Hm, that error message...
Don't know if it's because of "cleaning" before publication of your config,
but one thing that comes to mind, is that the default "Users" container is
just that: A container. Not an OU.
So, yet another suggestion:
Change the "OU" to "CN" in the lines:
$Self->{'AuthModule::LDAP::BaseDN'} = 'OU=users,dc=example,dc=org';
and
$Self->{'AuthModule::LDAP::GroupDN'} = 'CN=otrs,OU=users,DC=example,DC=org';
--
/Sune
_____
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Benedick, Jason
Sent: 21. maj 2007 21:51
To: User questions and discussions about OTRS.org
Subject: RE: [otrs] Active Directory Authentication
I'm getting this error:
May 21 15:30:05 websvr OTRS-CGI-10[21731]:
[Notice][Kernel::System::Auth::LDAP::Auth] User: benedick authentication
failed, no LDAP group entry
foundGroupDN='CN=otrs,OU=users,DC=example,DC=org',
Filter='(member=CN=Benedick\, Jason,OU=users,DC=example,DC=org)'!
Jason R. Benedick
Workstation Technician
Thaddeus Stevens College of Technology
(717) 391-6957
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sune
T. Tougaard
Sent: Monday, May 21, 2007 10:53 AM
To: User questions and discussions about OTRS.org
Subject: RE: [otrs] Active Directory Authentication
Any details in the logfile?
Also, i don't think that nested groups works, so the members has to be
"direct" members of the group.
--
/Sune
_____
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Benedick, Jason
Sent: 21. maj 2007 15:18
To: User questions and discussions about OTRS.org
Subject: RE: [otrs] Active Directory Authentication
Adding that line doesn't solve the problem I'm having.
Thanks,
Jason R. Benedick
Workstation Technician
Thaddeus Stevens College of Technology
(717) 391-6957
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sune
T. Tougaard
Sent: Monday, May 21, 2007 5:10 AM
To: User questions and discussions about OTRS.org
Subject: RE: [otrs] Active Directory Authentication
Hi Jason,
Same authentication setup here, and i think that i might have experienced
something like this.
Try adding this line to the config:
$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
I think that the otrs default setting is:
$Self->{'AuthModule::LDAP::AccessAttr'} = 'memberUid';
And that's not quite what the AD LDAP has to offer.
As for the host failover, i don't know if you can use multiple host names.
I'm using just the domain name.
That is: "example.org", and the DNS round-robins it. Not entirely failover,
but better than nothing.
--
/Sune
_____
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Benedick, Jason
Sent: 21. maj 2007 00:49
To: [email protected]
Subject: [otrs] Active Directory Authentication
I have active directory authentication working with the exception of the
GroupDN for the admin interface. When I comment out the GroupDN and the
UserAttr lines everything works fine again. We are running Windows Server
2003 on our DCs if that matters.
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'dc1.example.org';
$Self->{'AuthModule::LDAP::BaseDN'} = 'OU=users,dc=example,dc=org';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=LDAP\\, Linux,OU=Service
Accounts,DC=example,DC=org';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'password';
$Self->{'AuthModule::LDAP::GroupDN'} =
'CN=otrs,OU=users,DC=example,DC=org';
$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
$Self->{UserSyncLDAPMap} = {
#DB -> LDAP
Firstname => 'givenName',
Lastname => 'sn',
Email => 'mail',
};
Also while I'm asking can I put multiple DCs in under host for failover? IE
can I do something like:
$Self->{'AuthModule::LDAP::Host'} = 'dc1.example.org;dc2.example.org';
and will OTRS use dc2 if dc1 is down?
Thanks,
Jason R. Benedick
Workstation Technician
Thaddeus Stevens College of Technology
_______________________________________________
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support or consulting for your OTRS system?
=> http://www.otrs.com/
