[otrs] Problem with LDAP (AD) lookups

Tue, 21 Sep 2004 13:49:25 -0700 

AD Authentication is working OK, but I have to create an entry in the
customer table before a customer can login.  That's not a big deal,
hopefully that will be working nicely in later versions :-)
 
What's not working is that when I select the Customer User page under the
Admin Area I only see the users that I've manually setup.  I also get
messages such as the following in my system's messages log file.  At around
16:40 I changed the user to the Administrator of the AD tree to see if it
was a permissions issue that was causing the browsing to fail.  

____________________________________________________________________________
____  
Sep 21 16:39:35 test OTRS-CGI-10[4266]:
[Error][Kernel::System::CustomerUser::LDAP::CustomerUserList][Line:169]:
00000000: LdapErr: DSID-0C0905FF, comment: In order to perform this
operation a successful bind must be completed on the connection., data 0,
vece
Sep 21 16:39:35 test
Sep 21 16:39:35 test OTRS-CGI-10[4266]:
[Error][Kernel::System::CustomerUser::LDAP::CustomerUserList][Line:169]:
00000000: LdapErr: DSID-0C0905FF, comment: In order to perform this
operation a successful bind must be completed on the connection., data 0,
vece
Sep 21 16:39:35 test
Sep 21 16:40:00 test /USR/SBIN/CRON[27178]: (otrs) CMD
($HOME/bin/PostMasterPOP3.pl >> /dev/null)
Sep 21 16:40:00 test /USR/SBIN/CRON[27180]: (otrs) CMD
($HOME/bin/GenericAgent.pl >> /dev/null)
Sep 21 16:41:37 test OTRS-CGI-10[4267]:
[Error][Kernel::System::CustomerUser::LDAP::CustomerUserList][Line:169]:
0000208D: NameErr: DSID-031001C6, problem 2001 (NO_OBJECT), data 0, best
match of:  'DC=corp,DC=hiplab2003,DC=com'
Sep 21 16:41:37 test
Sep 21 16:41:37 test OTRS-CGI-10[4267]:
[Error][Kernel::System::CustomerUser::LDAP::CustomerUserList][Line:169]:
0000208D: NameErr: DSID-031001C6, problem 2001 (NO_OBJECT), data 0, best
match of:  'DC=corp,DC=hiplab2003,DC=com'

____________________________________________________________________________
____ 
Below is the Config.pm section that I added so far:
____________________________________________________________________________
____ 
 
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';

$Self->{'AuthModule::LDAP::Host'} = '10.1.104.153';

$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=corp,dc=hiplab2003,dc=com';

$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';

$Self->{'AuthModule::LDAP::SearchUserDN'} =
'[EMAIL PROTECTED]';

$Self->{'AuthModule::LDAP::SearchUserPw'} = 'xxx';

 

$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';

$Self->{'Customer::AuthModule::LDAP::Host'} = '10.1.104.153';

$Self->{'Customer::AuthModule::LDAP::BaseDN'} =
'dc=corp,dc=hiplab2003,dc=com';

$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';

$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} =
'[EMAIL PROTECTED]';

$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'xxx';

 

# CustomerUser

# (customer user database backend and settings)

    $Self->{CustomerUser} = {

        Name => 'Datenbank',

        Module => 'Kernel::System::CustomerUser::DB',

        Params => { Table => 'customer_user',

            # to use an external database

#           DSN => 'DBI:odbc:yourdsn',

#           DSN => 'DBI:mysql:database=customerdb;host=customerdbhost',

#           User => '', Password => '',

        },

        # customer uniq id

        CustomerKey => 'login',

        CustomerID => 'customer_id',

        CustomerValid => 'valid_id',

        CustomerUserListFields => ['first_name', 'last_name', 'email'],

#       CustomerUserListFields => ['login', 'first_name', 'last_name',
'customer_id', 'email'],

        CustomerUserSearchFields => ['login', 'last_name', 'customer_id'],

        CustomerUserSearchPrefix => '',

        CustomerUserSearchSuffix => '*',

        CustomerUserSearchListLimit => 250,

        CustomerUserPostMasterSearchFields => ['email'],

        CustomerUserNameFields => ['salutation', 'first_name', 'last_name'],

#       ReadOnly => 1,

        Map => [

            # note: Login, Email and CustomerID needed!

            # var, frontend, storage, shown, required, storage-type,
http-link

            [ 'UserSalutation', 'Salutation', 'salutation', 1, 0, 'var' ],

            [ 'UserFirstname', 'Firstname', 'first_name', 1, 1, 'var' ],

            [ 'UserLastname', 'Lastname', 'last_name', 1, 1, 'var' ],

            [ 'UserLogin', 'Login', 'login', 1, 1, 'var' ],

            [ 'UserPassword', 'Password', 'pw', 0, 1, 'var' ],

            [ 'UserEmail', 'Email', 'email', 0, 1, 'var' ],

            [ 'UserCustomerID', 'CustomerID', 'customer_id', 0, 1, 'var' ],

            [ 'UserComment', 'Comment', 'comments', 1, 0, 'var' ],

            [ 'ValidID', 'Valid', 'valid_id', 0, 1, 'int' ],

        ],

    };

 

  # CustomerUser1

  # (customer user ldap backend and settings)

  $Self->{CustomerUser1} = {

    Module => 'Kernel::System::CustomerUser::LDAP',

    Params => {

      # ldap host

      Host => '10.1.104.153',

      # ldap base dn

      BaseDN => 'ou=Users, dc=corp, dc=hiplab2003, dc=com',

      # search scope (one|sub)

      SSCOPE => 'sub',

      # The following is valid but would only be necessary if the

      # anonymous user does NOT have permission to read from the LDAP tree

      UserDN => 'cn=Pete McDonnell, ou=Users, dc=corp, dc=hiplab2003,
dc=com',

      UserPw => 'xxx',

      AlwaysFilter => '',

      SourceCharset => 'utf-8',

      DestCharset => 'iso-8859-1',

    },

    # customer uniq id

    CustomerKey => 'sAMAccountName',

    # customer #

    CustomerID => 'mail',

    CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],

    CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],

    CustomerUserSearchPrefix => '',

    CustomerUserSearchSuffix => '*',

    CustomerUserSearchListLimit => 250,

    CustomerUserPostMasterSearchFields => ['mail'],

    CustomerUserNameFields => ['givenname', 'sn'],

    Map => [

      # note: Login, Email and CustomerID needed!

      # var, frontend, storage, shown, required, storage-type

      #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],

      [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],

      [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],

      [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],

      [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],

      [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],

      [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],

      #[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],

      #[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],

    ],

  };
____________________________________________________________________________
____ 

Is anyone able to provide any insight?


 
- Pete McDonnell
  Manager, Technical Services
  Hip Interactive
  Phone: (519) 272-0234 x228
_______________________________________________
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support oder Consulting f�r Ihr OTRS System?
=> http://www.otrs.de/

Reply via email to