Re: [otrs] OTRS config : LDAP and Consumers

Fri, 04 Nov 2016 05:39:46 -0700 

Just for reference, I wrote this old post:
http://forums.otterhub.org/viewtopic.php?t=16543

The following are important:
    $Self->{'Customer::AuthModule::LDAP::UID'} = 'uid';
    $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID';

You can change these to mail if you want to try differently.

On Fri, Nov 4, 2016 at 5:52 AM, Joel Marchand <[email protected]>
wrote:

>
>         Hello,
>
> My config : Linux CentOS 7 - otrs-5.0.13-01 (from rpm) - OpenLDAP 2.4
>
> I have configured OTRS to use LDAP for the Agents authentification. It is
> OK.
>
> I want to do the same for the Consumers. I read many examples, but without
> success.
>
> 1/ in the Administration/Consumers panel, I see all my LDAP users like :
>
> jjma2 jma2 jma2         [email protected]   [email protected]
>
> 2/ when I try to login with an LDAP id, I get these message
>
>          Panic, user authenticated but no user data can be found in OTRS
> DB!! Perhaps the user is invalid.
>
> 3/ and in /var/log/httpd/error.log, I get
>
> ERROR: OTRS-CGI-38 Perl: 5.16.3 OS: linux Time: Fri Nov  4 10:40:31 2016
>
>  Message: No UserID found for 'jjma2'!
>
>  RemoteAddress: 109.190.22.197
>  RequestURI: /otrs/index.pl
>
>  Traceback (19414):
>    Module: Kernel::System::User::UserLookup Line: 935
>    Module: Kernel::System::Auth::Auth Line: 206
>    Module: Kernel::System::Web::InterfaceAgent::Run Line: 228
>    Module: 
> ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_index_2epl::handler
> Line: 40
>    Module: (eval) (v1.99) Line: 207
>    Module: ModPerl::RegistryCooker::run (v1.99) Line: 207
>    Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 173
>    Module: ModPerl::Registry::handler (v1.99) Line: 32
>
> ERROR: OTRS-CGI-38 Perl: 5.16.3 OS: linux Time: Fri Nov  4 10:40:31 2016
>
>  Message: No UserID found for 'jjma2'!
>
>  RemoteAddress: 109.190.22.197
>  RequestURI: /otrs/index.pl
>
>  Traceback (19414):
>    Module: Kernel::System::User::UserLookup Line: 935
>    Module: Kernel::System::Auth::Auth Line: 305
>    Module: Kernel::System::Web::InterfaceAgent::Run Line: 228
>    Module: 
> ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_index_2epl::handler
> Line: 40
>    Module: (eval) (v1.99) Line: 207
>    Module: ModPerl::RegistryCooker::run (v1.99) Line: 207
>    Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 173
>    Module: ModPerl::Registry::handler (v1.99) Line: 32
>
> My config is below.
>
> Where is my mistake ?
>
> Thanks a lot for any suggestion.
>
>         Joel Marchand
>
>    $Self->{CustomerUser} = {
>        Name => 'LDAP Backend',
>        Module => 'Kernel::System::CustomerUser::LDAP',
>        Params => {
>            # ldap host
>            Host => 'ldaps://ldapr1.huma-num.fr:636/',
>            # ldap base dn
>            BaseDN => 'dc=huma-num,dc=fr',
>            # search scope (one|sub)
>            SSCOPE => 'sub',
>            # The following is valid but would only be necessary if the
>            # anonymous user does NOT have permission to read from the LDAP
> tree
>            UserDN => 'cn=otrs,ou=dsa,dc=huma-num,dc=fr',
>            UserPw => 'xxxx',
>            # in case you want to add always one filter to each ldap query,
> use
>            # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter
> => '(objectclass=user)'
>            AlwaysFilter => '(objectclass=posixAccount)',
>            # if the charset of your ldap server is iso-8859-1, use this:
>            # SourceCharset => 'iso-8859-1',
>            # die if backend can't work, e. g. can't connect to server
>            Die => 1,
>            # Net::LDAP new params (if needed - for more info see perldoc
> Net::LDAP)
>            Params => {
>                port    => 636,
>                timeout => 120,
>                async   => 0,
>                version => 3,
>                 cafile => '/etc/ssl/certs/star_huma-num_
> fr-intermediate.pem',
>                 clientcert => '/etc/ssl/certs/star_huma-num_fr.pem',
>                 clientkey => '/etc/ssl/private/star_huma-num_fr.key',
>            },
>        },
>        # customer unique id
>        CustomerKey => 'uid',
>        # customer #
>        CustomerID => 'mail',
>        CustomerUserListFields => ['cn', 'mail'],
>        CustomerUserSearchFields => ['uid', 'cn', 'mail'],
>        CustomerUserSearchPrefix => '',
>        CustomerUserSearchSuffix => '*',
>        CustomerUserSearchListLimit => 250,
>        CustomerUserPostMasterSearchFields => ['mail'],
>        CustomerUserNameFields => ['givenname', 'sn'],
>        # show now own tickets in customer panel, CompanyTickets
>        CustomerUserExcludePrimaryCustomerID => 0,
>        # add a ldap filter for valid users (expert setting)
>        # CustomerUserValidFilter => '(!(description=gesperrt))',
>        # admin can't change customer preferences
>        AdminSetPreferences => 0,
>        # cache time to live in sec. - cache any ldap queries
>        CacheTTL => 0,
>        Map => [
>            # note: Login, Email and CustomerID needed!
>            # var, frontend, storage, shown (1=always,2=lite), required,
> storage-type, http-link, readonly
>            [ 'UserTitle',      'Title',      'title',           1, 0,
> 'var', '', 0 ],
>            [ 'UserFirstname',  'Firstname',  'givenname',       1, 1,
> 'var', '', 0 ],
>            [ 'UserLastname',   'Lastname',   'sn',              1, 1,
> 'var', '', 0 ],
>            [ 'UserLogin',      'Username',   'uid',             1, 1,
> 'var', '', 0 ],
>            [ 'UserEmail',      'Email',      'mail',            1, 1,
> 'var', '', 0 ],
>            [ 'UserCustomerID', 'CustomerID', 'mail',            0, 1,
> 'var', '', 0 ],
>            # [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1,
> 0, 'var', '', 0 ],
>            [ 'UserPhone',      'Phone',      'telephonenumber', 1, 0,
> 'var', '', 0 ],
>            [ 'UserAddress',    'Address',    'postaladdress',   1, 0,
> 'var', '', 0 ],
>            [ 'UserComment',    'Comment',    'description',     1, 0,
> 'var', '', 0 ],
>        ],
>    };
>
>
> PS : I try also
>
>     $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth:
> :LDAP';
>     $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} =
> 'cn=otrs,ou=dsa,dc=huma-num,dc=fr';
>     $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'xxx';
>     $Self->{'Customer::AuthModule::LDAP::Host'} = ['ldaps://
> ldapr1.huma-num.fr:636/','ldaps://ldapr2.huma-num.fr:636/'];
>     $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=huma-num,dc=fr';
>     $Self->{'Customer::AuthModule::LDAP::UID'} = 'uid';
>     $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID';
>     $Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} =
> '(objectclass=posixAccount)';
>     $Self->{'Customer::AuthModule::LDAP::Params'} = {
>         port => 636,
>         timeout => 120,
>         async => 0,
>         version => 3,
>         cafile => '/etc/ssl/certs/star_huma-num_fr-intermediate.pem',
>         clientcert => '/etc/ssl/certs/star_huma-num_fr.pem',
>         clientkey => '/etc/ssl/private/star_huma-num_fr.key',
>     };
>
> -> with this configuration, I don't see the LDAP accounts in the
> Administration/Customers panel.
>
>
> --
> Très Grande Infrastructure de Recherche Huma-Num - CNRS UMS 3598
> 3ème étage - bureau 303 - CS n°71345
> 196 avenue de France - 75648 PARIS CEDEX 13
> Tél : 01 49 54 83 09  - http://www.huma-num.fr/personne/joel-marchand
> ---------------------------------------------------------------------
> OTRS mailing list: otrs - Webpage: http://otrs.org/
> Archive: http://lists.otrs.org/pipermail/otrs
> To unsubscribe: http://lists.otrs.org/mailman/listinfo/otrs

---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/mailman/listinfo/otrs

Reply via email to