Hello Guillermo,
I see you are using 3268 as LDAP port, so I suppose you have multiple domains
on your environment, as we have here.
We're having no pain (at least by now) the way we're working.
We are using the scripts included in OTRS 2.3.4 to import our Active Directory
Users to the MySQL database, so it gets faster to obtain user data.
I had set up an IAS (Radius) service in our Windows server and we use RADIUS
authentication on OTRS.
Everything works fine.
Here's the portion of our Config.pm about the RADIUS.
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# #
# AUTHENTICATION SETTINGS - RADIUS STUFF #
# #
# ---------------------------------------------------- #
# ---------------------------------------------------- #
#########################################################
# AGENTS #
#########################################################
# RADIUS
$Self->{'AuthModule'} = 'Kernel::System::Auth::Radius';
$Self->{'AuthModule::Radius::Host'} = '10.0.2.19';
$Self->{'AuthModule::Radius::Password'} = 'radiuskeyhere';
$Self->{'AuthModule::Radius::Die'} = 1;
#########################################################
# CUSTOMERS #
#########################################################
# RADIUS
$Self->{'Customer::AuthModule'} = 'Kernel::System::Auth::Radius';
$Self->{'Customer::AuthModule::Radius::Host'} = '10.0.2.19';
$Self->{'Customer::AuthModule::Radius::Password'} = 'radiuskeyhere';
$Self->{'Customer::AuthModule::Radius::Die'} = 1;
Anyway remember you must install OTRS RADIUS support before you get it running.
# perl -MCPAN -e shell
cpan> install Authen::Radius
Good luck.
Fernando Della Torre
-----Mensagem original-----
De: otrs-boun...@otrs.org em nome de Guillermo Vargas-DellaCasa
Enviada: qua 5/8/2009 01:06
Para: otrs@otrs.org
Assunto: [otrs] Active Directory Authentication
Hello,
I just installed OTRS 2.4.2-01 on Fedora 10.
I have successfully enabled Agent authentication with Active Directory
via LDAP module on otrs. Users' LDAP backend seems to be working too, as
I can search for users in otrs and otrs finds them from Active
Directory. However, User authentication with AD does not work.
The following comes up on the logs when a user tries to login:
[Error][Kernel::System::User::UserLookup][Line:680]: No UserID found for
'jsmith'!
Capturing traffic while a user login shows otrs makes a successful bind
to AD, but then no query is executed. It just unbind.
Here is the Users LDAP backend configuration on Config.pm
########################################
# Customer Info from LDAP:
########################################
$Self->{CustomerUser} = {
Name => 'Active Directory',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'dc.domain.net',
BaseDN => 'dc=domain,dc=net',
SSCOPE => 'sub',
UserDN => 'adbrowse',
UserPw => 'mypassword',
},
CustomerKey => 'sAMAccountName',
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
# [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
# [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
# [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
# [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
########################################
# Customer Authentication against LDAP #
########################################
$Self->{'Customer::AuthModule'} =
'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'dc.domain.net';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=domain, dc=net';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'adbrowse';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'mypassword';
$Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '';
$Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'CN=All
Staff,CN=Users,DC=domain,DC=net';
$Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN';
$Self->{'Customer::AuthModule::LDAP::Params'} = {
port => 3268,
timeout => 120,
async => 0,
#version => 3,
};
I don't know what I am missing... Do I need somehow to create users in
otrs database first? I tried by enabling Database and LDAP bases both,
then going to the users webpage and trying creating one user on the
database, but when I try to create a user on the Database it says "User
already exist".
Please help!!
Guillermo Vargas-Dellacasa
Computer Operations Manager
North Hunterdon-Voorhees Regional High School District
gvargas-dellac...@nhvweb.net
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/
