Re: [otrs] Active Directory integration with multiple OU
Hi Paul, You can use the OU that is the parent to all the OUs containing the customers. When the LDAP lookup occurs it will search recursively through all the Child OUs. Kind regards, Rory Clerkin On 20 July 2011 15:40, paul.andurna...@aviva.ro wrote: Hello, How can i add customers from multiple OUs in the OTRS ? In the config.pm file as i`ve seen you can only add one OU from which the users are fetched using LDAP. Regards, * Paul Andurnache ** Junior Security Officer Aviva Group Romania* Tel: +4 021 2038300 Fax: +4 021 2038301 Email: paul.andurna...@aviva.ro www.aviva.ro *Aviva Asigurari de Viata SA *- str. Buzesti 76-80, et. 1-3, sector 1, Bucuresti, cod 011017 - Tel. 021-203.83.00, Fax 021 203 83 01* Aviva Societate de Administrare a unui Fond de Pensii Privat* - str. Buzesti 76-80, et. 4, sector 1, Bucuresti, cod 011017 - Tel. 021 203 84 00, Fax 021 203 84, 02 Privileged/Confidential Information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. Please advise immediately if you or your employer does not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of Aviva shall be understood as neither given nor endorsed by it Prezentul mesaj poate contine informatii confidentiale. In cazul in care nu sunteti persoana mentionata ca destinatar (sau persoana nominalizata pentru a trimite mesajul catre destinatar), nu puteti copia sau trimite acest mesaj catre o terta persoana. In acest caz, va rugam sa stergeti acest mesaj si sa anuntati emitentul prin trimiterea unui raspuns. Va rugam sa ne anuntati imediat in cazul in care dumneavoastra sau angajatorul dumneavoastra nu accepta comunicarea unor astfel de mesaje prin intermediul email-ului. Opiniile, concluziile sau orice alte informatii din acest mesaj care nu au legatura cu activitatea companiei Aviva vor fi interpretate ca nefiind date sau aprobate de catre aceasta. Please don't print this e-mail unless you really need to. - OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs image/jpegimage/jpeg- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Re: [otrs] Active Directory integration with multiple OU
You can also list multiple LDAP bases and/or filters in numbered customer DBs. -- From: Rory Sent: Wednesday, July 20, 2011 11:22 AM To: User questions and discussions about OTRS. Subject: Re: [otrs] Active Directory integration with multiple OU Hi Paul, You can use the OU that is the parent to all the OUs containing the customers. When the LDAP lookup occurs it will search recursively through all the Child OUs. Kind regards, Rory Clerkin On 20 July 2011 15:40, paul.andurna...@aviva.ro wrote: Hello, How can i add customers from multiple OUs in the OTRS ? In the config.pm file as i`ve seen you can only add one OU from which the users are fetched using LDAP. Regards, * Paul Andurnache ** Junior Security Officer Aviva Group Romania* Tel: +4 021 2038300 Fax: +4 021 2038301 Email: paul.andurna...@aviva.ro www.aviva.ro *Aviva Asigurari de Viata SA *- str. Buzesti 76-80, et. 1-3, sector 1, Bucuresti, cod 011017 - Tel. 021-203.83.00, Fax 021 203 83 01* Aviva Societate de Administrare a unui Fond de Pensii Privat* - str. Buzesti 76-80, et. 4, sector 1, Bucuresti, cod 011017 - Tel. 021 203 84 00, Fax 021 203 84, 02 Privileged/Confidential Information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. Please advise immediately if you or your employer does not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of Aviva shall be understood as neither given nor endorsed by it Prezentul mesaj poate contine informatii confidentiale. In cazul in care nu sunteti persoana mentionata ca destinatar (sau persoana nominalizata pentru a trimite mesajul catre destinatar), nu puteti copia sau trimite acest mesaj catre o terta persoana. In acest caz, va rugam sa stergeti acest mesaj si sa anuntati emitentul prin trimiterea unui raspuns. Va rugam sa ne anuntati imediat in cazul in care dumneavoastra sau angajatorul dumneavoastra nu accepta comunicarea unor astfel de mesaje prin intermediul email-ului. Opiniile, concluziile sau orice alte informatii din acest mesaj care nu au legatura cu activitatea companiei Aviva vor fi interpretate ca nefiind date sau aprobate de catre aceasta. Please don't print this e-mail unless you really need to. - OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs image/jpegimage/jpeg- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Re: [otrs] Active Directory Integration
Hi,
Try to uncomment this:
# $Self-{'AuthSyncModule::LDAP::UserAttr'} = 'DN';
Le 07/05/2010 09:34, Valentin a écrit :
# $Self-{'AuthSyncModule::LDAP::UserAttr'} = 'DN';
--
Guillaume REHM
Centre de Ressources Informatiques
Responsable Sécurité du Système d'Information (RSSI)
Bibliothèque Nationale et Universitaire de Strasbourg
5 rue du Maréchal Joffre
BP 51029
67070 Strasbourg
tél: 03 88 25 28 23
fax: 03 88 25 28 03
mail: guillaume.r...@bnu.fr
web: http://www.bnu.fr
-
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/
Re: [otrs] Active Directory Integration
Have you created before your roles in OTRS ?
In my config.pm my role association with AD group is written like that:
$Self-{'AuthSyncModule::LDAP::UserSyncRolesDefinition'} = {
# ldap group
'cn=ADRole1Group,ou=myOU,ou=Pro,dc=domain,dc=local' = {
# otrs role
'MYOTRSRole1' = 1,
},
'cn=ADRole2Group,ou=myOU,ou=Pro,dc=domain,dc=local' = {
# otrs role
'MYOTRSRole2' = 1,
}
}
Le 07/05/2010 10:42, Valentin a écrit :
Thank you Guillaume for the solution but still not working.
Domain admin is capable of login with ad credentials but
administration section does not appear.
I disabled ad authentication and i login with root and make an ad user
administrator but does not work.
Hi,
Try to uncomment this:
# $Self-{'AuthSyncModule::LDAP::UserAttr'} = 'DN';
Le 07/05/2010 09:34, Valentin a écrit :
# $Self-{'AuthSyncModule::LDAP::UserAttr'} = 'DN';
--
Guillaume REHM
Centre de Ressources Informatiques
Responsable Sécurité du Système d'Information (RSSI)
Bibliothèque Nationale et Universitaire de Strasbourg
5 rue du Maréchal Joffre
BP 51029
67070 Strasbourg
tél: 03 88 25 28 23
fax: 03 88 25 28 03
mail: guillaume.rehm at bnu.fr
web: http://www.bnu.fr
-
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/
--
Guillaume REHM
Centre de Ressources Informatiques
Responsable Sécurité du Système d'Information (RSSI)
Bibliothèque Nationale et Universitaire de Strasbourg
5 rue du Maréchal Joffre
BP 51029
67070 Strasbourg
tél: 03 88 25 28 23
fax: 03 88 25 28 03
mail: guillaume.r...@bnu.fr
web: http://www.bnu.fr
-
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/
Re: [otrs] Active Directory Integration
Roles are default. I did not modify any.
On Fri, May 7, 2010 at 11:42, Valentin vali.ple...@gmail.com wrote:
Thank you Guillaume for the solution but still not working.
Domain admin is capable of login with ad credentials but
administration section does not appear.
I disabled ad authentication and i login with root and make an ad user
administrator but does not work.
Hi,
Try to uncomment this:
# $Self-{'AuthSyncModule::LDAP::UserAttr'} = 'DN';
Le 07/05/2010 09:34, Valentin a écrit :
# $Self-{'AuthSyncModule::LDAP::UserAttr'} = 'DN';
--
Guillaume REHM
Centre de Ressources Informatiques
Responsable Sécurité du Système d'Information (RSSI)
Bibliothèque Nationale et Universitaire de Strasbourg
5 rue du Maréchal Joffre
BP 51029
67070 Strasbourg
tél: 03 88 25 28 23
fax: 03 88 25 28 03
mail: guillaume.rehm at bnu.fr
web: http://www.bnu.fr
-
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/
Re: [otrs] Active Directory extended
Hi Arnold,
I have configured my otrs to set relations between role and agent from
my AD.
All my agents are member (or not) of AD groups (1 group = 1 OTRS role).
And in config.pm I put to link role - agents to AD groups.
In this case, after create roles, queues, groups, in OTRS, I manage my
agents rights in AD.
# AuthSyncModule::LDAP::UserSyncInitialGroups
# (sync following group with rw permission after initial create of
first agent login)
$Self-{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
'users',
];
$Self-{'AuthSyncModule::LDAP::UserSyncRolesDefinition'} = {
# ldap group
'cn=ADGroupForRole1,ou=OTRS,dc=domain,dc=local' = {
# otrs role
'OTRSRole1' = 1,
},
'cn=ADGroupForRole2,ou=OTRS,dc=domain,dc=local' = {
# otrs role
'OTRSRole2' = 1,
}
};
See this from OTRS list:
http://lists.otrs.org/pipermail/otrs/2009-November/029206.html
What do you mean by relation between customer-user and company ?
Hope this help.
Regards,
Le 23/03/2010 22:08, Arnold Ligtvoet a écrit :
Hi,
I have a question about Active Directory and OTRS. Suppose I would
want to control more via AD than 'just' logons. I would like to
explore if it is possible to control the relation between a
customer-user and a company and the relation between agents and queues
in AD.
Questions:
- Is anyone aware of such a project?
- Is there a specific snap-in for MMC users and computers that
controls OTRS specific configs?
- Better ideas?
The reason to move this config to AD is that I want system admins to
be able to control this data, without having to have access to OTRS
(or knowledge of OTRS), plus I like to have all user related data in a
singel location.
Thanks,
Arnold.
-
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/
--
Guillaume REHM
Centre de Ressources Informatiques
Responsable Sécurité du Système d'Information (RSSI)
Bibliothèque Nationale et Universitaire de Strasbourg
5 rue du Maréchal Joffre
BP 51029
67070 Strasbourg
tél: 03 88 25 28 23
fax: 03 88 25 28 03
mail: guillaume.r...@bnu.fr
web: http://www.bnu.fr
-
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/
Re: [otrs] Active Directory and 2.4.3 issues
Hi Chaps,
I've managed to get OTRS 2.4.3 working with Microsoft AD.
I've just had a quick browse of your config and notice that there is no
AuthSyncModule code in there, you need to sync your agent data to OTRS's
database. For example:
# Now sync data with OTRS DB
$Self-{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self-{'AuthSyncModule::LDAP::Host'} = 'servername.companyname.local';
$Self-{'AuthSyncModule::LDAP::BaseDN'} = 'dc=companyname, dc=local';
$Self-{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
$Self-{'AuthSyncModule::LDAP::SearchUserDN'} = 'cn=OTRS
Searcher,ou=OTRS LDAP Searcher,dc=companyname,dc=local';
$Self-{'AuthSyncModule::LDAP::SearchUserPw'} = 'searcherpassword';
$Self-{'AuthSyncModule::LDAP::UserSyncMap'} = {
# DB - LDAP
UserFirstname = 'givenName',
UserLastname = 'sn',
UserEmail = 'mail',
};
# AuthSyncModule::LDAP::UserSyncInitialGroups
# (sync following group with rw permission after initial create of first
agent
# login)
$Self-{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
'users',
];
If you want I can post my complete LDAP template, which has allowed Agents
to authenticate against AD (as a requirement, must belong to a particular AD
group) and customers to log on too.
Regards,
David
On Tue, Aug 25, 2009 at 10:03 PM, Justin Holt holt.justin...@gmail.comwrote:
Sorry to keep flooding you guys with emails, but disregard that last
email. It didn't work. I only managed to log in because I had created an
account for myself with the same password and it worked, stupid me. So does
anyone know how to get agents to authenticate and to get incoming emails
turned into tickets?
Thank you so much to everyone,
Justin Holt
On Tue, Aug 25, 2009 at 4:52 PM, Justin Holt holt.justin...@gmail.comwrote:
Well, just for laughs, I decided to export my settings through SysConfig
and re-import them to the new setup. I gasped in awe as it actually
worked. My other question, if I exported settings that allowed the old
system to consider emails sent to its email address as tickets, should those
settings come over and work just the same as well?
Thanks
Justin
On Tue, Aug 25, 2009 at 4:07 PM, Justin Holt holt.justin...@gmail.comwrote:
I had it fully working in 2.3.4 and made a full backup of the 2.3.4 otrs
folder. I then uninstalled 2.3.4 and installed 2.4.3. I tried first to
copy and past my whole config.pm file from 2.3.4 to 2.4.3 and that did
not work. I tried just the segment I have below and that still did not
work. Is it somewhere in the documentation and I'm missing it or can you
give me a portion of your config.pm and just have me fill in my stuff?
Thanks,
Justin
On Tue, Aug 25, 2009 at 3:53 PM, Cook, Julian co...@sec.gov wrote:
Justin, I just dealt with this headache myself. Did you have it
working and then it quit or is it a simple question of agent
authentication?
--
Julian Cook
Securities and Exchange Commission
Operations Center
DMZ Ops
On 8/25/09 3:49 PM, Justin Holt holt.justin...@gmail.com wrote:
Is there even a way for the Agent to authenticate over LDAP anymore? It
looks like it has been taken out. I've been going through SysConfig and
can't find anything on it. Anything I also try to throw at it by manually
editing Config.pm leaves the system broken. I've also uninstalled and
reinstalled a few times now.
Justin
On Tue, Aug 25, 2009 at 12:18 PM, guenther.ra...@gmx.de wrote:
Hi,
same problem here, but only with one of 200:
I have tested it, with case-sensitive typed
username, it works - but no problem with
case-sensitive for all the others...
Günther
Original-Nachricht
Datum: Tue, 25 Aug 2009 12:12:17 -0400
Von: Justin Holt holt.justin...@gmail.com
An: otrs@otrs.org
Betreff: [otrs] Active Directory and 2.4.3 issues
I finally went to make the jump to 2.4.3 from 2.3.4 and am having a
bit of
an issue. Customers still authenticate against our Active Directory
Server
just fine, but when an agent tries to authenticate, it all blows up.
Panic, user authenticated but no user data can be found in OTRS DB!!
Perhaps the user is invalid.
Here is the whole LDAP configuration part from my config.pm
http://config.pm that I just
copied and pasted out of the config.pm http://config.pm for 2.3.4.
I have seen that there
are others with this same issue but there have been no responses.
This is
all running on a windows 2003 server with a regurlar install of OTRS.
Any
Ideas?
#---Customer
Data
#Enable LDAP authentication for Customers / Users
$Self-{'Customer::AuthModule'} =
'Kernel::System::CustomerAuth::LDAP';
$Self-{'Customer::AuthModule::LDAP::Host'} = 'vdp-dc-003';
$Self-{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=ci, dc=vernon,
dc=ct,
dc=us';
Re: [otrs] Active Directory and 2.4.3 issues
David, you would be my hero if you did that! Please please please post your
current template!
Thanks Much!
Justin Holt
On Wed, Aug 26, 2009 at 9:13 AM, David Holder david.hol...@gmail.comwrote:
Hi Chaps,
I've managed to get OTRS 2.4.3 working with Microsoft AD.
I've just had a quick browse of your config and notice that there is no
AuthSyncModule code in there, you need to sync your agent data to OTRS's
database. For example:
# Now sync data with OTRS DB
$Self-{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self-{'AuthSyncModule::LDAP::Host'} = 'servername.companyname.local';
$Self-{'AuthSyncModule::LDAP::BaseDN'} = 'dc=companyname, dc=local';
$Self-{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
$Self-{'AuthSyncModule::LDAP::SearchUserDN'} = 'cn=OTRS
Searcher,ou=OTRS LDAP Searcher,dc=companyname,dc=local';
$Self-{'AuthSyncModule::LDAP::SearchUserPw'} = 'searcherpassword';
$Self-{'AuthSyncModule::LDAP::UserSyncMap'} = {
# DB - LDAP
UserFirstname = 'givenName',
UserLastname = 'sn',
UserEmail = 'mail',
};
# AuthSyncModule::LDAP::UserSyncInitialGroups
# (sync following group with rw permission after initial create of
first agent
# login)
$Self-{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
'users',
];
If you want I can post my complete LDAP template, which has allowed Agents
to authenticate against AD (as a requirement, must belong to a particular AD
group) and customers to log on too.
Regards,
David
On Tue, Aug 25, 2009 at 10:03 PM, Justin Holt holt.justin...@gmail.comwrote:
Sorry to keep flooding you guys with emails, but disregard that last
email. It didn't work. I only managed to log in because I had created an
account for myself with the same password and it worked, stupid me. So does
anyone know how to get agents to authenticate and to get incoming emails
turned into tickets?
Thank you so much to everyone,
Justin Holt
On Tue, Aug 25, 2009 at 4:52 PM, Justin Holt holt.justin...@gmail.comwrote:
Well, just for laughs, I decided to export my settings through SysConfig
and re-import them to the new setup. I gasped in awe as it actually
worked. My other question, if I exported settings that allowed the old
system to consider emails sent to its email address as tickets, should those
settings come over and work just the same as well?
Thanks
Justin
On Tue, Aug 25, 2009 at 4:07 PM, Justin Holt
holt.justin...@gmail.comwrote:
I had it fully working in 2.3.4 and made a full backup of the 2.3.4 otrs
folder. I then uninstalled 2.3.4 and installed 2.4.3. I tried first to
copy and past my whole config.pm file from 2.3.4 to 2.4.3 and that did
not work. I tried just the segment I have below and that still did not
work. Is it somewhere in the documentation and I'm missing it or can you
give me a portion of your config.pm and just have me fill in my stuff?
Thanks,
Justin
On Tue, Aug 25, 2009 at 3:53 PM, Cook, Julian co...@sec.gov wrote:
Justin, I just dealt with this headache myself. Did you have it
working and then it quit or is it a simple question of agent
authentication?
--
Julian Cook
Securities and Exchange Commission
Operations Center
DMZ Ops
On 8/25/09 3:49 PM, Justin Holt holt.justin...@gmail.com wrote:
Is there even a way for the Agent to authenticate over LDAP anymore?
It looks like it has been taken out. I've been going through SysConfig
and
can't find anything on it. Anything I also try to throw at it by manually
editing Config.pm leaves the system broken. I've also uninstalled and
reinstalled a few times now.
Justin
On Tue, Aug 25, 2009 at 12:18 PM, guenther.ra...@gmx.de wrote:
Hi,
same problem here, but only with one of 200:
I have tested it, with case-sensitive typed
username, it works - but no problem with
case-sensitive for all the others...
Günther
Original-Nachricht
Datum: Tue, 25 Aug 2009 12:12:17 -0400
Von: Justin Holt holt.justin...@gmail.com
An: otrs@otrs.org
Betreff: [otrs] Active Directory and 2.4.3 issues
I finally went to make the jump to 2.4.3 from 2.3.4 and am having a
bit of
an issue. Customers still authenticate against our Active Directory
Server
just fine, but when an agent tries to authenticate, it all blows up.
Panic, user authenticated but no user data can be found in OTRS DB!!
Perhaps the user is invalid.
Here is the whole LDAP configuration part from my config.pm
http://config.pm that I just
copied and pasted out of the config.pm http://config.pm for
2.3.4. I have seen that there
are others with this same issue but there have been no responses.
This is
all running on a windows 2003 server with a regurlar install of OTRS.
Any
Ideas?
#---Customer
Data
#Enable LDAP authentication for Customers /
Re: [otrs] Active Directory and 2.4.3 issues
Hi,
same problem here, but only with one of 200:
I have tested it, with case-sensitive typed
username, it works - but no problem with
case-sensitive for all the others...
Günther
Original-Nachricht
Datum: Tue, 25 Aug 2009 12:12:17 -0400
Von: Justin Holt holt.justin...@gmail.com
An: otrs@otrs.org
Betreff: [otrs] Active Directory and 2.4.3 issues
I finally went to make the jump to 2.4.3 from 2.3.4 and am having a bit of
an issue. Customers still authenticate against our Active Directory
Server
just fine, but when an agent tries to authenticate, it all blows up.
Panic, user authenticated but no user data can be found in OTRS DB!!
Perhaps the user is invalid.
Here is the whole LDAP configuration part from my config.pm that I just
copied and pasted out of the config.pm for 2.3.4. I have seen that there
are others with this same issue but there have been no responses. This is
all running on a windows 2003 server with a regurlar install of OTRS. Any
Ideas?
#---Customer
Data
#Enable LDAP authentication for Customers / Users
$Self-{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self-{'Customer::AuthModule::LDAP::Host'} = 'vdp-dc-003';
$Self-{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=ci, dc=vernon,
dc=ct,
dc=us';
$Self-{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
$Self-{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrs_ldap';
$Self-{'Customer::AuthModule::LDAP::SearchUserPw'} = '1qaz2wsx';
#CustomerUser
#(customer user database backend and settings)
$Self-{CustomerUser} = {
Module = 'Kernel::System::CustomerUser::LDAP',
Params = {
Host = 'vdp-dc-003',
BaseDN = 'dc=ci, dc=vernon, dc=ct, dc=us',
SSCOPE = 'sub',
UserDN ='otrs_ldap',
UserPw = '1qaz2wsx',
},
# customer unique id
CustomerKey = 'sAMAccountName',
# customer #
CustomerID = 'mail',
CustomerUserListFields = ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields = ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix = '',
CustomerUserSearchSuffix = '*',
CustomerUserSearchListLimit = 250,
CustomerUserPostMasterSearchFields = ['mail'],
CustomerUserNameFields = ['givenname', 'sn'],
Map = [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
#[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
#[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
#[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
# -End Customer data-
#--Agent Data-
#Enable LDAP authentication for Customers / Users
$Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self-{'AuthModule::LDAP::Host'} = 'vdp-dc-003';
$Self-{'AuthModule::LDAP::BaseDN'} = 'dc=ci, dc=vernon, dc=ct, dc=us';
$Self-{'AuthModule::LDAP::UID'} = 'sAMAccountName';
#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
$Self-{'AuthModule::LDAP::SearchUserDN'} = 'otrs_ldap';
$Self-{'AuthModule::LDAP::SearchUserPw'} = '1qaz2wsx';
# UserSyncLDAPMap
# (map if agent should create/synced from LDAP to DB after login)
$Self-{UserSyncLDAPMap} = {
# DB - LDAP
UserFirstname = 'givenName',
UserLastname = 'sn',
UserEmail = 'mail',
};
# UserSyncLDAPGroups
# (If LDAP was selected=selected for AuthModule, you can specify
# initial user groups for first login.)
$Self-{UserSyncLDAPGroups} = [
'users',
];
# UserTable
$Self-{DatabaseUserTable} = 'users';
$Self-{DatabaseUserTableUserID} = 'id';
$Self-{DatabaseUserTableUserPW} = 'pw';
$Self-{DatabaseUserTableUser} = 'login';
#Add the following lines when only users are allowed to login if they
reside
in the spicified security group
#Remove these lines if you want to provide login to all users specified in
the User Base DN
$Self-{'AuthModule::LDAP::GroupDN'}
='CN=otrs_ldap_allow_A,CN=Builtin,DC=ci,DC=vernon,DC=ct,DC=us';
$Self-{'AuthModule::LDAP::AccessAttr'} = 'member';
$Self-{'AuthModule::LDAP::UserAttr'} = 'DN';
#---End Agent
Re: [otrs] Active Directory and 2.4.3 issues
Is there even a way for the Agent to authenticate over LDAP anymore? It
looks like it has been taken out. I've been going through SysConfig and
can't find anything on it. Anything I also try to throw at it by manually
editing Config.pm leaves the system broken. I've also uninstalled and
reinstalled a few times now.
Justin
On Tue, Aug 25, 2009 at 12:18 PM, guenther.ra...@gmx.de wrote:
Hi,
same problem here, but only with one of 200:
I have tested it, with case-sensitive typed
username, it works - but no problem with
case-sensitive for all the others...
Günther
Original-Nachricht
Datum: Tue, 25 Aug 2009 12:12:17 -0400
Von: Justin Holt holt.justin...@gmail.com
An: otrs@otrs.org
Betreff: [otrs] Active Directory and 2.4.3 issues
I finally went to make the jump to 2.4.3 from 2.3.4 and am having a bit
of
an issue. Customers still authenticate against our Active Directory
Server
just fine, but when an agent tries to authenticate, it all blows up.
Panic, user authenticated but no user data can be found in OTRS DB!!
Perhaps the user is invalid.
Here is the whole LDAP configuration part from my config.pm that I just
copied and pasted out of the config.pm for 2.3.4. I have seen that
there
are others with this same issue but there have been no responses. This
is
all running on a windows 2003 server with a regurlar install of OTRS.
Any
Ideas?
#---Customer
Data
#Enable LDAP authentication for Customers / Users
$Self-{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self-{'Customer::AuthModule::LDAP::Host'} = 'vdp-dc-003';
$Self-{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=ci, dc=vernon,
dc=ct,
dc=us';
$Self-{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
$Self-{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrs_ldap';
$Self-{'Customer::AuthModule::LDAP::SearchUserPw'} = '1qaz2wsx';
#CustomerUser
#(customer user database backend and settings)
$Self-{CustomerUser} = {
Module = 'Kernel::System::CustomerUser::LDAP',
Params = {
Host = 'vdp-dc-003',
BaseDN = 'dc=ci, dc=vernon, dc=ct, dc=us',
SSCOPE = 'sub',
UserDN ='otrs_ldap',
UserPw = '1qaz2wsx',
},
# customer unique id
CustomerKey = 'sAMAccountName',
# customer #
CustomerID = 'mail',
CustomerUserListFields = ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields = ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix = '',
CustomerUserSearchSuffix = '*',
CustomerUserSearchListLimit = 250,
CustomerUserPostMasterSearchFields = ['mail'],
CustomerUserNameFields = ['givenname', 'sn'],
Map = [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
#[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
#[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
#[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
# -End Customer
data-
#--Agent
Data-
#Enable LDAP authentication for Customers / Users
$Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self-{'AuthModule::LDAP::Host'} = 'vdp-dc-003';
$Self-{'AuthModule::LDAP::BaseDN'} = 'dc=ci, dc=vernon, dc=ct, dc=us';
$Self-{'AuthModule::LDAP::UID'} = 'sAMAccountName';
#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
$Self-{'AuthModule::LDAP::SearchUserDN'} = 'otrs_ldap';
$Self-{'AuthModule::LDAP::SearchUserPw'} = '1qaz2wsx';
# UserSyncLDAPMap
# (map if agent should create/synced from LDAP to DB after login)
$Self-{UserSyncLDAPMap} = {
# DB - LDAP
UserFirstname = 'givenName',
UserLastname = 'sn',
UserEmail = 'mail',
};
# UserSyncLDAPGroups
# (If LDAP was selected=selected for AuthModule, you can specify
# initial user groups for first login.)
$Self-{UserSyncLDAPGroups} = [
'users',
];
# UserTable
$Self-{DatabaseUserTable} = 'users';
$Self-{DatabaseUserTableUserID} = 'id';
$Self-{DatabaseUserTableUserPW} = 'pw';
Re: [otrs] Active Directory and 2.4.3 issues
I had it fully working in 2.3.4 and made a full backup of the 2.3.4 otrs
folder. I then uninstalled 2.3.4 and installed 2.4.3. I tried first to
copy and past my whole config.pm file from 2.3.4 to 2.4.3 and that did not
work. I tried just the segment I have below and that still did not work.
Is it somewhere in the documentation and I'm missing it or can you give me a
portion of your config.pm and just have me fill in my stuff?
Thanks,
Justin
On Tue, Aug 25, 2009 at 3:53 PM, Cook, Julian co...@sec.gov wrote:
Justin, I just dealt with this headache myself. Did you have it working
and then it quit or is it a simple question of agent authentication?
--
Julian Cook
Securities and Exchange Commission
Operations Center
DMZ Ops
On 8/25/09 3:49 PM, Justin Holt holt.justin...@gmail.com wrote:
Is there even a way for the Agent to authenticate over LDAP anymore? It
looks like it has been taken out. I've been going through SysConfig and
can't find anything on it. Anything I also try to throw at it by manually
editing Config.pm leaves the system broken. I've also uninstalled and
reinstalled a few times now.
Justin
On Tue, Aug 25, 2009 at 12:18 PM, guenther.ra...@gmx.de wrote:
Hi,
same problem here, but only with one of 200:
I have tested it, with case-sensitive typed
username, it works - but no problem with
case-sensitive for all the others...
Günther
Original-Nachricht
Datum: Tue, 25 Aug 2009 12:12:17 -0400
Von: Justin Holt holt.justin...@gmail.com
An: otrs@otrs.org
Betreff: [otrs] Active Directory and 2.4.3 issues
I finally went to make the jump to 2.4.3 from 2.3.4 and am having a bit
of
an issue. Customers still authenticate against our Active Directory
Server
just fine, but when an agent tries to authenticate, it all blows up.
Panic, user authenticated but no user data can be found in OTRS DB!!
Perhaps the user is invalid.
Here is the whole LDAP configuration part from my config.pm
http://config.pm that I just
copied and pasted out of the config.pm http://config.pm for 2.3.4. I
have seen that there
are others with this same issue but there have been no responses. This
is
all running on a windows 2003 server with a regurlar install of OTRS.
Any
Ideas?
#---Customer
Data
#Enable LDAP authentication for Customers / Users
$Self-{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self-{'Customer::AuthModule::LDAP::Host'} = 'vdp-dc-003';
$Self-{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=ci, dc=vernon,
dc=ct,
dc=us';
$Self-{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
$Self-{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrs_ldap';
$Self-{'Customer::AuthModule::LDAP::SearchUserPw'} = '1qaz2wsx';
#CustomerUser
#(customer user database backend and settings)
$Self-{CustomerUser} = {
Module = 'Kernel::System::CustomerUser::LDAP',
Params = {
Host = 'vdp-dc-003',
BaseDN = 'dc=ci, dc=vernon, dc=ct, dc=us',
SSCOPE = 'sub',
UserDN ='otrs_ldap',
UserPw = '1qaz2wsx',
},
# customer unique id
CustomerKey = 'sAMAccountName',
# customer #
CustomerID = 'mail',
CustomerUserListFields = ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields = ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix = '',
CustomerUserSearchSuffix = '*',
CustomerUserSearchListLimit = 250,
CustomerUserPostMasterSearchFields = ['mail'],
CustomerUserNameFields = ['givenname', 'sn'],
Map = [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
#[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
#[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
#[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
# -End Customer
data-
#--Agent
Data-
#Enable LDAP authentication for Customers / Users
$Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self-{'AuthModule::LDAP::Host'} = 'vdp-dc-003';
$Self-{'AuthModule::LDAP::BaseDN'} = 'dc=ci, dc=vernon, dc=ct, dc=us';
$Self-{'AuthModule::LDAP::UID'} = 'sAMAccountName';
#The following is
Re: [otrs] Active Directory Authentication
Never Mind. I was trying to login to the admin interface and not the
customer interface. What can I say.. I'm a newbie... It works just fine
on the customer interface... Thanks..
-Original Message-
From: otrs-boun...@otrs.org [mailto:otrs-boun...@otrs.org] On Behalf Of
Guillermo Vargas-DellaCasa
Sent: Wednesday, August 05, 2009 12:06 AM
To: otrs@otrs.org
Subject: [otrs] Active Directory Authentication
Hello,
I just installed OTRS 2.4.2-01 on Fedora 10.
I have successfully enabled Agent authentication with Active Directory
via LDAP module on otrs. Users' LDAP backend seems to be working too, as
I can search for users in otrs and otrs finds them from Active
Directory. However, User authentication with AD does not work.
The following comes up on the logs when a user tries to login:
[Error][Kernel::System::User::UserLookup][Line:680]: No UserID found for
'jsmith'!
Capturing traffic while a user login shows otrs makes a successful bind
to AD, but then no query is executed. It just unbind.
Here is the Users LDAP backend configuration on Config.pm
# Customer Info from LDAP:
$Self-{CustomerUser} = {
Name = 'Active Directory',
Module = 'Kernel::System::CustomerUser::LDAP',
Params = {
Host = 'dc.domain.net',
BaseDN = 'dc=domain,dc=net',
SSCOPE = 'sub',
UserDN = 'adbrowse',
UserPw = 'mypassword',
},
CustomerKey = 'sAMAccountName',
CustomerID = 'mail',
CustomerUserListFields = ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields = ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix = '',
CustomerUserSearchSuffix = '*',
CustomerUserSearchListLimit = 250,
CustomerUserPostMasterSearchFields = ['mail'],
CustomerUserNameFields = ['givenname', 'sn'],
Map = [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
# [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
# [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
# [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
# [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
# Customer Authentication against LDAP #
$Self-{'Customer::AuthModule'} =
'Kernel::System::CustomerAuth::LDAP';
$Self-{'Customer::AuthModule::LDAP::Host'} = 'dc.domain.net';
$Self-{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=domain, dc=net';
$Self-{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self-{'Customer::AuthModule::LDAP::SearchUserDN'} = 'adbrowse';
$Self-{'Customer::AuthModule::LDAP::SearchUserPw'} = 'mypassword';
$Self-{'Customer::AuthModule::LDAP::AlwaysFilter'} = '';
$Self-{'Customer::AuthModule::LDAP::GroupDN'} = 'CN=All
Staff,CN=Users,DC=domain,DC=net';
$Self-{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
$Self-{'Customer::AuthModule::LDAP::UserAttr'} = 'DN';
$Self-{'Customer::AuthModule::LDAP::Params'} = {
port = 3268,
timeout = 120,
async = 0,
#version = 3,
};
I don't know what I am missing... Do I need somehow to create users in
otrs database first? I tried by enabling Database and LDAP bases both,
then going to the users webpage and trying creating one user on the
database, but when I try to create a user on the Database it says User
already exist.
Please help!!
Guillermo Vargas-Dellacasa
Computer Operations Manager
North Hunterdon-Voorhees Regional High School District
gvargas-dellac...@nhvweb.net
-
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/
-
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/
Re: [otrs] Active Directory and user + agent authentification
I don't understand. I have already do that. I have a local user that have
the same username and password in my Active Directory and in OTRS. If I
don't use AD to authenticate, I can access to http://tickets/otrs/index.pl
and http://tickets/otrs/customer.pl. If I use AD, I can login to
http://tickets/otrs/customer.pl withou error, if I try to login to
http://tickets/otrs/index.pl I have this error : Login failed! Your
username or password was entered incorrectly.
Do you know what is wrong ?
Regards,
_
Olivier VILLEGENTE
Administrateur système réseau
Société Immobilière de Nouvelle-Calédonie
Tél : (687) 28.03.78
Fax : (687) 28.43.56
e-Mail : olivier.villege...@sic.nc
Steve Hall st...@tarkie.net
Envoyé par : otrs-boun...@otrs.org
12/06/2009 20:59
Veuillez répondre à
User questions and discussions about OTRS. otrs@otrs.org
A
User questions and discussions about OTRS. otrs@otrs.org
cc
Objet
Re: [otrs] Active Directory and user + agent authentification
Even though you are auth'ing via AD, you still need to have local agents
created with the same username as the AD username. (Cant comment on
customers, as I dont run like that).
If you change the
$Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP';
back to the default, create your admin user as per the name in AD, and try
again.
Regards
I
On 12 Jun 2009, at 05:02, olivier.villege...@sic.nc wrote:
Hi,
I have a little problem that I'm unable to solve.
- I need that agents and users (customers) can authenticate using Active
Directory. My users can access to the customer page but my agent can't
login to the agent page. When agent try to login they have an error
message saying the connection has failed! Your username or password is
incorrect.
- After edit my Config.pm in order to allow authenticate by Active
Directory, I can't connect using a local user.
Can you help me to find what is wrong ?
I join a copy of my Config.pm
Regards,
** My Config.pm **
# #
# #
# #
# Start of your own config options!!! #
# #
# #
# #
$Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self-{'AuthModule::LDAP::Host'} = 'pollux.sic.intra';
$Self-{'AuthModule::LDAP::BaseDN'} = 'dc=sic, dc=intra';
$Self-{'AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self-{'AuthModule::LDAP::SearchUserDN'} =
'cn=ldap_php,cn=Systeme,dc=sic,dc=intra';
$Self-{'AuthModule::LDAP::SearchUserPw'} = '';
# This is an example configuration for an LDAP auth. backend.
# (take care that Net::LDAP is installed!)
$Self-{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self-{'Customer::AuthModule::LDAP::Host'} = 'pollux.sic.intra';
$Self-{'Customer::AuthModule::LDAP::BaseDN'} =
'ou=SIC,dc=sic,dc=intra';
$Self-{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
# The following is valid but would only be necessary if the
# anonymous user do NOT have permission to read from the LDAP tree
$Self-{'Customer::AuthModule::LDAP::SearchUserDN'} =
'cn=ldap_php,ou=Systeme,dc=sic,dc=intra';
$Self-{'Customer::AuthModule::LDAP::SearchUserPw'} = '';
# CustomerUser
# (customer user database backend and settings)
$Self-{CustomerUser} = {
Name = 'Datenbank',
Module = 'Kernel::System::CustomerUser::DB',
Params = { Table = 'customer_user',
# to use an external database
# DSN = 'DBI:odbc:yourdsn',
# DSN = 'DBI:mysql:database=customerdb;host=customerdbhost',
# User = '', Password = '',
},
# customer uniq id
CustomerKey = 'login',
CustomerID = 'customer_id',
CustomerValid = 'valid_id',
CustomerUserListFields = ['first_name', 'last_name', 'email'],
# CustomerUserListFields = ['login', 'first_name', 'last_name',
'customer_id', 'email'],
CustomerUserSearchFields = ['login', 'last_name', 'customer_id'],
CustomerUserSearchPrefix = '',
CustomerUserSearchSuffix = '*',
CustomerUserSearchListLimit = 250,
CustomerUserPostMasterSearchFields = ['email'],
CustomerUserNameFields = ['salutation', 'first_name',
'last_name'],
# ReadOnly = 1,
Map = [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type,
http-link
[ 'UserSalutation', 'Salutation', 'salutation', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'first_name', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'last_name', 1, 1
Re: [otrs] Active Directory and user + agent authentification
Even though you are auth'ing via AD, you still need to have local
agents created with the same username as the AD username. (Cant
comment on customers, as I dont run like that).
If you change the
$Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP';
back to the default, create your admin user as per the name in AD, and
try again.
Regards
I
On 12 Jun 2009, at 05:02, olivier.villege...@sic.nc wrote:
Hi,
I have a little problem that I'm unable to solve.
- I need that agents and users (customers) can authenticate using
Active Directory. My users can access to the customer page but my
agent can't login to the agent page. When agent try to login they
have an error message saying the connection has failed! Your
username or password is incorrect.
- After edit my Config.pm in order to allow authenticate by Active
Directory, I can't connect using a local user.
Can you help me to find what is wrong ?
I join a copy of my Config.pm
Regards,
** My Config.pm **
# #
# #
# #
# Start of your own config options!!! #
# #
# #
# #
$Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self-{'AuthModule::LDAP::Host'} = 'pollux.sic.intra';
$Self-{'AuthModule::LDAP::BaseDN'} = 'dc=sic, dc=intra';
$Self-{'AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self-{'AuthModule::LDAP::SearchUserDN'} =
'cn=ldap_php,cn=Systeme,dc=sic,dc=intra';
$Self-{'AuthModule::LDAP::SearchUserPw'} = '';
# This is an example configuration for an LDAP auth. backend.
# (take care that Net::LDAP is installed!)
$Self-{'Customer::AuthModule'} =
'Kernel::System::CustomerAuth::LDAP';
$Self-{'Customer::AuthModule::LDAP::Host'} = 'pollux.sic.intra';
$Self-{'Customer::AuthModule::LDAP::BaseDN'} =
'ou=SIC,dc=sic,dc=intra';
$Self-{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
# The following is valid but would only be necessary if the
# anonymous user do NOT have permission to read from the LDAP tree
$Self-{'Customer::AuthModule::LDAP::SearchUserDN'} =
'cn=ldap_php,ou=Systeme,dc=sic,dc=intra';
$Self-{'Customer::AuthModule::LDAP::SearchUserPw'} = '';
# CustomerUser
# (customer user database backend and settings)
$Self-{CustomerUser} = {
Name = 'Datenbank',
Module = 'Kernel::System::CustomerUser::DB',
Params = { Table = 'customer_user',
# to use an external database
# DSN = 'DBI:odbc:yourdsn',
# DSN =
'DBI:mysql:database=customerdb;host=customerdbhost',
# User = '', Password = '',
},
# customer uniq id
CustomerKey = 'login',
CustomerID = 'customer_id',
CustomerValid = 'valid_id',
CustomerUserListFields = ['first_name', 'last_name',
'email'],
# CustomerUserListFields = ['login', 'first_name',
'last_name', 'customer_id', 'email'],
CustomerUserSearchFields = ['login', 'last_name',
'customer_id'],
CustomerUserSearchPrefix = '',
CustomerUserSearchSuffix = '*',
CustomerUserSearchListLimit = 250,
CustomerUserPostMasterSearchFields = ['email'],
CustomerUserNameFields = ['salutation', 'first_name',
'last_name'],
# ReadOnly = 1,
Map = [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type,
http-link
[ 'UserSalutation', 'Salutation', 'salutation', 1, 0,
'var' ],
[ 'UserFirstname', 'Firstname', 'first_name', 1, 1,
'var' ],
[ 'UserLastname', 'Lastname', 'last_name', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'login', 1, 1, 'var' ],
[ 'UserPassword', 'Password', 'pw', 0, 1, 'var' ],
[ 'UserEmail', 'Email', 'email', 0, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'customer_id', 0, 1,
'var' ],
[ 'UserComment', 'Comment', 'comments', 1, 0, 'var' ],
[ 'ValidID', 'Valid', 'valid_id', 0, 1, 'int' ],
],
};
# CustomerUser1
# (customer user ldap backend and settings)
$Self-{CustomerUser1} = {
Module = 'Kernel::System::CustomerUser::LDAP',
Params = {
# ldap host
Host = 'pollux.sic.intra',
# ldap base dn
BaseDN = 'ou=SIC,dc=sic,dc=intra',
# search scope (one|sub)
SSCOPE = 'sub',
# The following is valid but would only be necessary if the
# anonymous user does NOT have permission to read from the
LDAP tree
UserDN = 'cn=ldap_php,ou=Systeme,dc=sic,dc=intra',
UserPw = '',
AlwaysFilter = '',
SourceCharset = 'utf-8',
DestCharset =
RE: [otrs] Active Directory Authentication
Hi Jason,
Same authentication setup here, and i think that i might have experienced
something like this.
Try adding this line to the config:
$Self-{'AuthModule::LDAP::AccessAttr'} = 'member';
I think that the otrs default setting is:
$Self-{'AuthModule::LDAP::AccessAttr'} = 'memberUid';
And that's not quite what the AD LDAP has to offer.
As for the host failover, i don't know if you can use multiple host names.
I'm using just the domain name.
That is: example.org, and the DNS round-robins it. Not entirely failover,
but better than nothing.
--
/Sune
_
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Benedick, Jason
Sent: 21. maj 2007 00:49
To: otrs@otrs.org
Subject: [otrs] Active Directory Authentication
I have active directory authentication working with the exception of the
GroupDN for the admin interface. When I comment out the GroupDN and the
UserAttr lines everything works fine again. We are running Windows Server
2003 on our DCs if that matters.
$Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self-{'AuthModule::LDAP::Host'} = 'dc1.example.org';
$Self-{'AuthModule::LDAP::BaseDN'} = 'OU=users,dc=example,dc=org';
$Self-{'AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self-{'AuthModule::LDAP::SearchUserDN'} = 'CN=LDAP\\, Linux,OU=Service
Accounts,DC=example,DC=org';
$Self-{'AuthModule::LDAP::SearchUserPw'} = 'password';
$Self-{'AuthModule::LDAP::GroupDN'} =
'CN=otrs,OU=users,DC=example,DC=org';
$Self-{'AuthModule::LDAP::UserAttr'} = 'DN';
$Self-{UserSyncLDAPMap} = {
#DB - LDAP
Firstname = 'givenName',
Lastname = 'sn',
Email = 'mail',
};
Also while I'm asking can I put multiple DCs in under host for failover? IE
can I do something like:
$Self-{'AuthModule::LDAP::Host'} = 'dc1.example.org;dc2.example.org';
and will OTRS use dc2 if dc1 is down?
Thanks,
Jason R. Benedick
Workstation Technician
Thaddeus Stevens College of Technology
___
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support or consulting for your OTRS system?
= http://www.otrs.com/
RE: [otrs] Active Directory Authentication
Adding that line doesn't solve the problem I'm having.
Thanks,
Jason R. Benedick
Workstation Technician
Thaddeus Stevens College of Technology
(717) 391-6957
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Sune T. Tougaard
Sent: Monday, May 21, 2007 5:10 AM
To: User questions and discussions about OTRS.org
Subject: RE: [otrs] Active Directory Authentication
Hi Jason,
Same authentication setup here, and i think that i might have
experienced something like this.
Try adding this line to the config:
$Self-{'AuthModule::LDAP::AccessAttr'} = 'member';
I think that the otrs default setting is:
$Self-{'AuthModule::LDAP::AccessAttr'} = 'memberUid';
And that's not quite what the AD LDAP has to offer.
As for the host failover, i don't know if you can use multiple host
names.
I'm using just the domain name.
That is: example.org, and the DNS round-robins it. Not entirely
failover, but better than nothing.
--
/Sune
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Benedick, Jason
Sent: 21. maj 2007 00:49
To: otrs@otrs.org
Subject: [otrs] Active Directory Authentication
I have active directory authentication working with the exception of the
GroupDN for the admin interface. When I comment out the GroupDN and the
UserAttr lines everything works fine again. We are running Windows
Server 2003 on our DCs if that matters.
$Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self-{'AuthModule::LDAP::Host'} = 'dc1.example.org';
$Self-{'AuthModule::LDAP::BaseDN'} = 'OU=users,dc=example,dc=org';
$Self-{'AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self-{'AuthModule::LDAP::SearchUserDN'} = 'CN=LDAP\\,
Linux,OU=Service Accounts,DC=example,DC=org';
$Self-{'AuthModule::LDAP::SearchUserPw'} = 'password';
$Self-{'AuthModule::LDAP::GroupDN'} =
'CN=otrs,OU=users,DC=example,DC=org';
$Self-{'AuthModule::LDAP::UserAttr'} = 'DN';
$Self-{UserSyncLDAPMap} = {
#DB - LDAP
Firstname = 'givenName',
Lastname = 'sn',
Email = 'mail',
};
Also while I'm asking can I put multiple DCs in under host for failover?
IE can I do something like:
$Self-{'AuthModule::LDAP::Host'} =
'dc1.example.org;dc2.example.org';
and will OTRS use dc2 if dc1 is down?
Thanks,
Jason R. Benedick
Workstation Technician
Thaddeus Stevens College of Technology
___
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support or consulting for your OTRS system?
= http://www.otrs.com/
RE: [otrs] Active Directory Authentication
Any details in the logfile?
Also, i don't think that nested groups works, so the members has to be
direct members of the group.
--
/Sune
_
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Benedick, Jason
Sent: 21. maj 2007 15:18
To: User questions and discussions about OTRS.org
Subject: RE: [otrs] Active Directory Authentication
Adding that line doesn't solve the problem I'm having.
Thanks,
Jason R. Benedick
Workstation Technician
Thaddeus Stevens College of Technology
(717) 391-6957
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sune
T. Tougaard
Sent: Monday, May 21, 2007 5:10 AM
To: User questions and discussions about OTRS.org
Subject: RE: [otrs] Active Directory Authentication
Hi Jason,
Same authentication setup here, and i think that i might have experienced
something like this.
Try adding this line to the config:
$Self-{'AuthModule::LDAP::AccessAttr'} = 'member';
I think that the otrs default setting is:
$Self-{'AuthModule::LDAP::AccessAttr'} = 'memberUid';
And that's not quite what the AD LDAP has to offer.
As for the host failover, i don't know if you can use multiple host names.
I'm using just the domain name.
That is: example.org, and the DNS round-robins it. Not entirely failover,
but better than nothing.
--
/Sune
_
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Benedick, Jason
Sent: 21. maj 2007 00:49
To: otrs@otrs.org
Subject: [otrs] Active Directory Authentication
I have active directory authentication working with the exception of the
GroupDN for the admin interface. When I comment out the GroupDN and the
UserAttr lines everything works fine again. We are running Windows Server
2003 on our DCs if that matters.
$Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self-{'AuthModule::LDAP::Host'} = 'dc1.example.org';
$Self-{'AuthModule::LDAP::BaseDN'} = 'OU=users,dc=example,dc=org';
$Self-{'AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self-{'AuthModule::LDAP::SearchUserDN'} = 'CN=LDAP\\, Linux,OU=Service
Accounts,DC=example,DC=org';
$Self-{'AuthModule::LDAP::SearchUserPw'} = 'password';
$Self-{'AuthModule::LDAP::GroupDN'} =
'CN=otrs,OU=users,DC=example,DC=org';
$Self-{'AuthModule::LDAP::UserAttr'} = 'DN';
$Self-{UserSyncLDAPMap} = {
#DB - LDAP
Firstname = 'givenName',
Lastname = 'sn',
Email = 'mail',
};
Also while I'm asking can I put multiple DCs in under host for failover? IE
can I do something like:
$Self-{'AuthModule::LDAP::Host'} = 'dc1.example.org;dc2.example.org';
and will OTRS use dc2 if dc1 is down?
Thanks,
Jason R. Benedick
Workstation Technician
Thaddeus Stevens College of Technology
___
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support or consulting for your OTRS system?
= http://www.otrs.com/
RE: [otrs] Active Directory Authentication
I'm getting this error:
May 21 15:30:05 websvr OTRS-CGI-10[21731]:
[Notice][Kernel::System::Auth::LDAP::Auth] User: benedick authentication
failed, no LDAP group entry
foundGroupDN='CN=otrs,OU=users,DC=example,DC=org',
Filter='(member=CN=Benedick\, Jason,OU=users,DC=example,DC=org)'!
Jason R. Benedick
Workstation Technician
Thaddeus Stevens College of Technology
(717) 391-6957
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Sune T. Tougaard
Sent: Monday, May 21, 2007 10:53 AM
To: User questions and discussions about OTRS.org
Subject: RE: [otrs] Active Directory Authentication
Any details in the logfile?
Also, i don't think that nested groups works, so the members has to be
direct members of the group.
--
/Sune
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Benedick, Jason
Sent: 21. maj 2007 15:18
To: User questions and discussions about OTRS.org
Subject: RE: [otrs] Active Directory Authentication
Adding that line doesn't solve the problem I'm having.
Thanks,
Jason R. Benedick
Workstation Technician
Thaddeus Stevens College of Technology
(717) 391-6957
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Sune T. Tougaard
Sent: Monday, May 21, 2007 5:10 AM
To: User questions and discussions about OTRS.org
Subject: RE: [otrs] Active Directory Authentication
Hi Jason,
Same authentication setup here, and i think that i might have
experienced something like this.
Try adding this line to the config:
$Self-{'AuthModule::LDAP::AccessAttr'} = 'member';
I think that the otrs default setting is:
$Self-{'AuthModule::LDAP::AccessAttr'} = 'memberUid';
And that's not quite what the AD LDAP has to offer.
As for the host failover, i don't know if you can use multiple host
names.
I'm using just the domain name.
That is: example.org, and the DNS round-robins it. Not entirely
failover, but better than nothing.
--
/Sune
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Benedick, Jason
Sent: 21. maj 2007 00:49
To: otrs@otrs.org
Subject: [otrs] Active Directory Authentication
I have active directory authentication working with the exception of the
GroupDN for the admin interface. When I comment out the GroupDN and the
UserAttr lines everything works fine again. We are running Windows
Server 2003 on our DCs if that matters.
$Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self-{'AuthModule::LDAP::Host'} = 'dc1.example.org';
$Self-{'AuthModule::LDAP::BaseDN'} = 'OU=users,dc=example,dc=org';
$Self-{'AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self-{'AuthModule::LDAP::SearchUserDN'} = 'CN=LDAP\\,
Linux,OU=Service Accounts,DC=example,DC=org';
$Self-{'AuthModule::LDAP::SearchUserPw'} = 'password';
$Self-{'AuthModule::LDAP::GroupDN'} =
'CN=otrs,OU=users,DC=example,DC=org';
$Self-{'AuthModule::LDAP::UserAttr'} = 'DN';
$Self-{UserSyncLDAPMap} = {
#DB - LDAP
Firstname = 'givenName',
Lastname = 'sn',
Email = 'mail',
};
Also while I'm asking can I put multiple DCs in under host for failover?
IE can I do something like:
$Self-{'AuthModule::LDAP::Host'} =
'dc1.example.org;dc2.example.org';
and will OTRS use dc2 if dc1 is down?
Thanks,
Jason R. Benedick
Workstation Technician
Thaddeus Stevens College of Technology
___
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support or consulting for your OTRS system?
= http://www.otrs.com/
RE: [otrs] Active Directory Authentication
Hm, that error message...
Don't know if it's because of cleaning before publication of your config,
but one thing that comes to mind, is that the default Users container is
just that: A container. Not an OU.
So, yet another suggestion:
Change the OU to CN in the lines:
$Self-{'AuthModule::LDAP::BaseDN'} = 'OU=users,dc=example,dc=org';
and
$Self-{'AuthModule::LDAP::GroupDN'} = 'CN=otrs,OU=users,DC=example,DC=org';
--
/Sune
_
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Benedick, Jason
Sent: 21. maj 2007 21:51
To: User questions and discussions about OTRS.org
Subject: RE: [otrs] Active Directory Authentication
I'm getting this error:
May 21 15:30:05 websvr OTRS-CGI-10[21731]:
[Notice][Kernel::System::Auth::LDAP::Auth] User: benedick authentication
failed, no LDAP group entry
foundGroupDN='CN=otrs,OU=users,DC=example,DC=org',
Filter='(member=CN=Benedick\, Jason,OU=users,DC=example,DC=org)'!
Jason R. Benedick
Workstation Technician
Thaddeus Stevens College of Technology
(717) 391-6957
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sune
T. Tougaard
Sent: Monday, May 21, 2007 10:53 AM
To: User questions and discussions about OTRS.org
Subject: RE: [otrs] Active Directory Authentication
Any details in the logfile?
Also, i don't think that nested groups works, so the members has to be
direct members of the group.
--
/Sune
_
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Benedick, Jason
Sent: 21. maj 2007 15:18
To: User questions and discussions about OTRS.org
Subject: RE: [otrs] Active Directory Authentication
Adding that line doesn't solve the problem I'm having.
Thanks,
Jason R. Benedick
Workstation Technician
Thaddeus Stevens College of Technology
(717) 391-6957
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sune
T. Tougaard
Sent: Monday, May 21, 2007 5:10 AM
To: User questions and discussions about OTRS.org
Subject: RE: [otrs] Active Directory Authentication
Hi Jason,
Same authentication setup here, and i think that i might have experienced
something like this.
Try adding this line to the config:
$Self-{'AuthModule::LDAP::AccessAttr'} = 'member';
I think that the otrs default setting is:
$Self-{'AuthModule::LDAP::AccessAttr'} = 'memberUid';
And that's not quite what the AD LDAP has to offer.
As for the host failover, i don't know if you can use multiple host names.
I'm using just the domain name.
That is: example.org, and the DNS round-robins it. Not entirely failover,
but better than nothing.
--
/Sune
_
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Benedick, Jason
Sent: 21. maj 2007 00:49
To: otrs@otrs.org
Subject: [otrs] Active Directory Authentication
I have active directory authentication working with the exception of the
GroupDN for the admin interface. When I comment out the GroupDN and the
UserAttr lines everything works fine again. We are running Windows Server
2003 on our DCs if that matters.
$Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self-{'AuthModule::LDAP::Host'} = 'dc1.example.org';
$Self-{'AuthModule::LDAP::BaseDN'} = 'OU=users,dc=example,dc=org';
$Self-{'AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self-{'AuthModule::LDAP::SearchUserDN'} = 'CN=LDAP\\, Linux,OU=Service
Accounts,DC=example,DC=org';
$Self-{'AuthModule::LDAP::SearchUserPw'} = 'password';
$Self-{'AuthModule::LDAP::GroupDN'} =
'CN=otrs,OU=users,DC=example,DC=org';
$Self-{'AuthModule::LDAP::UserAttr'} = 'DN';
$Self-{UserSyncLDAPMap} = {
#DB - LDAP
Firstname = 'givenName',
Lastname = 'sn',
Email = 'mail',
};
Also while I'm asking can I put multiple DCs in under host for failover? IE
can I do something like:
$Self-{'AuthModule::LDAP::Host'} = 'dc1.example.org;dc2.example.org';
and will OTRS use dc2 if dc1 is down?
Thanks,
Jason R. Benedick
Workstation Technician
Thaddeus Stevens College of Technology
___
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support or consulting for your OTRS system?
= http://www.otrs.com/
RE: [otrs] Active Directory Authentication
The DNs are correct I've verified them in the AD. I copied the pasted
both DNs directly from the program LDP.exe.
Jason R. Benedick
Workstation Technician
Thaddeus Stevens College of Technology
(717) 391-6957
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Sune T. Tougaard
Sent: Monday, May 21, 2007 4:52 PM
To: User questions and discussions about OTRS.org
Subject: RE: [otrs] Active Directory Authentication
Hm, that error message...
Don't know if it's because of cleaning before publication of your
config, but one thing that comes to mind, is that the default Users
container is just that: A container. Not an OU.
So, yet another suggestion:
Change the OU to CN in the lines:
$Self-{'AuthModule::LDAP::BaseDN'} = 'OU=users,dc=example,dc=org';
and
$Self-{'AuthModule::LDAP::GroupDN'} =
'CN=otrs,OU=users,DC=example,DC=org';
--
/Sune
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Benedick, Jason
Sent: 21. maj 2007 21:51
To: User questions and discussions about OTRS.org
Subject: RE: [otrs] Active Directory Authentication
I'm getting this error:
May 21 15:30:05 websvr OTRS-CGI-10[21731]:
[Notice][Kernel::System::Auth::LDAP::Auth] User: benedick authentication
failed, no LDAP group entry
foundGroupDN='CN=otrs,OU=users,DC=example,DC=org',
Filter='(member=CN=Benedick\, Jason,OU=users,DC=example,DC=org)'!
Jason R. Benedick
Workstation Technician
Thaddeus Stevens College of Technology
(717) 391-6957
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Sune T. Tougaard
Sent: Monday, May 21, 2007 10:53 AM
To: User questions and discussions about OTRS.org
Subject: RE: [otrs] Active Directory Authentication
Any details in the logfile?
Also, i don't think that nested groups works, so the members has to be
direct members of the group.
--
/Sune
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Benedick, Jason
Sent: 21. maj 2007 15:18
To: User questions and discussions about OTRS.org
Subject: RE: [otrs] Active Directory Authentication
Adding that line doesn't solve the problem I'm having.
Thanks,
Jason R. Benedick
Workstation Technician
Thaddeus Stevens College of Technology
(717) 391-6957
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Sune T. Tougaard
Sent: Monday, May 21, 2007 5:10 AM
To: User questions and discussions about OTRS.org
Subject: RE: [otrs] Active Directory Authentication
Hi Jason,
Same authentication setup here, and i think that i might have
experienced something like this.
Try adding this line to the config:
$Self-{'AuthModule::LDAP::AccessAttr'} = 'member';
I think that the otrs default setting is:
$Self-{'AuthModule::LDAP::AccessAttr'} = 'memberUid';
And that's not quite what the AD LDAP has to offer.
As for the host failover, i don't know if you can use multiple host
names.
I'm using just the domain name.
That is: example.org, and the DNS round-robins it. Not entirely
failover, but better than nothing.
--
/Sune
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Benedick, Jason
Sent: 21. maj 2007 00:49
To: otrs@otrs.org
Subject: [otrs] Active Directory Authentication
I have active directory authentication working with the exception of the
GroupDN for the admin interface. When I comment out the GroupDN and the
UserAttr lines everything works fine again. We are running Windows
Server 2003 on our DCs if that matters.
$Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self-{'AuthModule::LDAP::Host'} = 'dc1.example.org';
$Self-{'AuthModule::LDAP::BaseDN'} = 'OU=users,dc=example,dc=org';
$Self-{'AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self-{'AuthModule::LDAP::SearchUserDN'} = 'CN=LDAP\\,
Linux,OU=Service Accounts,DC=example,DC=org';
$Self-{'AuthModule::LDAP::SearchUserPw'} = 'password';
$Self-{'AuthModule::LDAP::GroupDN'} =
'CN=otrs,OU=users,DC=example,DC=org';
$Self-{'AuthModule::LDAP::UserAttr'} = 'DN';
$Self-{UserSyncLDAPMap} = {
#DB - LDAP
Firstname = 'givenName',
Lastname = 'sn',
Email = 'mail',
};
Also while I'm asking can I put multiple DCs in under host for failover?
IE can I do something like:
$Self-{'AuthModule::LDAP::Host'} =
'dc1.example.org;dc2.example.org';
and will OTRS use dc2 if dc1 is down?
Thanks,
Jason R. Benedick
Workstation Technician
Thaddeus Stevens College of Technology
___
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support or consulting for your OTRS system?
= http://www.otrs.com/
RE: [otrs] Active Directory Authentication
Looks like it doesn't like the , in the name. Or perhaps the single
escape.
At least i can get it to produce the same error if i put a , in my name.
Don't know what to do about that, other than removing them. Not really a
solution, though.
--
/Sune
_
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Benedick, Jason
Sent: 21. maj 2007 23:13
To: User questions and discussions about OTRS.org
Subject: RE: [otrs] Active Directory Authentication
The DNs are correct I've verified them in the AD. I copied the pasted both
DNs directly from the program LDP.exe.
Jason R. Benedick
Workstation Technician
Thaddeus Stevens College of Technology
(717) 391-6957
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sune
T. Tougaard
Sent: Monday, May 21, 2007 4:52 PM
To: User questions and discussions about OTRS.org
Subject: RE: [otrs] Active Directory Authentication
Hm, that error message...
Don't know if it's because of cleaning before publication of your config,
but one thing that comes to mind, is that the default Users container is
just that: A container. Not an OU.
So, yet another suggestion:
Change the OU to CN in the lines:
$Self-{'AuthModule::LDAP::BaseDN'} = 'OU=users,dc=example,dc=org';
and
$Self-{'AuthModule::LDAP::GroupDN'} = 'CN=otrs,OU=users,DC=example,DC=org';
--
/Sune
_
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Benedick, Jason
Sent: 21. maj 2007 21:51
To: User questions and discussions about OTRS.org
Subject: RE: [otrs] Active Directory Authentication
I'm getting this error:
May 21 15:30:05 websvr OTRS-CGI-10[21731]:
[Notice][Kernel::System::Auth::LDAP::Auth] User: benedick authentication
failed, no LDAP group entry
foundGroupDN='CN=otrs,OU=users,DC=example,DC=org',
Filter='(member=CN=Benedick\, Jason,OU=users,DC=example,DC=org)'!
Jason R. Benedick
Workstation Technician
Thaddeus Stevens College of Technology
(717) 391-6957
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sune
T. Tougaard
Sent: Monday, May 21, 2007 10:53 AM
To: User questions and discussions about OTRS.org
Subject: RE: [otrs] Active Directory Authentication
Any details in the logfile?
Also, i don't think that nested groups works, so the members has to be
direct members of the group.
--
/Sune
_
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Benedick, Jason
Sent: 21. maj 2007 15:18
To: User questions and discussions about OTRS.org
Subject: RE: [otrs] Active Directory Authentication
Adding that line doesn't solve the problem I'm having.
Thanks,
Jason R. Benedick
Workstation Technician
Thaddeus Stevens College of Technology
(717) 391-6957
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sune
T. Tougaard
Sent: Monday, May 21, 2007 5:10 AM
To: User questions and discussions about OTRS.org
Subject: RE: [otrs] Active Directory Authentication
Hi Jason,
Same authentication setup here, and i think that i might have experienced
something like this.
Try adding this line to the config:
$Self-{'AuthModule::LDAP::AccessAttr'} = 'member';
I think that the otrs default setting is:
$Self-{'AuthModule::LDAP::AccessAttr'} = 'memberUid';
And that's not quite what the AD LDAP has to offer.
As for the host failover, i don't know if you can use multiple host names.
I'm using just the domain name.
That is: example.org, and the DNS round-robins it. Not entirely failover,
but better than nothing.
--
/Sune
_
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Benedick, Jason
Sent: 21. maj 2007 00:49
To: otrs@otrs.org
Subject: [otrs] Active Directory Authentication
I have active directory authentication working with the exception of the
GroupDN for the admin interface. When I comment out the GroupDN and the
UserAttr lines everything works fine again. We are running Windows Server
2003 on our DCs if that matters.
$Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self-{'AuthModule::LDAP::Host'} = 'dc1.example.org';
$Self-{'AuthModule::LDAP::BaseDN'} = 'OU=users,dc=example,dc=org';
$Self-{'AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self-{'AuthModule::LDAP::SearchUserDN'} = 'CN=LDAP\\, Linux,OU=Service
Accounts,DC=example,DC=org';
$Self-{'AuthModule::LDAP::SearchUserPw'} = 'password';
$Self-{'AuthModule::LDAP::GroupDN'} =
'CN=otrs,OU=users,DC=example,DC=org';
$Self-{'AuthModule::LDAP::UserAttr'} = 'DN';
$Self-{UserSyncLDAPMap} = {
#DB - LDAP
Firstname = 'givenName',
Lastname = 'sn',
Email = 'mail',
};
Also while I'm asking can I put multiple DCs in under host for failover? IE
can I do something like:
$Self-{'AuthModule::LDAP::Host'} = 'dc1.example.org;dc2.example.org';
and will OTRS use dc2 if dc1 is down?
Thanks,
Jason R. Benedick
Workstation Technician
Thaddeus Stevens
Re: [otrs] active directory and otrs 2.0
Luca Tebaldi wrote: i want to config AD over otrs 2.0 but I do not find the documentation in the handbook.. someone knows where I can find it??? I haven't done it myself, but AD is an LDAP server, right? http://doc.otrs.org/2.0/en/html/x1362.html#customer-backend-ldap Nils Breunese. ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support orr consulting for your OTRS system? = http://www.otrs.com/
Re: [otrs] Active Directory and OTRS2?
Priyadarsan Roy ha scritto: I am using 2 and it works fine in it. Al you have to do is to add the necessary items in OTRS_HOME/Kernel/Config.pm That's good news, I'll try it asap. I just would like to read about it also in OTRS 2 docs... or did I miss it? -- -- Boniforti Flavio Provincia del Verbano-Cusio-Ossola Ufficio Informatica Tecnoparco del Lago Maggiore Via dell'Industria, 25 28924 Verbania -- ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support orr consulting for your OTRS system? = http://www.otrs.com/
Re: [otrs] Active Directory and OTRS2?
Boniforti Flavio ha scritto:
That's good news, I'll try it asap.
I just would like to read about it also in OTRS 2 docs... or did I miss it?
OK, I missed it and now I'm reading about that.
So here are some of my doubts and not-understandings:
What do I have to put in here???
$Self-{'AuthModule::LDAP::UID'} = 'uid';
And what does this mean? Do I have to define an Active Directory group
which will have permit to use OTRS?
If so, what's the difference between cn=otrsallow and ou=posixGroups?
# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group xyz to use otrs)
$Self-{'AuthModule::LDAP::GroupDN'} =
'cn=otrsallow,ou=posixGroups,dc=provincia,dc=verbania,dc=it';
$Self-{'AuthModule::LDAP::AccessAttr'} = 'memberUid';
# for ldap posixGroups objectclass (just uid)
#$Self-{'AuthModule::LDAP::UserAttr'} = 'UID';
# for non ldap posixGroups objectclass (with full user dn)
#$Self-{'AuthModule::LDAP::UserAttr'} = 'DN';
Many thanks so far!
--
--
Boniforti Flavio
Provincia del Verbano-Cusio-Ossola
Ufficio Informatica
Tecnoparco del Lago Maggiore
Via dell'Industria, 25
28924 Verbania
--
___
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support orr consulting for your OTRS system?
= http://www.otrs.com/
Re: [otrs] Active Directory and OTRS2?
Boniforti Flavio wrote: Hello list, is the integration with Active Directory still done as in version 1.3 on OTRS 2? Or is there any particular thing to do? Many thanks. I am using 2 and it works fine in it. Al you have to do is to add the necessary items in OTRS_HOME/Kernel/Config.pm PD ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support orr consulting for your OTRS system? = http://www.otrs.com/
RE: [otrs] Active Directory
Title: Re: [otrs] Active Directory One of my customers who joined our organization last week tried to log in yesterday and today, and this is the error that she gets Login failed! Your username or password was entered incorrectly. I have checked on the Customer User Management her details are not there. From: Andy Lubel [mailto:[EMAIL PROTECTED] Sent: 22 June 2006 04:20 PM To: User questions and discussions about OTRS.org Subject: Re: [otrs] Active Directory They need to log in. On 6/22/06 8:40 AM, Mamakwa M. Sefiri [EMAIL PROTECTED] wrote: I have activated the Customer User Groups Management some time ago, and it works fine, but the problem is it does not automatically update itself. I have added new Customer on our Active Directory and the do not appear on Customer User Groups Management. Please advise. Thanks Mamakwa ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support orr consulting for your OTRS system? = http://www.otrs.com/ -- ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support orr consulting for your OTRS system? = http://www.otrs.com/
Re: [otrs] Active Directory
Title: Re: [otrs] Active Directory They need to log in. On 6/22/06 8:40 AM, Mamakwa M. Sefiri [EMAIL PROTECTED] wrote: I have activated the Customer User Groups Management some time ago, and it works fine, but the problem is it does not automatically update itself. I have added new Customer on our Active Directory and the do not appear on Customer User Groups Management. Please advise. Thanks Mamakwa ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support orr consulting for your OTRS system? = http://www.otrs.com/ -- ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support orr consulting for your OTRS system? = http://www.otrs.com/
Re: [otrs] Active Directory integration
Hi,
Thank you. It's work fine now.
In fact, I going in local DB, and put my AD users in admin group.
Have a nice day
Guillaume REHM
Service Informatique
Bibliothèque Nationale et Universitaire de Strasbourg
5 rue du Maréchal Joffre
BP 51029
67070 Strasbourg
tél: 03 88 25 28 43
fax: 03 88 25 28 03
mail: [EMAIL PROTECTED]
web: http://www.bnu.fr
Danie a écrit :
Hi Guillaume ,
I think there is mention of this little 'problem' in the manual , and
it states that (unfortunately) only in the 1.3 manual :
http://doc.otrs.org/1.3/en/html/ldap-integration.html#LDAP-INTEGRATION-AD-PREPARATIONS
So I would suggest going back to the local DB , create a user give
him/her admin rights and then start with AD integration.
HTH
Daniel
Guillaume Rehm wrote:
Hi again,
All works fine now. My test users accounts don't have mail in there
users settings !!! Is that why.
But now, I can't login into root (admin otrs). Anyone have an idea ?
When I log into root, OTRS search into Active Directory a root user.
How can I say: users=Active Directory and Admin=local DB ?
How can I say: this Active Directory users is admin of otrs ?
Thanks in advance
Guillaume REHM
Service Informatique
Bibliothèque Nationale et Universitaire de Strasbourg
5 rue du Maréchal Joffre
BP 51029
67070 Strasbourg
tél: 03 88 25 28 43
fax: 03 88 25 28 03
mail: [EMAIL PROTECTED]
web: http://www.bnu.fr
Guillaume Rehm a écrit :
hi,
This is my Config.pm file:
# #
# INTEGRATION ACTIVE DIRECTORY
# #
$Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self-{'AuthModule::LDAP::Host'} = 'hostxx';
$Self-{'AuthModule::LDAP::BaseDN'} =
'ou=Pro,dc=exploitation,dc=local';
$Self-{'AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self-{'AuthModule::LDAP::SearchUserDN'} = 'cn=Guillaume
Rehm,ou=Pro,dc=exploitation,dc=local';
$Self-{'AuthModule::LDAP::SearchUserPw'} = 'xxx';
$Self-{'Customer::AuthModule'} =
'Kernel::System::CustomerAuth::LDAP';
$Self-{'Customer::AuthModule::LDAP::Host'} = 'hostxx';
$Self-{'Customer::AuthModule::LDAP::BaseDN'} =
'ou=Pro,dc=exploitation,dc=local';
$Self-{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self-{'Customer::AuthModule::LDAP::SearchUserDN'} =
'cn=Guillaume Rehm,ou=Pro,dc=exploitation,dc=local';
$Self-{'Customer::AuthModule::LDAP::SearchUserPw'} = 'xxx';
$Self-{CustomerUser} = {
Module = 'Kernel::System::CustomerUser::LDAP',
Params = {
Host = 'hostxx',
BaseDN = 'ou=Pro,dc=exploitation,dc=local',
SSCOPE = 'sub',
UserDN = 'cn=Guillaume Rehm,ou=Pro,dc=exploitation,dc=local',
UserPw = 'xxx',
},
CustomerKey = 'sAMAccountName',
CustomerID = 'mail',
CustomerUserListFields = ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields = ['sAMAccountName', 'cn', 'mail'],
CustomerUserPostMasterSearchFields = 'mail',
CustomerUserNameFields = ['givenname', 'sn'],
Map = [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
# [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1,
'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1,
'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1,
'var' ],
# [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
# [ 'UserAddress', 'Address', 'postaladdress', 1, 0,
'var' ],
# [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
Thanks in advance
Guillaume REHM
Service Informatique
Bibliothèque Nationale et Universitaire de Strasbourg
5 rue du Maréchal Joffre
BP 51029
67070 Strasbourg
tél: 03 88 25 28 43
fax: 03 88 25 28 03
mail: [EMAIL PROTECTED]
web: http://www.bnu.fr
Isaac Gonzalez a écrit :
What have you specified as your mappings
The following work fine for me:
CustomerKey = 'sAMAccountName',
CustomerID = '[customer_id]',
CustomerUserListFields = ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields = ['sAMAccountName', 'cn', 'mail'],
CustomerUserPostMasterSearchFields = ['mail'],
CustomerUserNameFields = ['givenname', 'sn'],
Map = [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
# [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail',
Re: [otrs] Active Directory integration
Hi, By all others I mean local users in OTRS database ([EMAIL PROTECTED] for example) Guillaume REHM Service Informatique Bibliothèque Nationale et Universitaire de Strasbourg 5 rue du Maréchal Joffre BP 51029 67070 Strasbourg tél: 03 88 25 28 43 fax: 03 88 25 28 03 mail: [EMAIL PROTECTED] web: http://www.bnu.fr Mike McGrath a écrit : Guillaume Rehm wrote: Hi all, I integrate Active Directory into OTRS. I can log in OTRS with the account specified to search in active directory. But all others account can't be activated by OTRS. Moreover, [EMAIL PROTECTED] (local root account) can't log in now. Anyone have an idea ? Thanks in advance By all others do you mean customers? There's agents and customers and both have different config settings in the Config.pm. -Mike ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? = http://www.otrs.de/ ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? = http://www.otrs.de/
Re: [otrs] Active Directory integration
hi,
This is my Config.pm file:
# #
# INTEGRATION ACTIVE DIRECTORY
# #
$Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self-{'AuthModule::LDAP::Host'} = 'hostxx';
$Self-{'AuthModule::LDAP::BaseDN'} =
'ou=Pro,dc=exploitation,dc=local';
$Self-{'AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self-{'AuthModule::LDAP::SearchUserDN'} = 'cn=Guillaume
Rehm,ou=Pro,dc=exploitation,dc=local';
$Self-{'AuthModule::LDAP::SearchUserPw'} = 'xxx';
$Self-{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self-{'Customer::AuthModule::LDAP::Host'} = 'hostxx';
$Self-{'Customer::AuthModule::LDAP::BaseDN'} =
'ou=Pro,dc=exploitation,dc=local';
$Self-{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self-{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=Guillaume
Rehm,ou=Pro,dc=exploitation,dc=local';
$Self-{'Customer::AuthModule::LDAP::SearchUserPw'} = 'xxx';
$Self-{CustomerUser} = {
Module = 'Kernel::System::CustomerUser::LDAP',
Params = {
Host = 'hostxx',
BaseDN = 'ou=Pro,dc=exploitation,dc=local',
SSCOPE = 'sub',
UserDN = 'cn=Guillaume Rehm,ou=Pro,dc=exploitation,dc=local',
UserPw = 'xxx',
},
CustomerKey = 'sAMAccountName',
CustomerID = 'mail',
CustomerUserListFields = ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields = ['sAMAccountName', 'cn', 'mail'],
CustomerUserPostMasterSearchFields = 'mail',
CustomerUserNameFields = ['givenname', 'sn'],
Map = [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
# [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
# [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
# [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
# [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
Thanks in advance
Guillaume REHM
Service Informatique
Bibliothèque Nationale et Universitaire de Strasbourg
5 rue du Maréchal Joffre
BP 51029
67070 Strasbourg
tél: 03 88 25 28 43
fax: 03 88 25 28 03
mail: [EMAIL PROTECTED]
web: http://www.bnu.fr
Isaac Gonzalez a écrit :
What have you specified as your mappings
The following work fine for me:
CustomerKey = 'sAMAccountName',
CustomerID = '[customer_id]',
CustomerUserListFields = ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields = ['sAMAccountName', 'cn', 'mail'],
CustomerUserPostMasterSearchFields = ['mail'],
CustomerUserNameFields = ['givenname', 'sn'],
Map = [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
# [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'company', 0, 1, 'var' ],
# [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var'
],
# [ 'UserAddress', 'Address', 'postaladdress', 1, 0,
'var' ],
# [ 'UserComment', 'Comment', 'description', 1, 0, 'var'
],
],
};
Possibly send your config
Isaac Gonzalez
Systems Administrator
AutoReturn
Phone: (415)575-2359
Fax: (415)575-2379
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Guillaume Rehm
Sent: Thursday, April 13, 2006 3:06 AM
To: otrs@otrs.org
Subject: [otrs] Active Directory integration
Hi all,
I integrate Active Directory into OTRS. I can log in OTRS with the
account specified to search in active directory. But all others account
can't be activated by OTRS.
Moreover, [EMAIL PROTECTED] (local root account) can't log in now.
Anyone have an idea ?
Thanks in advance
___
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support oder Consulting für Ihr OTRS System?
= http://www.otrs.de/
Re: [otrs] Active Directory integration
Hi again,
All works fine now. My test users accounts don't have mail in there
users settings !!! Is that why.
But now, I can't login into root (admin otrs). Anyone have an idea ?
When I log into root, OTRS search into Active Directory a root user.
How can I say: users=Active Directory and Admin=local DB ?
How can I say: this Active Directory users is admin of otrs ?
Thanks in advance
Guillaume REHM
Service Informatique
Bibliothèque Nationale et Universitaire de Strasbourg
5 rue du Maréchal Joffre
BP 51029
67070 Strasbourg
tél: 03 88 25 28 43
fax: 03 88 25 28 03
mail: [EMAIL PROTECTED]
web: http://www.bnu.fr
Guillaume Rehm a écrit :
hi,
This is my Config.pm file:
# #
# INTEGRATION ACTIVE DIRECTORY
# #
$Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self-{'AuthModule::LDAP::Host'} = 'hostxx';
$Self-{'AuthModule::LDAP::BaseDN'} =
'ou=Pro,dc=exploitation,dc=local';
$Self-{'AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self-{'AuthModule::LDAP::SearchUserDN'} = 'cn=Guillaume
Rehm,ou=Pro,dc=exploitation,dc=local';
$Self-{'AuthModule::LDAP::SearchUserPw'} = 'xxx';
$Self-{'Customer::AuthModule'} =
'Kernel::System::CustomerAuth::LDAP';
$Self-{'Customer::AuthModule::LDAP::Host'} = 'hostxx';
$Self-{'Customer::AuthModule::LDAP::BaseDN'} =
'ou=Pro,dc=exploitation,dc=local';
$Self-{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self-{'Customer::AuthModule::LDAP::SearchUserDN'} =
'cn=Guillaume Rehm,ou=Pro,dc=exploitation,dc=local';
$Self-{'Customer::AuthModule::LDAP::SearchUserPw'} = 'xxx';
$Self-{CustomerUser} = {
Module = 'Kernel::System::CustomerUser::LDAP',
Params = {
Host = 'hostxx',
BaseDN = 'ou=Pro,dc=exploitation,dc=local',
SSCOPE = 'sub',
UserDN = 'cn=Guillaume Rehm,ou=Pro,dc=exploitation,dc=local',
UserPw = 'xxx',
},
CustomerKey = 'sAMAccountName',
CustomerID = 'mail',
CustomerUserListFields = ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields = ['sAMAccountName', 'cn', 'mail'],
CustomerUserPostMasterSearchFields = 'mail',
CustomerUserNameFields = ['givenname', 'sn'],
Map = [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
# [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1,
'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
# [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
# [ 'UserAddress', 'Address', 'postaladdress', 1, 0,
'var' ],
# [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
Thanks in advance
Guillaume REHM
Service Informatique
Bibliothèque Nationale et Universitaire de Strasbourg
5 rue du Maréchal Joffre
BP 51029
67070 Strasbourg
tél: 03 88 25 28 43
fax: 03 88 25 28 03
mail: [EMAIL PROTECTED]
web: http://www.bnu.fr
Isaac Gonzalez a écrit :
What have you specified as your mappings
The following work fine for me:
CustomerKey = 'sAMAccountName',
CustomerID = '[customer_id]',
CustomerUserListFields = ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields = ['sAMAccountName', 'cn', 'mail'],
CustomerUserPostMasterSearchFields = ['mail'],
CustomerUserNameFields = ['givenname', 'sn'],
Map = [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
# [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'company', 0, 1, 'var' ],
# [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0,
'var' ],
# [ 'UserAddress', 'Address', 'postaladdress', 1, 0,
'var' ],
# [ 'UserComment', 'Comment', 'description', 1, 0,
'var' ],
],
};
Possibly send your config
Isaac Gonzalez
Systems Administrator
AutoReturn
Phone: (415)575-2359
Fax: (415)575-2379
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Guillaume Rehm
Sent: Thursday, April 13, 2006 3:06 AM
To: otrs@otrs.org
Subject: [otrs] Active Directory integration
Hi all,
I integrate Active Directory into OTRS. I can log in OTRS with the
account specified to
Re: [otrs] Active Directory integration
Hi Guillaume ,
I think there is mention of this little 'problem' in the manual , and it
states that (unfortunately) only in the 1.3 manual :
http://doc.otrs.org/1.3/en/html/ldap-integration.html#LDAP-INTEGRATION-AD-PREPARATIONS
So I would suggest going back to the local DB , create a user give
him/her admin rights and then start with AD integration.
HTH
Daniel
Guillaume Rehm wrote:
Hi again,
All works fine now. My test users accounts don't have mail in there
users settings !!! Is that why.
But now, I can't login into root (admin otrs). Anyone have an idea ?
When I log into root, OTRS search into Active Directory a root user.
How can I say: users=Active Directory and Admin=local DB ?
How can I say: this Active Directory users is admin of otrs ?
Thanks in advance
Guillaume REHM
Service Informatique
Bibliothèque Nationale et Universitaire de Strasbourg
5 rue du Maréchal Joffre
BP 51029
67070 Strasbourg
tél: 03 88 25 28 43
fax: 03 88 25 28 03
mail: [EMAIL PROTECTED]
web: http://www.bnu.fr
Guillaume Rehm a écrit :
hi,
This is my Config.pm file:
# #
# INTEGRATION ACTIVE DIRECTORY
# #
$Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self-{'AuthModule::LDAP::Host'} = 'hostxx';
$Self-{'AuthModule::LDAP::BaseDN'} =
'ou=Pro,dc=exploitation,dc=local';
$Self-{'AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self-{'AuthModule::LDAP::SearchUserDN'} = 'cn=Guillaume
Rehm,ou=Pro,dc=exploitation,dc=local';
$Self-{'AuthModule::LDAP::SearchUserPw'} = 'xxx';
$Self-{'Customer::AuthModule'} =
'Kernel::System::CustomerAuth::LDAP';
$Self-{'Customer::AuthModule::LDAP::Host'} = 'hostxx';
$Self-{'Customer::AuthModule::LDAP::BaseDN'} =
'ou=Pro,dc=exploitation,dc=local';
$Self-{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self-{'Customer::AuthModule::LDAP::SearchUserDN'} =
'cn=Guillaume Rehm,ou=Pro,dc=exploitation,dc=local';
$Self-{'Customer::AuthModule::LDAP::SearchUserPw'} = 'xxx';
$Self-{CustomerUser} = {
Module = 'Kernel::System::CustomerUser::LDAP',
Params = {
Host = 'hostxx',
BaseDN = 'ou=Pro,dc=exploitation,dc=local',
SSCOPE = 'sub',
UserDN = 'cn=Guillaume Rehm,ou=Pro,dc=exploitation,dc=local',
UserPw = 'xxx',
},
CustomerKey = 'sAMAccountName',
CustomerID = 'mail',
CustomerUserListFields = ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields = ['sAMAccountName', 'cn', 'mail'],
CustomerUserPostMasterSearchFields = 'mail',
CustomerUserNameFields = ['givenname', 'sn'],
Map = [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
# [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1,
'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
# [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
# [ 'UserAddress', 'Address', 'postaladdress', 1, 0,
'var' ],
# [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
Thanks in advance
Guillaume REHM
Service Informatique
Bibliothèque Nationale et Universitaire de Strasbourg
5 rue du Maréchal Joffre
BP 51029
67070 Strasbourg
tél: 03 88 25 28 43
fax: 03 88 25 28 03
mail: [EMAIL PROTECTED]
web: http://www.bnu.fr
Isaac Gonzalez a écrit :
What have you specified as your mappings
The following work fine for me:
CustomerKey = 'sAMAccountName',
CustomerID = '[customer_id]',
CustomerUserListFields = ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields = ['sAMAccountName', 'cn', 'mail'],
CustomerUserPostMasterSearchFields = ['mail'],
CustomerUserNameFields = ['givenname', 'sn'],
Map = [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
# [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'company', 0, 1, 'var' ],
# [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0,
'var' ],
# [ 'UserAddress', 'Address', 'postaladdress', 1, 0,
'var' ],
# [ 'UserComment', 'Comment', 'description', 1, 0,
'var' ],
],
};
Possibly send your config
Isaac
Re: [otrs] Active Directory integration
Guillaume Rehm wrote: Hi all, I integrate Active Directory into OTRS. I can log in OTRS with the account specified to search in active directory. But all others account can't be activated by OTRS. Moreover, [EMAIL PROTECTED] (local root account) can't log in now. Anyone have an idea ? Thanks in advance By all others do you mean customers? There's agents and customers and both have different config settings in the Config.pm. -Mike ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? = http://www.otrs.de/
RE: [otrs] Active Directory integration
What have you specified as your mappings The following work fine for me: CustomerKey = 'sAMAccountName', CustomerID = '[customer_id]', CustomerUserListFields = ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchFields = ['sAMAccountName', 'cn', 'mail'], CustomerUserPostMasterSearchFields = ['mail'], CustomerUserNameFields = ['givenname', 'sn'], Map = [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown, required, storage-type # [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ], [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ], [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ], [ 'UserCustomerID', 'CustomerID', 'company', 0, 1, 'var' ], # [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ], # [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ], # [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ], ], }; Possibly send your config Isaac Gonzalez Systems Administrator AutoReturn Phone: (415)575-2359 Fax: (415)575-2379 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Guillaume Rehm Sent: Thursday, April 13, 2006 3:06 AM To: otrs@otrs.org Subject: [otrs] Active Directory integration Hi all, I integrate Active Directory into OTRS. I can log in OTRS with the account specified to search in active directory. But all others account can't be activated by OTRS. Moreover, [EMAIL PROTECTED] (local root account) can't log in now. Anyone have an idea ? Thanks in advance -- Guillaume REHM Service Informatique Bibliothèque Nationale et Universitaire de Strasbourg 5 rue du Maréchal Joffre BP 51029 67070 Strasbourg tél: 03 88 25 28 43 fax: 03 88 25 28 03 mail: [EMAIL PROTECTED] web: http://www.bnu.fr ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? = http://www.otrs.de/ ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? = http://www.otrs.de/
RE: [otrs] Active Directory/LDAP authentication problem
On Thu, 2006-01-19 at 10:03 -0800, Hames, Joel wrote: When I say that I have made progress, I am mostly referring to a login screen with no response with I type in a username and password, to one that says, No User Data! to the error message I posted previously. Then just create the user in otrs from the administrative panel. Only authentication is performed via AD, but you still need the user in the local otrs database. -- Luca Corti PGP Key ID 1F38C091 Adesso dico: Prima di tutto il resto, imparare ad ascoltare. signature.asc Description: This is a digitally signed message part ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? = http://www.otrs.de/
RE: [otrs] Active Directory/LDAP authentication problem
Title: Active Directory/LDAP authentication problem Joel, Please post your config.pm. When you say youve made some progress, what does that mean exactly. Have you been able to have your customer end authenticate at all with AD? Im trying to do the same thing, but seem to be having problems aswell, so a sample config.pm to compare mine to would be helpful. Thanks, Mike Pietersen, A+, MCP All State Fastener Corporation IT (586) 498-1388 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hames, Joel Sent: Tuesday, January 17, 2006 6:47 PM To: otrs@otrs.org Subject: [otrs] Active Directory/LDAP authentication problem I have made some progress in getting this working, but I now have this error on my customer login screen: IO::Socket::INET: connect: Unknown error at D:/Programs/OTRS/otrs//Kernel/System/CustomerUser/LDAP.pm line 63. I am not sure if this is an inability to connect problem, or if it is an inability to authenticate against Active Directory. I can post my config.pm, if necessary. Thank you, Joel Hames Director of Technology Tamalpais Union High School District [EMAIL PROTECTED] (415) 945-3798 ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? = http://www.otrs.de/
RE: [otrs] Active Directory/LDAP authentication problem
Title: Active Directory/LDAP authentication problem Does ANYONE have a working/authenticating AD/LDAP config.pm that they can post? If I dont get OTRS working soon, Im going to have to can the project and find something else (which I dont want to do, because I happen to like OTRS). Thanks, Mike Pietersen, A+, MCP All State Fastener Corporation IT (586) 498-1388 ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? = http://www.otrs.de/
RE: [otrs] Active Directory/LDAP authentication problem
On Thu, 2006-01-19 at 09:35 -0500, Mike Pietersen wrote: Does ANYONE have a working/authenticating AD/LDAP config.pm that they can post? For Agents or Customers? You can find detailed instructions in the 1.3 manual. HTH -- Luca Corti PGP Key ID 1F38C091 BOFH excuse of the moment: Electricians made popcorn in the power supply ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? = http://www.otrs.de/
RE: [otrs] Active Directory/LDAP authentication problem
# CustomerID = 'mail', CustomerUserListFields = ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchFields = ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchPrefix = '', CustomerUserSearchSuffix = '*', CustomerUserSearchListLimit = 250, CustomerUserPostMasterSearchFields = ['mail'], CustomerUserNameFields = ['givenname', 'sn'], Map = [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown, required, storage-type # [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ], [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ], [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ], [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ], [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ], # [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ], # [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ], ], }; Thanks, Mike Pietersen, A+, MCP All State Fastener Corporation IT (586) 498-1388 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Luca Corti Sent: Thursday, January 19, 2006 9:38 AM To: User questions and discussions about OTRS.org Subject: RE: [otrs] Active Directory/LDAP authentication problem On Thu, 2006-01-19 at 09:35 -0500, Mike Pietersen wrote: Does ANYONE have a working/authenticating AD/LDAP config.pm that they can post? For Agents or Customers? You can find detailed instructions in the 1.3 manual. HTH -- Luca Corti PGP Key ID 1F38C091 BOFH excuse of the moment: Electricians made popcorn in the power supply ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? = http://www.otrs.de/ ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? = http://www.otrs.de/
RE: [otrs] Active Directory/LDAP authentication problem
When I say that I have made progress, I am mostly referring to a login
screen with no response with I type in a username and password, to one
that says, No User Data! to the error message I posted previously.
Each time it seems like I recognize some little improvement that I can
make, based on other's experiences. This latest error seems to have
something to do with connecting to LDAP, or in where it is looking in
AD. I still, though, haven't seen another working AD/LDAP config.pm
other than the one in the documentation. One other thing is that my
users are in separate OUs, so I am not sure if I need multiple entries
for this in the configuration, or if it will start from a BaseDN and
search downwards.
Here's my config.pm (at least, the relevant portions):
# #
# fs root directory
# #
$Self-{Home} = 'D:/Programs/OTRS/otrs';
# #
# insert your own config settings here #
# config settings taken from Kernel/Config/Defaults.pm #
# #
# $Self-{SessionUseCookie} = 0;
# $Self-{'CheckMXRecord'} = 1;
$Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self-{'AuthModule::LDAP::Host'} = 'tammain.tuhsd.edu';
$Self-{'AuthModule::LDAP::BaseDN'} = 'DC=tuhsd,DC=edu';
$Self-{'AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self-{'AuthModule::LDAP::SearchUserDN'} =
'cn=OTRS,ou=Administrative,ou=TUHSD,dc=TUHSD,dc=edu';
$Self-{'AuthModule::LDAP::SearchUserPw'} = '';
$Self-{'Customer::AuthModule'} =
'Kernel::System::CustomerAuth::LDAP';
$Self-{'Customer::AuthModule::LDAP::Host'} =
'tammain.tuhsd.edu';
$Self-{'Customer::AuthModule::LDAP::BaseDN'} =
'ou=TUHSD,dc=tuhsd,dc=edu';
$Self-{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self-{'Customer::AuthModule::LDAP::SearchUserDN'} =
'cn=OTRS,ou=Administrative,ou=TUHSD,dc=TUHSD,dc=edu';
$Self-{'Customer::AuthModule::LDAP::SearchUserPw'} =
'!';
$Self-{CustomerUser} = {
Module = 'Kernel::System::CustomerUser::LDAP',
Params = {
Host = 'tammail.tuhsd.edu',
BaseDN = 'ou=TUHSD,dc=tuhsd,dc=edu',
SSCOPE = 'sub',
UserDN = 'cn=OTRS,ou=Administrative,ou=TUHSD,dc=TUHSD,dc=edu',
UserPw = '',
},
CustomerKey = 'sAMAccountName',
CustomerID = 'mail',
CustomerUserListFields = 'sAMAccountName', 'cn', 'mail',
CustomerUserSearchFields = 'sAMAccountName', 'cn', 'mail',
CustomerUserPostMasterSearchFields = 'mail',
CustomerUserNameFields = 'givenname', 'sn',
Map = [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
# [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
# [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
# [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
# [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
# #
# #
# #
# End of your own config options!!! #
# #
# #
# #
Joel Hames
Director of Technology
Tamalpais Union High School District
[EMAIL PROTECTED]
(415) 945-3798
___
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support oder Consulting für Ihr OTRS System?
= http://www.otrs.de/
[otrs] Re: OTRS (Active Directory) still doesn't work
Mike, This is how I got it to work. I also have it working on version 2 even though the message below refers to version 1.3.2. http://lists.otrs.org/pipermail/otrs/2005-December/009772.html Hope this helps... Mike [EMAIL PROTECTED] wrote: 1. OTRS (Active Directory) still doesn't work. (Mike Pietersen) I have had OTRS working when using the cookie based user authentication, but when I changed over to AD authentication it no longer works. All I get is: Can't locate object method new via package Kernel::System::CustomerUser::LDAP at /opt/otrs//Kernel/System/CustomerUser.pm line 80, PRODUCT line 4. This PRODUCT line 4. Error will increment and get larger if you hit refresh multiple times. I haven't modified the CustomerUser.pm at all, but I have modified the Config.pm to outline what they have on OTRS's website. It should be working, right? I probably haven't configured it properly, so I'm looking for some suggested direction on which angle to approach this at. ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? = http://www.otrs.de/
Re: [otrs] Active Directory authentication working, just one problem...
Alexis Castillo said this with great authority: Here's my configuration for LDAP against AD. I hope it helps. OK that doesn't look much different than mine. Could you please confirm that a user that is NOT in this group cannot log in? That's the behavior I see; anyone can log in. CD Ever lied? You're a liar. Ever stolen? You're a thief. Ever hated? The bible equates hate with murder. Ever lusted? Jesus equated lust with adultery. You've broken God's law. He'll judge all evil and you're without hope -- unless you have a savior. Repent and believe. ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? = http://www.otrs.de/
Re: [otrs] Active Directory authentication working, just one problem...
Alexis Castillo said this with great authority: When I try to log in a user that is not in the OTRS group for the first time, I get a Can't activate user.. Even more, if the user does not have the information that OTRS is using to fill the DB, it won't let the user log in for the first time. After logging in the first time and having the user created in the DB, I experience the same behavior you're mentioning, the user can log in regardless of being in the group or not. Hmm. I don't think I understand you... are you saying anyone can log into the admin area, they just have to log in twice, once to activate the account and create it in the DB and the second to actually log in? That's the behavior I see. CD Ever lied? You're a liar. Ever stolen? You're a thief. Ever hated? The bible equates hate with murder. Ever lusted? Jesus equated lust with adultery. You've broken God's law. He'll judge all evil and you're without hope -- unless you have a savior. Repent and believe. ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? = http://www.otrs.de/
Re: [otrs] Active Directory authentication working, just one problem...
Alexis Castillo said this with great authority:
It's working for me, but I only have it for internal users.
Comment out the
$Self-{'AuthModule::LDAP::AccessAttr'} = 'memberUid';
in Config.pm
You should only have the
$Self-{'AuthModule::LDAP::UserAttr'} = 'DN';
Only users in your
$Self-{'AuthModule::LDAP::GroupDN'} = 'cn=group, ou=its OU,
dc=example, dc=com';
should be able to log in.
Bummer, still not working.
I just have these two lines:
$Self-{'AuthModule::LDAP::GroupDN'} = 'cn=group, ou=its OU,
dc=example, dc=com';
$Self-{'AuthModule::LDAP::UserAttr'} = 'DN';
I thought it was working. I set it to a group I'm in and was able to log
in. So I logged out and set it to another group and I could still log in.
Care to copy and paste all of the Active Directory sections of your
Config.pm file so I can see if I'm missing anything or misunderstanding
you?
CD
Ever lied? You're a liar. Ever stolen? You're a thief. Ever hated? The
bible equates hate with murder. Ever lusted? Jesus equated lust with
adultery. You've broken God's law.
He'll judge all evil and you're without hope -- unless you have a savior.
Repent and believe.
___
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support oder Consulting für Ihr OTRS System?
= http://www.otrs.de/
Re: [otrs] Active Directory authentication working, just one problem...
Here's my configuration for LDAP against AD. I hope it helps.
Alex.
#
# Configuration for LDAP user authentication
#
$Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self-{'AuthModule::LDAP::Host'} = 'example.com';
$Self-{'AuthModule::LDAP::BaseDN'} = 'dc=example,dc=com';
$Self-{'AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self-{'AuthModule::LDAP::SearchUserDN'} =
'cn=LDAP_USER,cn=Users,dc=example,dc
=com';
$Self-{'AuthModule::LDAP::SearchUserPw'} = 'password';
#
# Control Who gets in via LDAP
#
$Self-{'AuthModule::LDAP::GroupDN'} = 'cn=OTRS, ou=Intranet,
ou=Access Cont
rol, ou=city, dc=example, dc=com';
$Self-{'AuthModule::LDAP::UserAttr'} = 'DN';
# UserSyncLDAPMap
# (map if agent should create/synced from LDAP to DB after login)
$Self-{UserSyncLDAPMap} = {
# DB - LDAP
Firstname = 'givenName',
Lastname = 'sn',
Email = 'mail',
};
Chris de Vidal wrote:
Alexis Castillo said this with great authority:
It's working for me, but I only have it for internal users.
Comment out the
$Self-{'AuthModule::LDAP::AccessAttr'} = 'memberUid';
in Config.pm
You should only have the
$Self-{'AuthModule::LDAP::UserAttr'} = 'DN';
Only users in your
$Self-{'AuthModule::LDAP::GroupDN'} = 'cn=group, ou=its OU,
dc=example, dc=com';
should be able to log in.
Bummer, still not working.
I just have these two lines:
$Self-{'AuthModule::LDAP::GroupDN'} = 'cn=group, ou=its OU,
dc=example, dc=com';
$Self-{'AuthModule::LDAP::UserAttr'} = 'DN';
I thought it was working. I set it to a group I'm in and was able to log
in. So I logged out and set it to another group and I could still log in.
Care to copy and paste all of the Active Directory sections of your
Config.pm file so I can see if I'm missing anything or misunderstanding
you?
CD
Ever lied? You're a liar. Ever stolen? You're a thief. Ever hated? The
bible equates hate with murder. Ever lusted? Jesus equated lust with
adultery. You've broken God's law.
He'll judge all evil and you're without hope -- unless you have a savior.
Repent and believe.
___
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support oder Consulting für Ihr OTRS System?
= http://www.otrs.de/
--
Alexis Castillo
Systems Administrator
Quicksilver Express Courier
http://www.qec.com/
___
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support oder Consulting für Ihr OTRS System?
= http://www.otrs.de/
Re: [otrs] Active Directory as customer backend
I'm using 2003 AD as my customer backend, it took me a while to get it working, but it works now. :) Scott Millard University of Central Florida Public Safety and Police 407-823-4699 [EMAIL PROTECTED] [EMAIL PROTECTED] 7/29/2004 7:28:48 AM Has anyone been able to configure OTRS to use Windows 2003 Active Directory as the customer backend? If so, are there any quick and dirty guides? The install documents reference using LDAP as the backend, but I'm not quite sure how AD == LDAP mappings would look. See the cvs version of the docs, the following chapter 11 is about AD integration: http://doc.otrs.org/cvs/en/html/ldap-integration.html hth, Robert Kehl -- ((otrs.de)) :: OTRS GmbH :: Norsk-Data-Str. 1 :: 61352 Bad Homburg http://www.otrs.de/ :: Tel. +49 (0)6172 4832388 ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? = http://www.otrs.de/ ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? = http://www.otrs.de/
Re: [otrs] Active Directory as customer backend
Has anyone been able to configure OTRS to use Windows 2003 Active Directory as the customer backend? If so, are there any quick and dirty guides? The install documents reference using LDAP as the backend, but I'm not quite sure how AD == LDAP mappings would look. See the cvs version of the docs, the following chapter 11 is about AD integration: http://doc.otrs.org/cvs/en/html/ldap-integration.html hth, Robert Kehl -- ((otrs.de)) :: OTRS GmbH :: Norsk-Data-Str. 1 :: 61352 Bad Homburg http://www.otrs.de/ :: Tel. +49 (0)6172 4832388 ___ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? = http://www.otrs.de/
