screen with no response with I type in a username and password, to one that says, No User Data! to the error message I posted previously. Then just create the user in otrs from the administrative panel. Only authentication is performed via AD, but you still need the user in the local otrs database. -- Luca Corti PGP Key ID 1F38C091 Adesso dico: Prima di tutto il resto, imparare ad ascoltare. signature.asc Description: This is a digitally signed message part ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? = http://www.otrs.de/
RE: [otrs] Active Directory/LDAP authentication problem
Title: Active Directory/LDAP authentication problem Joel, Please post your config.pm. When you say youve made some progress, what does that mean exactly. Have you been able to have your customer end authenticate at all with AD? Im trying to do the same thing, but seem to be having problems aswell, so a sample config.pm to compare mine to would be helpful. Thanks, Mike Pietersen, A+, MCP All State Fastener Corporation IT (586) 498-1388 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hames, Joel Sent: Tuesday, January 17, 2006 6:47 PM To: otrs@otrs.org Subject: [otrs] Active Directory/LDAP authentication problem I have made some progress in getting this working, but I now have this error on my customer login screen: IO::Socket::INET: connect: Unknown error at D:/Programs/OTRS/otrs//Kernel/System/CustomerUser/LDAP.pm line 63. I am not sure if this is an inability to connect problem, or if it is an inability to authenticate against Active Directory. I can post my config.pm, if necessary. Thank you, Joel Hames Director of Technology Tamalpais Union High School District [EMAIL PROTECTED] (415) 945-3798 ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? = http://www.otrs.de/
RE: [otrs] Active Directory/LDAP authentication problem
Title: Active Directory/LDAP authentication problem Does ANYONE have a working/authenticating AD/LDAP config.pm that they can post? If I dont get OTRS working soon, Im going to have to can the project and find something else (which I dont want to do, because I happen to like OTRS). Thanks, Mike Pietersen, A+, MCP All State Fastener Corporation IT (586) 498-1388 ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? = http://www.otrs.de/
RE: [otrs] Active Directory/LDAP authentication problem
On Thu, 2006-01-19 at 09:35 -0500, Mike Pietersen wrote: Does ANYONE have a working/authenticating AD/LDAP config.pm that they can post? For Agents or Customers? You can find detailed instructions in the 1.3 manual. HTH -- Luca Corti PGP Key ID 1F38C091 BOFH excuse of the moment: Electricians made popcorn in the power supply ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? = http://www.otrs.de/
RE: [otrs] Active Directory/LDAP authentication problem
# CustomerID = 'mail', CustomerUserListFields = ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchFields = ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchPrefix = '', CustomerUserSearchSuffix = '*', CustomerUserSearchListLimit = 250, CustomerUserPostMasterSearchFields = ['mail'], CustomerUserNameFields = ['givenname', 'sn'], Map = [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown, required, storage-type # [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ], [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ], [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ], [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ], [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ], # [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ], # [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ], ], }; Thanks, Mike Pietersen, A+, MCP All State Fastener Corporation IT (586) 498-1388 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Luca Corti Sent: Thursday, January 19, 2006 9:38 AM To: User questions and discussions about OTRS.org Subject: RE: [otrs] Active Directory/LDAP authentication problem On Thu, 2006-01-19 at 09:35 -0500, Mike Pietersen wrote: Does ANYONE have a working/authenticating AD/LDAP config.pm that they can post? For Agents or Customers? You can find detailed instructions in the 1.3 manual. HTH -- Luca Corti PGP Key ID 1F38C091 BOFH excuse of the moment: Electricians made popcorn in the power supply ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? = http://www.otrs.de/ ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? = http://www.otrs.de/
RE: [otrs] Active Directory/LDAP authentication problem
When I say that I have made progress, I am mostly referring to a login screen with no response with I type in a username and password, to one that says, No User Data! to the error message I posted previously. Each time it seems like I recognize some little improvement that I can make, based on other's experiences. This latest error seems to have something to do with connecting to LDAP, or in where it is looking in AD. I still, though, haven't seen another working AD/LDAP config.pm other than the one in the documentation. One other thing is that my users are in separate OUs, so I am not sure if I need multiple entries for this in the configuration, or if it will start from a BaseDN and search downwards. Here's my config.pm (at least, the relevant portions): # # # fs root directory # # $Self-{Home} = 'D:/Programs/OTRS/otrs'; # # # insert your own config settings here # # config settings taken from Kernel/Config/Defaults.pm # # # # $Self-{SessionUseCookie} = 0; # $Self-{'CheckMXRecord'} = 1; $Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self-{'AuthModule::LDAP::Host'} = 'tammain.tuhsd.edu'; $Self-{'AuthModule::LDAP::BaseDN'} = 'DC=tuhsd,DC=edu'; $Self-{'AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self-{'AuthModule::LDAP::SearchUserDN'} = 'cn=OTRS,ou=Administrative,ou=TUHSD,dc=TUHSD,dc=edu'; $Self-{'AuthModule::LDAP::SearchUserPw'} = ''; $Self-{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self-{'Customer::AuthModule::LDAP::Host'} = 'tammain.tuhsd.edu'; $Self-{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=TUHSD,dc=tuhsd,dc=edu'; $Self-{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self-{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=OTRS,ou=Administrative,ou=TUHSD,dc=TUHSD,dc=edu'; $Self-{'Customer::AuthModule::LDAP::SearchUserPw'} = '!'; $Self-{CustomerUser} = { Module = 'Kernel::System::CustomerUser::LDAP', Params = { Host = 'tammail.tuhsd.edu', BaseDN = 'ou=TUHSD,dc=tuhsd,dc=edu', SSCOPE = 'sub', UserDN = 'cn=OTRS,ou=Administrative,ou=TUHSD,dc=TUHSD,dc=edu', UserPw = '', }, CustomerKey = 'sAMAccountName', CustomerID = 'mail', CustomerUserListFields = 'sAMAccountName', 'cn', 'mail', CustomerUserSearchFields = 'sAMAccountName', 'cn', 'mail', CustomerUserPostMasterSearchFields = 'mail', CustomerUserNameFields = 'givenname', 'sn', Map = [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown, required, storage-type # [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ], [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ], [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ], [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ], # [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ], # [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ], # [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ], ], }; # # # # # # # End of your own config options!!! # # # # # # # Joel Hames Director of Technology Tamalpais Union High School District [EMAIL PROTECTED] (415) 945-3798 ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? = http://www.otrs.de/
[otrs] Active Directory/LDAP authentication problem
Title: Active Directory/LDAP authentication problem I have made some progress in getting this working, but I now have this error on my customer login screen: IO::Socket::INET: connect: Unknown error at D:/Programs/OTRS/otrs//Kernel/System/CustomerUser/LDAP.pm line 63. I am not sure if this is an inability to connect problem, or if it is an inability to authenticate against Active Directory. I can post my config.pm, if necessary. Thank you, Joel Hames Director of Technology Tamalpais Union High School District [EMAIL PROTECTED] (415) 945-3798 ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? = http://www.otrs.de/
[otrs] Re: OTRS (Active Directory) still doesn't work
Mike, This is how I got it to work. I also have it working on version 2 even though the message below refers to version 1.3.2. http://lists.otrs.org/pipermail/otrs/2005-December/009772.html Hope this helps... Mike [EMAIL PROTECTED] wrote: 1. OTRS (Active Directory) still doesn't work. (Mike Pietersen) I have had OTRS working when using the cookie based user authentication, but when I changed over to AD authentication it no longer works. All I get is: Can't locate object method new via package Kernel::System::CustomerUser::LDAP at /opt/otrs//Kernel/System/CustomerUser.pm line 80, PRODUCT line 4. This PRODUCT line 4. Error will increment and get larger if you hit refresh multiple times. I haven't modified the CustomerUser.pm at all, but I have modified the Config.pm to outline what they have on OTRS's website. It should be working, right? I probably haven't configured it properly, so I'm looking for some suggested direction on which angle to approach this at. ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? = http://www.otrs.de/
Re: [otrs] OTRS (Active Directory) still doesn't work.
Hi Mike, your error description sound like you just have some syntax errors in your Config.pm, but at the first glance, I couldn't recognize any. Note that you have to distinguish this 3 types of LDAP/AD-connection: 1. agent authentification 2. customer authentification 3. further information about customers Your description sound like you switched 2nd to AD, but your error message directes to 3rd. Sorry for that weak guidance for the moment, Alex Mike Pietersen schrieb: I have had OTRS working when using the cookie based user authentication, but when I changed over to AD authentication it no longer works. All I get is: Can't locate object method new via package Kernel::System::CustomerUser::LDAP at /opt/otrs//Kernel/System/CustomerUser.pm line 80, PRODUCT line 4. This “PRODUCT line 4.” Error will increment and get larger if you hit refresh multiple times. I haven’t modified the CustomerUser.pm at all, but I have modified the Config.pm to outline what they have on OTRS’s website. It should be working, right? I probably haven’t configured it properly, so I’m looking for some suggested direction on which angle to approach this at. CONFIG.PM: # -- # Kernel/Config.pm - Config file for OTRS kernel # Copyright (C) 2001-2005 Martin Edenhofer [EMAIL PROTECTED] # -- # $Id: Config.pm.dist,v 1.16 2005/05/27 18:12:15 martin Exp $ # -- # This software comes with ABSOLUTELY NO WARRANTY. For details, see # the enclosed file COPYING for license information (GPL). If you # did not receive this file, see http://www.gnu.org/licenses/gpl.txt. # -- # Note: # # -- OTRS does have a lot of config settings. For more settings # (Notifications, Ticket::ViewAccelerator, Ticket::NumberGenerator, # LDAP, PostMaster, Session, Preferences, ...) see # Kernel/Config/Defaults.pm and copy your wanted lines into this # config file. This file will not be changed on update! # # -- package Kernel::Config; # -- sub Load { my $Self = shift; # # # # # # # Start of your own config options!!! # # # # # # # # # # database settings# # # # DatabaseHost # (The database host.) $Self-{'DatabaseHost'} = 'localhost'; # Database # (The database name.) $Self-{'Database'} = 'otrs'; # DatabaseUser # (The database user.) $Self-{'DatabaseUser'} = 'root'; # DatabasePw # (The password of database user. You also can use bin/CryptPassword.pl # for crypted passwords.) $Self-{'DatabasePw'} = 'hot'; # DatabaseDSN # (The database DSN for MySQL == more: man DBD::mysql) $Self-{DatabaseDSN} = DBI:mysql:database=$Self-{Database};host=$Self-{DatabaseHost};; # (The database DSN for PostgrSQL == more: man DBD::Pg) # if you want to use a local socket connection #$Self-{DatabaseDSN} = DBI:Pg:dbname=$Self-{Database};; # if you want to use a tcpip connection #$Self-{DatabaseDSN} = DBI:Pg:dbname=$Self-{Database};host=$Self-{DatabaseHost};; # # # fs root directory # # $Self-{Home} = '/opt/otrs'; # # # insert your own config settings here # # config settings taken from Kernel/Config/Defaults.pm # # # # $Self-{SessionUseCookie} = 0; # $Self-{'CheckMXRecord'} = 1; $Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self-{'AuthModule::LDAP::Host'} = 'asf-fp1.allstatefastener.local'; $Self-{'AuthModule::LDAP::BaseDN'} = 'DC=allstatefastener,DC=local'; $Self-{'AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self-{'AuthModule::LDAP::SearchUserDN'} = 'CN=otrs,CN=Users,DC=allstatefastener,DC=local'; $Self-{'AuthModule::LDAP::SearchUserPw'} = 'asfcorp02'; $Self-{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self-{'Customer::AuthModule::LDAP::Host'} = 'asf-fp1.allstatefastener.local'; $Self-{'Customer::AuthModule::LDAP::BaseDN'} = 'DC=allstatefastener,DC=local'; $Self-{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self-{'Customer::AuthModule::LDAP::SearchUserDN'} =
[otrs] Active Directory and OTRS again
Hello, I guess maybe I need some advice on how to go about this now. Let me give a few facts about how this will probably be deployed: The majority of items tickets will be for external customers; however the web site will be on the intranet and not be available for external customers. The tickets will be created via phone calls. The active directory has several Organizational Unit's (ou's) for user's. In addition the actual otrs user's will also be from different ou's. Our model will likely be that the majority of ticket's will go to one queue and a group will move the ticket to the appropriate queue. Can anyone give me any excerpts from the Config.pm file so that I might get a feel of what I need? I need to be able to add user's from any ou... I started looking at the doc's site and got really tied up with the customer user. Also, will I still be able to log in with the '[EMAIL PROTECTED]' account to add user's and groups? Thanks, James ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? = http://www.otrs.de/
Re: [otrs] Active Directory authentication working, just one problem...
Alexis Castillo said this with great authority: Here's my configuration for LDAP against AD. I hope it helps. OK that doesn't look much different than mine. Could you please confirm that a user that is NOT in this group cannot log in? That's the behavior I see; anyone can log in. CD Ever lied? You're a liar. Ever stolen? You're a thief. Ever hated? The bible equates hate with murder. Ever lusted? Jesus equated lust with adultery. You've broken God's law. He'll judge all evil and you're without hope -- unless you have a savior. Repent and believe. ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? = http://www.otrs.de/
Re: [otrs] Active Directory authentication working, just one problem...
Alexis Castillo said this with great authority: When I try to log in a user that is not in the OTRS group for the first time, I get a Can't activate user.. Even more, if the user does not have the information that OTRS is using to fill the DB, it won't let the user log in for the first time. After logging in the first time and having the user created in the DB, I experience the same behavior you're mentioning, the user can log in regardless of being in the group or not. Hmm. I don't think I understand you... are you saying anyone can log into the admin area, they just have to log in twice, once to activate the account and create it in the DB and the second to actually log in? That's the behavior I see. CD Ever lied? You're a liar. Ever stolen? You're a thief. Ever hated? The bible equates hate with murder. Ever lusted? Jesus equated lust with adultery. You've broken God's law. He'll judge all evil and you're without hope -- unless you have a savior. Repent and believe. ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? = http://www.otrs.de/
[otrs] Active Directory authentication working, just one problem...
Chris, It's working for me, but I only have it for internal users. Comment out the $Self-{'AuthModule::LDAP::AccessAttr'} = 'memberUid'; in Config.pm You should only have the $Self-{'AuthModule::LDAP::UserAttr'} = 'DN'; Only users in your $Self-{'AuthModule::LDAP::GroupDN'} = 'cn=group, ou=its OU, dc=example, dc=com'; should be able to log in. -- Alexis Castillo Systems Administrator Quicksilver Express Courier http://www.qec.com/ ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? = http://www.otrs.de/
Re: [otrs] Active Directory authentication working, just one problem...
Alexis Castillo said this with great authority: It's working for me, but I only have it for internal users. Comment out the $Self-{'AuthModule::LDAP::AccessAttr'} = 'memberUid'; in Config.pm You should only have the $Self-{'AuthModule::LDAP::UserAttr'} = 'DN'; Only users in your $Self-{'AuthModule::LDAP::GroupDN'} = 'cn=group, ou=its OU, dc=example, dc=com'; should be able to log in. Bummer, still not working. I just have these two lines: $Self-{'AuthModule::LDAP::GroupDN'} = 'cn=group, ou=its OU, dc=example, dc=com'; $Self-{'AuthModule::LDAP::UserAttr'} = 'DN'; I thought it was working. I set it to a group I'm in and was able to log in. So I logged out and set it to another group and I could still log in. Care to copy and paste all of the Active Directory sections of your Config.pm file so I can see if I'm missing anything or misunderstanding you? CD Ever lied? You're a liar. Ever stolen? You're a thief. Ever hated? The bible equates hate with murder. Ever lusted? Jesus equated lust with adultery. You've broken God's law. He'll judge all evil and you're without hope -- unless you have a savior. Repent and believe. ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? = http://www.otrs.de/
Re: [otrs] Active Directory authentication working, just one problem...
Here's my configuration for LDAP against AD. I hope it helps. Alex. # # Configuration for LDAP user authentication # $Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self-{'AuthModule::LDAP::Host'} = 'example.com'; $Self-{'AuthModule::LDAP::BaseDN'} = 'dc=example,dc=com'; $Self-{'AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self-{'AuthModule::LDAP::SearchUserDN'} = 'cn=LDAP_USER,cn=Users,dc=example,dc =com'; $Self-{'AuthModule::LDAP::SearchUserPw'} = 'password'; # # Control Who gets in via LDAP # $Self-{'AuthModule::LDAP::GroupDN'} = 'cn=OTRS, ou=Intranet, ou=Access Cont rol, ou=city, dc=example, dc=com'; $Self-{'AuthModule::LDAP::UserAttr'} = 'DN'; # UserSyncLDAPMap # (map if agent should create/synced from LDAP to DB after login) $Self-{UserSyncLDAPMap} = { # DB - LDAP Firstname = 'givenName', Lastname = 'sn', Email = 'mail', }; Chris de Vidal wrote: Alexis Castillo said this with great authority: It's working for me, but I only have it for internal users. Comment out the $Self-{'AuthModule::LDAP::AccessAttr'} = 'memberUid'; in Config.pm You should only have the $Self-{'AuthModule::LDAP::UserAttr'} = 'DN'; Only users in your $Self-{'AuthModule::LDAP::GroupDN'} = 'cn=group, ou=its OU, dc=example, dc=com'; should be able to log in. Bummer, still not working. I just have these two lines: $Self-{'AuthModule::LDAP::GroupDN'} = 'cn=group, ou=its OU, dc=example, dc=com'; $Self-{'AuthModule::LDAP::UserAttr'} = 'DN'; I thought it was working. I set it to a group I'm in and was able to log in. So I logged out and set it to another group and I could still log in. Care to copy and paste all of the Active Directory sections of your Config.pm file so I can see if I'm missing anything or misunderstanding you? CD Ever lied? You're a liar. Ever stolen? You're a thief. Ever hated? The bible equates hate with murder. Ever lusted? Jesus equated lust with adultery. You've broken God's law. He'll judge all evil and you're without hope -- unless you have a savior. Repent and believe. ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? = http://www.otrs.de/ -- Alexis Castillo Systems Administrator Quicksilver Express Courier http://www.qec.com/ ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? = http://www.otrs.de/
[otrs] Active Directory authentication working, just one problem...
Great program! OTRS 1.3.2 CentOS 3.3 Perl 5.8.0-88.7 Apache 2.0.46-40.ent.centos.1 Kernel 2.4.21-20.EL.c0 Windows 2000 Active Directory Nutshell: Active Directory authentication is working but I cannot exclude users from logging into the Agent area. Details: I followed this documentation: http://otrs.mirror.netmonic.com/misc/doc/cvs/en/html/ldap-integration.html I added these lines to Config.pm: = $Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self-{'AuthModule::LDAP::Host'} = 'domain controller'; $Self-{'AuthModule::LDAP::BaseDN'} = 'dc=example, dc=com'; ### I changed the name of the domain to example.com ### ### to protect the innocent ### $Self-{'AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self-{'AuthModule::LDAP::SearchUserDN'} = 'CN=OTRS username,OU=its OU,DC=example,DC=com'; $Self-{'AuthModule::LDAP::SearchUserPw'} = 'password'; $Self-{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self-{'Customer::AuthModule::LDAP::Host'} = 'domain controller'; $Self-{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=example, dc=com'; $Self-{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self-{'Customer::AuthModule::LDAP::SearchUserDN'} = 'CN=OTRS username,OU=its OU,DC=example,DC=com'; $Self-{'Customer::AuthModule::LDAP::SearchUserPw'} = 'password'; $Self-{CustomerUser} = { Name = 'Active Directory', Module = 'Kernel::System::CustomerUser::LDAP', Params = { Host = 'domain controller', BaseDN = 'dc=example, dc=com', SSCOPE = 'sub', UserDN = 'CN=OTRS username,OU=its OU,DC=example,DC=com', UserPw = 'password', }, CustomerKey = 'sAMAccountName', CustomerID = 'mail', CustomerUserListFields = ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchFields = ['sAMAccountName', 'cn', 'mail'], CustomerUserPostMasterSearchFields = ['mail'], CustomerUserNameFields = ['givenname', 'sn'], Map = [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown, required, storage-type # [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ], [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ], [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ], [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ], # [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ], # [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ], # [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ], ], }; == Any user can log into the Agent area. As far as I can tell, they don't have rights to do anything, but even so I don't want them going there. So I added these lines: $Self-{'AuthModule::LDAP::GroupDN'} = 'cn=group, ou=its OU, dc=example, dc=com'; $Self-{'AuthModule::LDAP::AccessAttr'} = 'memberUid'; #$Self-{'AuthModule::LDAP::UserAttr'} = 'UID'; $Self-{'AuthModule::LDAP::UserAttr'} = 'DN'; No good. I cannot log in even though my account is in that group. I tried commenting the UID line and commenting the DN line, no good. Ideas? The documentation says to create a posixGroup but there's no such beast in Active Directory. I used a standard Global group. CD ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? = http://www.otrs.de/
Re: [otrs] Active Directory as customer backend
I'm using 2003 AD as my customer backend, it took me a while to get it working, but it works now. :) Scott Millard University of Central Florida Public Safety and Police 407-823-4699 [EMAIL PROTECTED] [EMAIL PROTECTED] 7/29/2004 7:28:48 AM Has anyone been able to configure OTRS to use Windows 2003 Active Directory as the customer backend? If so, are there any quick and dirty guides? The install documents reference using LDAP as the backend, but I'm not quite sure how AD == LDAP mappings would look. See the cvs version of the docs, the following chapter 11 is about AD integration: http://doc.otrs.org/cvs/en/html/ldap-integration.html hth, Robert Kehl -- ((otrs.de)) :: OTRS GmbH :: Norsk-Data-Str. 1 :: 61352 Bad Homburg http://www.otrs.de/ :: Tel. +49 (0)6172 4832388 ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? = http://www.otrs.de/ ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? = http://www.otrs.de/
Re: [otrs] Active Directory as customer backend
Has anyone been able to configure OTRS to use Windows 2003 Active Directory as the customer backend? If so, are there any quick and dirty guides? The install documents reference using LDAP as the backend, but I'm not quite sure how AD == LDAP mappings would look. See the cvs version of the docs, the following chapter 11 is about AD integration: http://doc.otrs.org/cvs/en/html/ldap-integration.html hth, Robert Kehl -- ((otrs.de)) :: OTRS GmbH :: Norsk-Data-Str. 1 :: 61352 Bad Homburg http://www.otrs.de/ :: Tel. +49 (0)6172 4832388 ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? = http://www.otrs.de/