[otrs] customer ldap auth not working
Here are the relevant portions of Config.pm. Sorry if too verbose for the
list. Admin interface allows me to query the ldap tree, but cannot login as a
customer, would very much like to find out what I'm doing wrong here.
# This is an example configuration for an LDAP auth. backend.
# (take care that Net::LDAP is installed!)
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'ldap.example.com';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=example,dc=com';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'uid';
# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group xyz to use otrs)
$Self->{'Customer::AuthModule::LDAP::GroupDN'} =
'ou=users,dc=example,dc=com';
$Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'memberUid';
# for ldap posixGroups objectclass (just uid)
$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID';
# for non ldap posixGroups objectclass (full user dn)
#$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN';
# The following is valid but would only be necessary if the
# anonymous user do NOT have permission to read from the LDAP tree
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} =
'cn=manager,dc=example,dc=com';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = '';
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter =>
'(objectclass=user)'
$Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '(mai...@*)';
# in case you want to add a suffix to each customer login name, then
# you can use this option. e. g. user just want to use user but
# in your ldap directory exists u...@domain.
#$Self->{'Customer::AuthModule::LDAP::UserSuffix'} = '@domain.com';
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'Customer::AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
# CustomerUser
# (customer user ldap backend and settings)
$Self->{CustomerUser} = {
Name => 'LDAP',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
# ldap host
Host => 'ldap.example.com',
# ldap base dn
BaseDN => 'ou=users,dc=example,dc=com',
# search scope (one|sub)
SSCOPE => 'sub',
## The following is valid but would only be necessary if the
## anonymous user does NOT have permission to read from the LDAP
tree
UserDN => 'cn=manager,dc=example,dc=com',
UserPw => '',
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter =>
'(objectclass=user)'
AlwaysFilter => '(mai...@*)',
# if your frontend is e. g. iso-8859-1 and the charset of your
# ldap server is utf-8, use this options (if not, ignore it)
#SourceCharset => 'utf-8',
#DestCharset => 'iso-8859-1',
# Net::LDAP new params (if needed - for more info see perldoc
Net::LDAP)
Params => {
port => 389,
timeout => 120,
async => 0,
version => 3,
},
},
# customer uniq id
CustomerKey => 'uid',
# customer #
CustomerID => 'mail',
CustomerUserListFields => ['givenName', 'mail'],
CustomerUserSearchFields => ['uid', 'givenName', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
# show not own tickets in customer panel, CompanyTickets
CustomerUserExcludePrimaryCustomerID => 0,
# add a ldap filter for valid users (expert setting)
# CustomerUserValidFilter => '(!(description=gesperrt))',
# admin can't change customer preferences
AdminSetPreferences => 0,
## cache time to life in sec. - cache any database queris
#CacheTTL => 0,
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown (1=always,2=lite), required,
storage-type, http-link, readonly
#[ 'UserSalutation', 'Title', 'title', 1, 0, 'var',
'', 0 ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var',
'', 0 ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var',
'', 0 ],
[ 'UserLogin', 'Username', 'uid', 1, 1, 'var',
'', 0 ],
[ 'UserEmail', 'Email', 'mail',1, 1, 'var',
'', 0 ],
Re: [otrs] customer ldap auth not working
Some more Details:
Without having applied any Changes if you create to User via the Admin
Interface it's been written correctly to the Database (.users)
and the new User is able to login.
Where to apply the fix in order to get the usual behaviour - when i user
try's to login there's been written a new entity to .users
automatically ?
As mentioned earlier, no Changes have been made to UserSyncLDAPMap, the
behaviour worked like a charm before upgrading.
cheers,
ffe
Franz Esberger schrieb:
> Hi,
>
> On 2.4.3 the very same problem, new users are not being added to the
> .users Table.
>
> Setup (and LDAP Sync) has worked like a charm before upgrading!
>
> I am not yet sure where to start fixing this, actually i think its a
> "bug" in Kernel/System/User/Preferences/DB.pm caused by the "new" bind
> Notations when handling dbobject ORM.
>
> before upgrading Kernel/System/User/Preferences/DB.pm (around #80):
>
> # insert new data
> if (!$Self->{DBObject}->Do(
> SQL => "INSERT INTO $Self->{PreferencesTable}
> ($Self->{PreferencesTableUserID}, ".
> " $Self->{PreferencesTableKey}, $Self->{PreferencesTableValue}) " .
> " VALUES ($Param{UserID}, '$Param{Key}', '$Param{Value}')",
> )) {
> $Self->{LogObject}->Log(
> Priority => 'error',
> Message => "Can't insert new $Self->{PreferencesTable}!",
> );
> return;
> }
>
> after upgrading Kernel/System/User/Preferences/DB.pm (around #80)
>
> # insert new data
> return $Self->{DBObject}->Do(
> SQL => "INSERT INTO $Self->{PreferencesTable}
> ($Self->{PreferencesTableUserID}, "
> . " $Self->{PreferencesTableKey}, $Self->{PreferencesTableValue}) "
> . " VALUES (?, ?, ?)",
> Bind => [ \$Param{UserID}, \$Param{Key}, \$Param{Value} ],
> );
>
>
> is that the correct place to start, and if so, should we replace all
> "Bind"s throughout the system or is there a (perl)package missing ?
>
> cheers,
> ffe
>
> Jefferson Davis schrieb:
>
>> Once logged in as admin user I can query the ldap tree without difficulty.
>>
>> But customer users cannot login
>>
>> What am I missing?
>>
>> User record not being created at first login? If so how do I correct this?
>>
>>
-
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/
Re: [otrs] customer ldap auth not working
Hi,
On 2.4.3 the very same problem, new users are not being added to the
.users Table.
Setup (and LDAP Sync) has worked like a charm before upgrading!
I am not yet sure where to start fixing this, actually i think its a
"bug" in Kernel/System/User/Preferences/DB.pm caused by the "new" bind
Notations when handling dbobject ORM.
before upgrading Kernel/System/User/Preferences/DB.pm (around #80):
# insert new data
if (!$Self->{DBObject}->Do(
SQL => "INSERT INTO $Self->{PreferencesTable}
($Self->{PreferencesTableUserID}, ".
" $Self->{PreferencesTableKey}, $Self->{PreferencesTableValue}) " .
" VALUES ($Param{UserID}, '$Param{Key}', '$Param{Value}')",
)) {
$Self->{LogObject}->Log(
Priority => 'error',
Message => "Can't insert new $Self->{PreferencesTable}!",
);
return;
}
after upgrading Kernel/System/User/Preferences/DB.pm (around #80)
# insert new data
return $Self->{DBObject}->Do(
SQL => "INSERT INTO $Self->{PreferencesTable}
($Self->{PreferencesTableUserID}, "
. " $Self->{PreferencesTableKey}, $Self->{PreferencesTableValue}) "
. " VALUES (?, ?, ?)",
Bind => [ \$Param{UserID}, \$Param{Key}, \$Param{Value} ],
);
is that the correct place to start, and if so, should we replace all
"Bind"s throughout the system or is there a (perl)package missing ?
cheers,
ffe
Jefferson Davis schrieb:
> Once logged in as admin user I can query the ldap tree without difficulty.
>
> But customer users cannot login
>
> What am I missing?
>
> User record not being created at first login? If so how do I correct this?
>
-
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/
[otrs] customer ldap auth not working
Once logged in as admin user I can query the ldap tree without difficulty. But customer users cannot login What am I missing? User record not being created at first login? If so how do I correct this? -- Jefferson K Davis Technology and Information Systems Manager Standard School District 1200 North Chester Ave Bakersfield, CA 93308 661.392.2110 This message was sent using IMP, the Internet Messaging Program. - OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
