Hello Guillermo, I see you are using 3268 as LDAP port, so I suppose you have multiple domains on your environment, as we have here.
We're having no pain (at least by now) the way we're working. We are using the scripts included in OTRS 2.3.4 to import our Active Directory Users to the MySQL database, so it gets faster to obtain user data. I had set up an IAS (Radius) service in our Windows server and we use RADIUS authentication on OTRS. Everything works fine. Here's the portion of our Config.pm about the RADIUS. # ---------------------------------------------------- # # ---------------------------------------------------- # # # # AUTHENTICATION SETTINGS - RADIUS STUFF # # # # ---------------------------------------------------- # # ---------------------------------------------------- # ######################################################### # AGENTS # ######################################################### # RADIUS $Self->{'AuthModule'} = 'Kernel::System::Auth::Radius'; $Self->{'AuthModule::Radius::Host'} = '10.0.2.19'; $Self->{'AuthModule::Radius::Password'} = 'radiuskeyhere'; $Self->{'AuthModule::Radius::Die'} = 1; ######################################################### # CUSTOMERS # ######################################################### # RADIUS $Self->{'Customer::AuthModule'} = 'Kernel::System::Auth::Radius'; $Self->{'Customer::AuthModule::Radius::Host'} = '10.0.2.19'; $Self->{'Customer::AuthModule::Radius::Password'} = 'radiuskeyhere'; $Self->{'Customer::AuthModule::Radius::Die'} = 1; Anyway remember you must install OTRS RADIUS support before you get it running. # perl -MCPAN -e shell cpan> install Authen::Radius Good luck. Fernando Della Torre -----Mensagem original----- De: otrs-boun...@otrs.org em nome de Guillermo Vargas-DellaCasa Enviada: qua 5/8/2009 01:06 Para: otrs@otrs.org Assunto: [otrs] Active Directory Authentication Hello, I just installed OTRS 2.4.2-01 on Fedora 10. I have successfully enabled Agent authentication with Active Directory via LDAP module on otrs. Users' LDAP backend seems to be working too, as I can search for users in otrs and otrs finds them from Active Directory. However, User authentication with AD does not work. The following comes up on the logs when a user tries to login: [Error][Kernel::System::User::UserLookup][Line:680]: No UserID found for 'jsmith'! Capturing traffic while a user login shows otrs makes a successful bind to AD, but then no query is executed. It just unbind. Here is the Users LDAP backend configuration on Config.pm ######################################## # Customer Info from LDAP: ######################################## $Self->{CustomerUser} = { Name => 'Active Directory', Module => 'Kernel::System::CustomerUser::LDAP', Params => { Host => 'dc.domain.net', BaseDN => 'dc=domain,dc=net', SSCOPE => 'sub', UserDN => 'adbrowse', UserPw => 'mypassword', }, CustomerKey => 'sAMAccountName', CustomerID => 'mail', CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchPrefix => '', CustomerUserSearchSuffix => '*', CustomerUserSearchListLimit => 250, CustomerUserPostMasterSearchFields => ['mail'], CustomerUserNameFields => ['givenname', 'sn'], Map => [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown, required, storage-type # [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ], [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ], [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ], [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ], # [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ], # [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ], # [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ], ], }; ######################################## # Customer Authentication against LDAP # ######################################## $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self->{'Customer::AuthModule::LDAP::Host'} = 'dc.domain.net'; $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=domain, dc=net'; $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'adbrowse'; $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'mypassword'; $Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = ''; $Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'CN=All Staff,CN=Users,DC=domain,DC=net'; $Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member'; $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN'; $Self->{'Customer::AuthModule::LDAP::Params'} = { port => 3268, timeout => 120, async => 0, #version => 3, }; I don't know what I am missing... Do I need somehow to create users in otrs database first? I tried by enabling Database and LDAP bases both, then going to the users webpage and trying creating one user on the database, but when I try to create a user on the Database it says "User already exist". Please help!! Guillermo Vargas-Dellacasa Computer Operations Manager North Hunterdon-Voorhees Regional High School District gvargas-dellac...@nhvweb.net --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/