Hi
Thanks for your email.
I understand that the two parts
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = $SearchUserDN;
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = $SearchUserPw;
$Self->{'Customer::AuthModule::LDAP::Host'} = $Host;
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = $Base;
$Self->{'Customer::AuthModule::LDAP::UID'} = 'uid';
$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'uid';
$Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} =
'(objectclass=posixAccount)';
$Self->{'Customer::AuthModule::LDAP::Params'} = $Params;
and
$Self->{CustomerUser} = {
Name => 'LDAP Backend',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
...
[ 'UserComment', 'Comment', 'description', 1, 0,
'var', '', 0 ],
],
}
are necessary. Sorry for this mistake.
So I put these two parts in my configuration
- the first : very similar to the "$Self->{'AuthModule'}" part
- the second : very carefully edited from Config/Defaults.pm
But I get the same messages when I try to connect
- Web interface : Panic, user authenticated but no user data can be
found in OTRS DB!! Perhaps the user is invalid.
- error_log : Message: No UserID found for 'jma'!
It is the same with the line
$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'uid';
or with the line
$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID';
Regards,
Joel Marchand
PS : one LDIF entry
# jma, people, huma-num.fr
dn: uid=jma,ou=people,dc=huma-num,dc=fr
uid: jma
loginShell: /bin/bash
uidNumber: 30001
gidNumber: 30001
mail: [email protected]
gosaMailDeliveryMode: []
o: CNRS
supannListeRouge: FALSE
dateOfBirth: 1963-08-15
gender: M
co: France
fdPrivateMail: [email protected]
homeDirectory: /home/jma
cn: jma jma
sn: jma
givenName: jma
gecos: jma jma
description: TGIR
sambaSID: S-1-5-21-134782382-3786202306-2389167217-60003
sambaDomainName: DEFAULT
sambaMungedDial: IAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgA
CAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAUAAEABoACA
ABAEMAdAB4AEMAZgBnAFAAcgBlAHMAZQBuAHQANTUxZTBiYjAYAAgAAQBDAHQAeABDAGYAZwBGAGw
AYQBnAHMAMQAwMGUwMDAxMBIACAABAEMAdAB4AFMAaABhAGQAbwB3ADAxMDAwMDAwKgACAAEAQwB0
AHgATQBpAG4ARQBuAGMAcgB5AHAAdABpAG8AbgBMAGUAdgBlAGwAMDA=
sambaAcctFlags: [U ]
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
objectClass: gosaMailAccount
objectClass: eduPerson
objectClass: supannPerson
objectClass: fdPersonalInfo
objectClass: sambaSamAccount
sambaBadPasswordTime: 0
sambaBadPasswordCount: 0
sambaNTPassword: xxxxxxxxxxxxxxxxxxxxxxxxx
sambaPwdLastSet: 1478193536
Le Fri, Nov 04, 2016 at 08:38:46AM -0400, Gerald Young disait :
> Just for reference, I wrote this old post: http://forums.otterhub.org/
> viewtopic.php?t=16543
>
> The following are important:
> $Self->{'Customer::AuthModule::LDAP::UID'} = 'uid';
> $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID';
>
> You can change these to mail if you want to try differently.
>
> On Fri, Nov 4, 2016 at 5:52 AM, Joel Marchand <[email protected]>
> wrote:
>
>
> Hello,
>
> My config : Linux CentOS 7 - otrs-5.0.13-01 (from rpm) - OpenLDAP 2.4
>
> I have configured OTRS to use LDAP for the Agents authentification. It is
> OK.
>
> I want to do the same for the Consumers. I read many examples, but without
> success.
>
> 1/ in the Administration/Consumers panel, I see all my LDAP users like :
>
> jjma2 jma2 jma2 [email protected] [email protected]
>
> 2/ when I try to login with an LDAP id, I get these message
>
> Panic, user authenticated but no user data can be found in OTRS
> DB!! Perhaps the user is invalid.
>
> 3/ and in /var/log/httpd/error.log, I get
>
> ERROR: OTRS-CGI-38 Perl: 5.16.3 OS: linux Time: Fri Nov 4 10:40:31 2016
>
> Message: No UserID found for 'jjma2'!
>
> RemoteAddress: 109.190.22.197
> RequestURI: /otrs/index.pl
>
> Traceback (19414):
> Module: Kernel::System::User::UserLookup Line: 935
> Module: Kernel::System::Auth::Auth Line: 206
> Module: Kernel::System::Web::InterfaceAgent::Run Line: 228
> Module: ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_
> 2dbin_index_2epl::handler Line: 40
> Module: (eval) (v1.99) Line: 207
> Module: ModPerl::RegistryCooker::run (v1.99) Line: 207
> Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 173
> Module: ModPerl::Registry::handler (v1.99) Line: 32
>
> ERROR: OTRS-CGI-38 Perl: 5.16.3 OS: linux Time: Fri Nov 4 10:40:31 2016
>
> Message: No UserID found for 'jjma2'!
>
> RemoteAddress: 109.190.22.197
> RequestURI: /otrs/index.pl
>
> Traceback (19414):
> Module: Kernel::System::User::UserLookup Line: 935
> Module: Kernel::System::Auth::Auth Line: 305
> Module: Kernel::System::Web::InterfaceAgent::Run Line: 228
> Module: ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_
> 2dbin_index_2epl::handler Line: 40
> Module: (eval) (v1.99) Line: 207
> Module: ModPerl::RegistryCooker::run (v1.99) Line: 207
> Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 173
> Module: ModPerl::Registry::handler (v1.99) Line: 32
>
> My config is below.
>
> Where is my mistake ?
>
> Thanks a lot for any suggestion.
>
> Joel Marchand
>
> $Self->{CustomerUser} = {
> Name => 'LDAP Backend',
> Module => 'Kernel::System::CustomerUser::LDAP',
> Params => {
> # ldap host
> Host => 'ldaps://ldapr1.huma-num.fr:636/',
> # ldap base dn
> BaseDN => 'dc=huma-num,dc=fr',
> # search scope (one|sub)
> SSCOPE => 'sub',
> # The following is valid but would only be necessary if the
> # anonymous user does NOT have permission to read from the LDAP
> tree
> UserDN => 'cn=otrs,ou=dsa,dc=huma-num,dc=fr',
> UserPw => 'xxxx',
> # in case you want to add always one filter to each ldap query,
> use
> # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter
> => '(objectclass=user)'
> AlwaysFilter => '(objectclass=posixAccount)',
> # if the charset of your ldap server is iso-8859-1, use this:
> # SourceCharset => 'iso-8859-1',
> # die if backend can't work, e. g. can't connect to server
> Die => 1,
> # Net::LDAP new params (if needed - for more info see perldoc
> Net::LDAP)
> Params => {
> port => 636,
> timeout => 120,
> async => 0,
> version => 3,
> cafile => '/etc/ssl/certs/star_huma-num_
> fr-intermediate.pem',
> clientcert => '/etc/ssl/certs/star_huma-num_fr.pem',
> clientkey => '/etc/ssl/private/star_huma-num_fr.key',
> },
> },
> # customer unique id
> CustomerKey => 'uid',
> # customer #
> CustomerID => 'mail',
> CustomerUserListFields => ['cn', 'mail'],
> CustomerUserSearchFields => ['uid', 'cn', 'mail'],
> CustomerUserSearchPrefix => '',
> CustomerUserSearchSuffix => '*',
> CustomerUserSearchListLimit => 250,
> CustomerUserPostMasterSearchFields => ['mail'],
> CustomerUserNameFields => ['givenname', 'sn'],
> # show now own tickets in customer panel, CompanyTickets
> CustomerUserExcludePrimaryCustomerID => 0,
> # add a ldap filter for valid users (expert setting)
> # CustomerUserValidFilter => '(!(description=gesperrt))',
> # admin can't change customer preferences
> AdminSetPreferences => 0,
> # cache time to live in sec. - cache any ldap queries
> CacheTTL => 0,
> Map => [
> # note: Login, Email and CustomerID needed!
> # var, frontend, storage, shown (1=always,2=lite), required,
> storage-type, http-link, readonly
> [ 'UserTitle', 'Title', 'title', 1, 0,
> 'var', '', 0 ],
> [ 'UserFirstname', 'Firstname', 'givenname', 1, 1,
> 'var', '', 0 ],
> [ 'UserLastname', 'Lastname', 'sn', 1, 1,
> 'var', '', 0 ],
> [ 'UserLogin', 'Username', 'uid', 1, 1,
> 'var', '', 0 ],
> [ 'UserEmail', 'Email', 'mail', 1, 1,
> 'var', '', 0 ],
> [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1,
> 'var', '', 0 ],
> # [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1,
> 0, 'var', '', 0 ],
> [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0,
> 'var', '', 0 ],
> [ 'UserAddress', 'Address', 'postaladdress', 1, 0,
> 'var', '', 0 ],
> [ 'UserComment', 'Comment', 'description', 1, 0,
> 'var', '', 0 ],
> ],
> };
>
>
> PS : I try also
>
> $Self->{'Customer::AuthModule'} =
> 'Kernel::System::CustomerAuth::LDAP';
> $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=otrs,ou=
> dsa,dc=huma-num,dc=fr';
> $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'xxx';
> $Self->{'Customer::AuthModule::LDAP::Host'} = ['ldaps://
> ldapr1.huma-num.fr:636/','ldaps://ldapr2.huma-num.fr:636/'];
> $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=huma-num,dc=fr';
> $Self->{'Customer::AuthModule::LDAP::UID'} = 'uid';
> $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID';
> $Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '(objectclass=
> posixAccount)';
> $Self->{'Customer::AuthModule::LDAP::Params'} = {
> port => 636,
> timeout => 120,
> async => 0,
> version => 3,
> cafile => '/etc/ssl/certs/star_huma-num_fr-intermediate.pem',
> clientcert => '/etc/ssl/certs/star_huma-num_fr.pem',
> clientkey => '/etc/ssl/private/star_huma-num_fr.key',
> };
>
> -> with this configuration, I don't see the LDAP accounts in the
> Administration/Customers panel.
>
>
> --
> Très Grande Infrastructure de Recherche Huma-Num - CNRS UMS 3598
> 3ème étage - bureau 303 - CS n°71345
> 196 avenue de France - 75648 PARIS CEDEX 13
> Tél : 01 49 54 83 09 - http://www.huma-num.fr/personne/joel-marchand
> ---------------------------------------------------------------------
> OTRS mailing list: otrs - Webpage: http://otrs.org/
> Archive: http://lists.otrs.org/pipermail/otrs
> To unsubscribe: http://lists.otrs.org/mailman/listinfo/otrs
>
>
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/mailman/listinfo/otrs
