Re: [otrs] LDAP authentication not working
Hi,
there are any entries in the otrs log?
regards,
Reto
Emily Flynn wrote:
Hi,
I can't seem to get LDAP authentication working for customer users.
It is a Windows 2000 domain with 2 domain controllers.
Can anyone see where I might be going wrong...?
Thanks
Emily
# #
# Customer LDAP Authentication #
# #
#Enable LDAP authentication for Customers / Users
$Self-{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self-{'Customer::AuthModule::LDAP::Host'} = 'xx.xxx.xx.xx';
$Self-{'Customer::AuthModule::LDAP::BaseDN'} =
'ou=user,ou=dublin,dc=int,dc=domain,dc=com';
$Self-{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
# $Self-{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrsldap';
# $Self-{'Customer::AuthModule::LDAP::SearchUserPw'} = 'password';
#CustomerUser
#(customer user database backend and settings)
$Self-{CustomerUser} = {
Module = 'Kernel::System::CustomerUser::LDAP',
Params = {
Host = 'xx.xxx.xx.xx',
BaseDN = 'ou=user,ou=dublin,dc=int,dc=domain,dc=com',
SSCOPE = 'sub',
UserDN ='otrsldap',
UserPw = 'password',
},
# customer unique id
CustomerKey = 'sAMAccountName',
# customer #
CustomerID = 'mail',
CustomerUserListFields = ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields = ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix = '',
CustomerUserSearchSuffix = '*',
CustomerUserSearchListLimit = 250,
CustomerUserPostMasterSearchFields = ['mail'],
CustomerUserNameFields = ['givenname', 'sn'],
Map = [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
#[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
#[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
#[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
#[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
#Add the following lines when only users are allowed to login if they
reside in the spicified security group
#Remove these lines if you want to provide login to all users
specified in the User Base DN
#example: $Self-{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=BaseOU,
dc=example, dc=com';
$Self-{'Customer::AuthModule::LDAP::GroupDN'} =
'CN=OTRS_Users,OU=Security Groups,OU=Dublin,DC=int,DC=domain,DC=com';
$Self-{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
$Self-{'Customer::AuthModule::LDAP::UserAttr'} = 'DN'
-
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/
-
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/
Re: [otrs] LDAP authentication not working - Solved
Hi,
By putting the domain name before UserDN, LDAP started working : )
$Self-{'Customer::AuthModule::LDAP::SearchUserDN'} = 'MyDomain\
otrsldap';
$Self-{'Customer::AuthModule::LDAP::SearchUserPw'} = 'password';
Thanks
Emily
- Forwarded by Emily Flynn/ZB/Ireland/Zurich on 24/04/2009 11:25 -
Emily Flynn/ZB/Ireland/Zurich
21/04/2009 20:04
To
otrs@otrs.org
cc
Subject
LDAP authentication not working
Hi,
I can't seem to get LDAP authentication working for customer users.
It is a Windows 2000 domain with 2 domain controllers.
Can anyone see where I might be going wrong...?
Thanks
Emily
# #
# Customer LDAP Authentication #
# #
#Enable LDAP authentication for Customers / Users
$Self-{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self-{'Customer::AuthModule::LDAP::Host'} = 'xx.xxx.xx.xx';
$Self-{'Customer::AuthModule::LDAP::BaseDN'} =
'ou=user,ou=dublin,dc=int,dc=domain,dc=com';
$Self-{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
# $Self-{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrsldap';
# $Self-{'Customer::AuthModule::LDAP::SearchUserPw'} = 'password';
#CustomerUser
#(customer user database backend and settings)
$Self-{CustomerUser} = {
Module = 'Kernel::System::CustomerUser::LDAP',
Params = {
Host = 'xx.xxx.xx.xx',
BaseDN = 'ou=user,ou=dublin,dc=int,dc=domain,dc=com',
SSCOPE = 'sub',
UserDN ='otrsldap',
UserPw = 'password',
},
# customer unique id
CustomerKey = 'sAMAccountName',
# customer #
CustomerID = 'mail',
CustomerUserListFields = ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields = ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix = '',
CustomerUserSearchSuffix = '*',
CustomerUserSearchListLimit = 250,
CustomerUserPostMasterSearchFields = ['mail'],
CustomerUserNameFields = ['givenname', 'sn'],
Map = [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
#[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
#[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
#[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
#[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
#Add the following lines when only users are allowed to login if they
reside in the spicified security group
#Remove these lines if you want to provide login to all users specified in
the User Base DN
#example: $Self-{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=BaseOU,
dc=example, dc=com';
$Self-{'Customer::AuthModule::LDAP::GroupDN'} =
'CN=OTRS_Users,OU=Security Groups,OU=Dublin,DC=int,DC=domain,DC=com';
$Self-{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
$Self-{'Customer::AuthModule::LDAP::UserAttr'} = 'DN'
-
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/
Re: [otrs] LDAP authentication not working
Many thanks for that reply Andres, I am running OTRS on a Windows Server 2003 RS2 box, so I don't think open-ldap will work for me? Kind Regards, Emily Flynn Junior IT Systems Administrator Zurich Bank/Zurich Treasury Services Ltd 3rd Floor La Touche House IFSC Dublin 1 Tel: 00353 1 4179266 Fax: 00353 1 4179201 Email: emily.fl...@zurichbank.com Andres Tarallo atara...@acm.org Sent by: otrs-boun...@otrs.org 21/04/2009 20:15 Please respond to User questions and discussions about OTRS. otrs@otrs.org To User questions and discussions about OTRS. otrs@otrs.org cc Subject Re: [otrs] LDAP authentication not working If I were you I will first try to bind to the LDAP servers. Do that from the command line, with the tools of open-ldap. Andrés 2009/4/21 Emily Flynn emily.fl...@zurichbank.com Hi, I can't seem to get LDAP authentication working for customer users. It is a Windows 2000 domain with 2 domain controllers. Can anyone see where I might be going wrong...? Thanks Emily - OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/ - OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
Re: [otrs] LDAP authentication not working
Thanks, it's a Windows 2000 server environment though, which allows
anonymous access doesn't it? That's why I had it blocked out..
Matthew Coulson jmcoul...@gmail.com
Sent by: otrs-boun...@otrs.org
21/04/2009 20:20
Please respond to
User questions and discussions about OTRS. otrs@otrs.org
To
User questions and discussions about OTRS. otrs@otrs.org
cc
Subject
Re: [otrs] LDAP authentication not working
Try uncommenting the lines for the search user:
# $Self-{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrsldap';
# $Self-{'Customer::AuthModule::LDAP::SearchUserPw'} = 'password';
Should be:
$Self-{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrsldap';
$Self-{'Customer::AuthModule::LDAP::SearchUserPw'} = 'password';
-
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/
-
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/
Re: [otrs] LDAP authentication not working
Time for some Linux upgrade or virtualization ;-) If you google you may find some open-ldap for Windows, like these guys claim to offer: http://www.symas.net/portal/index.fcgi gr, Frans From: otrs-boun...@otrs.org [mailto:otrs-boun...@otrs.org] On Behalf Of Emily Flynn Sent: woensdag 22 april 2009 11:25 To: User questions and discussions about OTRS. Subject: Re: [otrs] LDAP authentication not working Many thanks for that reply Andres, I am running OTRS on a Windows Server 2003 RS2 box, so I don't think open-ldap will work for me? Kind Regards, Emily Flynn Junior IT Systems Administrator Zurich Bank/Zurich Treasury Services Ltd 3rd Floor La Touche House IFSC Dublin 1 Tel: 00353 1 4179266 Fax: 00353 1 4179201 Email: emily.fl...@zurichbank.com Andres Tarallo atara...@acm.org Sent by: otrs-boun...@otrs.org 21/04/2009 20:15 Please respond to User questions and discussions about OTRS. otrs@otrs.org To User questions and discussions about OTRS. otrs@otrs.org cc Subject Re: [otrs] LDAP authentication not working If I were you I will first try to bind to the LDAP servers. Do that from the command line, with the tools of open-ldap. Andrés 2009/4/21 Emily Flynn emily.fl...@zurichbank.com Hi, I can't seem to get LDAP authentication working for customer users. It is a Windows 2000 domain with 2 domain controllers. Can anyone see where I might be going wrong...? Thanks Emily - OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://otrs.org/ http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/pipermail/otrs http://lists.otrs.org/cgi-bin/listinfo/otrs NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://lists.otrs.org/cgi-bin/listinfo/otrs http://www.otrs.com/en/support/enterprise-subscription/ http://www.otrs.com/en/support/enterprise-subscription/ - OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
[otrs] LDAP authentication not working
Hi,
I can't seem to get LDAP authentication working for customer users.
It is a Windows 2000 domain with 2 domain controllers.
Can anyone see where I might be going wrong...?
Thanks
Emily
# #
# Customer LDAP Authentication #
# #
#Enable LDAP authentication for Customers / Users
$Self-{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self-{'Customer::AuthModule::LDAP::Host'} = 'xx.xxx.xx.xx';
$Self-{'Customer::AuthModule::LDAP::BaseDN'} =
'ou=user,ou=dublin,dc=int,dc=domain,dc=com';
$Self-{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
# $Self-{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrsldap';
# $Self-{'Customer::AuthModule::LDAP::SearchUserPw'} = 'password';
#CustomerUser
#(customer user database backend and settings)
$Self-{CustomerUser} = {
Module = 'Kernel::System::CustomerUser::LDAP',
Params = {
Host = 'xx.xxx.xx.xx',
BaseDN = 'ou=user,ou=dublin,dc=int,dc=domain,dc=com',
SSCOPE = 'sub',
UserDN ='otrsldap',
UserPw = 'password',
},
# customer unique id
CustomerKey = 'sAMAccountName',
# customer #
CustomerID = 'mail',
CustomerUserListFields = ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields = ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix = '',
CustomerUserSearchSuffix = '*',
CustomerUserSearchListLimit = 250,
CustomerUserPostMasterSearchFields = ['mail'],
CustomerUserNameFields = ['givenname', 'sn'],
Map = [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
#[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
#[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
#[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
#[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
#Add the following lines when only users are allowed to login if they
reside in the spicified security group
#Remove these lines if you want to provide login to all users specified in
the User Base DN
#example: $Self-{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=BaseOU,
dc=example, dc=com';
$Self-{'Customer::AuthModule::LDAP::GroupDN'} =
'CN=OTRS_Users,OU=Security Groups,OU=Dublin,DC=int,DC=domain,DC=com';
$Self-{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
$Self-{'Customer::AuthModule::LDAP::UserAttr'} = 'DN'
-
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/
Re: [otrs] LDAP authentication not working
Try uncommenting the lines for the search user:
# $Self-{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrsldap';
# $Self-{'Customer::AuthModule::LDAP::SearchUserPw'} = 'password';
Should be:
$Self-{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrsldap';
$Self-{'Customer::AuthModule::LDAP::SearchUserPw'} = 'password';
-
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/
Re: [otrs] LDAP authentication not working
If I were you I will first try to bind to the LDAP servers. Do that from the command line, with the tools of open-ldap. Andrés 2009/4/21 Emily Flynn emily.fl...@zurichbank.com Hi, I can't seem to get LDAP authentication working for customer users. It is a Windows 2000 domain with 2 domain controllers. Can anyone see where I might be going wrong...? Thanks Emily - OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
