Hi,
To use Active Directory as the autneitcator with Otrs, you need to change your config
to use sAMAccountName=otrs in stead of uid. AD does not use "uid".
To make sure you are using the right LDAP entries, use the LDIFDE -f output.txt to
dump the entire AD LDAP tree info to the output.txt file (run this command on your
server - or workstation if you have the W2K Resource kit installed). You can then
browse through the file to make sure you have the right information regarding your
OTRS user.
As I recall, to use LDAP, you will need to have the net-ldap utils installed for perl
(unless my mind is playing up again...)
Here is a dump of our OTRS Kernel/Config.pm AD auth configuration. We take all info
from ad, including admin users and customer users. (Some of the fields is wrapped
below!)
----------------------
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'w2k01.dummydomain.dummy.com';
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=dummydomain,dc=dummy,dc=com';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::SearchUserDN'} =
'cn=otrs,cn=Users,dc=dummydomain,dc=dummy,dc=com';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'pass';
# This is an example configuration for an LDAP auth. backend.
# (take care that Net::LDAP is installed!)
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'w2k01.dummydomain.dummy.com';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=dummydomain,dc=dummy,dc=com';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
# The following is valid but would only be necessary if the
# anonymous user do NOT have permission to read from the LDAP tree
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} =
'cn=otrsr,cn=Users,dc=dummydomain,dc=dummy,dc=com';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'pass';
# (customer user ldap backend and settings)
$Self->{CustomerUser} =
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
# ldap host
Host => 'w2k01.dummydomain.dummy.com',
# ldap base dn
BaseDN => 'dc=domain,dc=dummy,dc=com',
# search scope (one|sub)
SSCOPE => 'sub',
# The following is valid but would only be necessary if the
# anonymous user does NOT have permission to read from the LDAP tree
UserDN => 'cn=otrs,cn=Users,dc=dummydomain,dc=dummy,dc=com',
UserPw => 'pass',
},
# customer uniq id
CustomerKey => 'sAMAccountName',
# customer #
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
# [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
# [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
# [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
# [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
>-----Original Message-----
>From: Vladimir Gerdjikov [mailto:[EMAIL PROTECTED]
>Sent: Wednesday, March 17, 2004 9:32 AM
>To: User questions and discussions about OTRS.
>Subject: Re: [otrs] CustomerAuth LDAP problem
>
>
>Robert Kehl wrote:
>
>> Find attached the necessary settings for both tasks.
>
>10x, for configs. Everything is more clearer, but I still
>can't authenticate
>successeful.
>Error is: [Notice][Kernel::System::CustomerAuth::LDAP::Auth]
>CustomerUser: otrs
>login failed, no LDAP entry found!BaseDN='DC=hebros,DC=bg',
>Filter='(uid=otrs)'
>
>I suspect that something is wrong with BaseDN when
>authenticate, but WHAT?!
>When I use DB authentication for users, I can search (not so
>goog, may be
>additional parameters are necessary, but serch is working),
>therefore my BaseDN
>is correct.
>
>What about user password? Does password is send in plain text,
>or password is
>send with some hash (MD5, SHA-1) to LDAP server (AD in my
>case). Sorry, but I'm
>not programmer and can't search through all this pers stuf.
>This is my first attemt to authenticate someone non windows
>user through AD and
>I think that something is missing in my Linux server (PAM module?).
>
>--
>Best regards,
>Vladimir Gerdjikov
>
>Communication and NOS Manager, HebrosBank Head Office, +359 32/903435,
>+359 888 578 458
>KeyID:BC821E9B from http://wwwkeys.uk.pgp.net
>Fingerprint: 503C 54EE C1B0 B446 DD84 5A3A 4E05 4D62 BC82 1E9B
>
>_______________________________________________
>OTRS mailing list: otrs - Webpage: http://otrs.org/
>Archive: http://lists.otrs.org/pipermail/otrs
>To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
>Support oder Consulting f�r Ihr OTRS System?
>=> http://www.otrs.de/
>
DISCLAIMER:
This message contains information that may be privileged or confidential and is the
property of the Roxar Group. It is intended only for the person to whom it is
addressed. If you are not the intended recipient, you are not authorised to read,
print, retain, copy, disseminate, distribute, or use this message or any part thereof.
If you receive this message in error, please notify the sender immediately and delete
all copies of this message.
_______________________________________________
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support oder Consulting f�r Ihr OTRS System?
=> http://www.otrs.de/
