Finally got it working...
I changed every entry of:
'cn=OTRS Admin,ou=Tuscaloosa - Sheet Mill,dc=tsteel,dc=com';
to:
'tsteel\OTRS'
and, to pull user data to the local DB, I added:
# UserSyncLDAPMap
# (map if agent should create/synced from LDAP to DB after login)
$Self->{UserSyncLDAPMap} = {
# DB -> LDAP
Firstname => 'givenName',
Lastname => 'sn',
Email => 'mail',
};
# UserSyncLDAPGroups
# (If "LDAP" was selected for AuthModule, you can specify initial
# user groups for first login.)
$Self->{UserSyncLDAPGroups} = [
'users',
];
Perhaps this will help someone else who's trying to set OTRS up with
Microsoft Active Directory.
Thanks,
Robert Aldridge
On 9/21/07, Robert Aldridge <[EMAIL PROTECTED]> wrote:
>
> Hi folks,
>
> First let me say that OTRS appears to be a great product! Kudos to the
> developers!
>
> We are in the process of evaluating our options for a
> helpdesk/trouble-ticket system. I would really like to give OTRS a good
> evaluation, but I'm having some problems. Our chosen solution must be able
> to authenticate users (both agents and customers) via Microsoft Active
> Directory. It appears that this is possible, but I've yet to have any
> success. I'll outline the steps I've taken and solicit any input from the
> community.
>
> OTRS is working fine when authenticating against it's own database.
> Here's what I've done to try to authenticate against AD:
>
> I edited Kernel/Config.pm and added:
>
> <begin additions to Config.pm>
>
> $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
> $Self->{'AuthModule::LDAP::Host'} = 'lincoln.tsteel.com';
> $Self->{'AuthModule::LDAP::BaseDN'} = 'ou=Tuscaloosa - Sheet
> Mill,dc=tsteel,dc=com';
> $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
> $Self->{'AuthModule::LDAP::SearchUserDN'} = 'cn=OTRS
> Admin,ou=Tuscaloosa - Sheet Mill,dc=tsteel,dc=com';
> $Self->{'AuthModule::LDAP::SearchUserPw'} = 'password';
>
> $Self->{'Customer::AuthModule'} =
> 'Kernel::System::CustomerAuth::LDAP';
> $Self->{'Customer::AuthModule::LDAP::Host'} = ' lincoln.tsteel.com';
> $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=Tuscaloosa - Sheet
> Mill,dc=tsteel,dc=com';
> $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
> $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=OTRS
> Admin,ou=Tuscaloosa - Sheet Mill,dc=tsteel,dc=com';
> $Self->{'Customer::AuthModule::LDAP::SearchUserPW'} = 'password';
>
> $Self->{CustomerUser} = {
> Module => 'Kernel::System::CustomerUser::LDAP',
> Params => {
> Host => 'lincoln.tsteel.com',
> BaseDN => 'ou=Tuscaloosa - Sheet Mill,dc=tsteel,dc=com',
> SSCOPE => 'sub',
> UserDN => 'cn=OTRS Admin,ou=Tuscaloosa - Sheet Mill,dc=tsteel,dc=com',
> UserPW => 'password',
> },
> CustomerKey => 'sAMAccountName',
> CustomerID => 'mail',
> CustomerUserListFields => 'sAMAccountName', 'cn', 'mail',
> CustomerUserSearchFields => 'sAMAccountName', 'cn', 'mail',
> CustomerUserPostMasterSearchFields => 'mail',
> CustomerUserNameFields => 'givenname', 'sn',
> Map => [
> [ 'UserFirstName', 'Firstname', 'givenname', 1, 1, 'var' ],
> [ 'UserLastName', 'Lastname', 'sn', 1, 1, 'var' ],
> [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
> [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
> [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
> ],
> };
>
> <end additions to Config.pm>
>
>
> On my AD box, I ran: ldifde -f users.ldf -d "OU=Tuscaloosa - Sheet
> Mill,dc=tsteel,dc=com" -r "<objectClass=user>"
>
> Which returned a listing of all users in the Tuscaloosa - Sheet Mill org
> unit. Within the users.ldf file (output from the above command), there's
> an entry for OTRS Admin:
>
> <begin snippet from users.ldf>
>
> dn: CN=OTRS,OU=Tuscaloosa - Sheet Mill,DC=tsteel,DC=com
> changetype: add
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> cn: OTRS
> sn: Admin
> givenName: OTRS
> distinguishedName: CN=OTRS,OU=Tuscaloosa - Sheet Mill,DC=tsteel,DC=com
> instanceType: 4
> whenCreated: 20070920125829.0Z
> whenChanged: 20070921135825.0Z
> displayName: OTRS
> uSNCreated: 8512826
> uSNChanged: 8549454
> name: OTRS
> objectGUID:: po7FpWyIxEWWQeiUc9XMwA==
> userAccountControl: 66048
> badPwdCount: 0
> codePage: 0
> countryCode: 0
> badPasswordTime: 128347689772801250
> lastLogoff: 0
> lastLogon: 128347693211238750
> pwdLastSet: 128347667099207500
> primaryGroupID: 513
> objectSid:: AQUAAAAAAAUVAAAApR5XA/l+DSsgfDsl4xwAAA==
> accountExpires: 9223372036854775807
> logonCount: 0
> sAMAccountName: OTRS
> sAMAccountType: 805306368
> userPrincipalName: [EMAIL PROTECTED]
> objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=tsteel,DC=com
> dSCorePropagationData: 20070921135825.0Z
> dSCorePropagationData: 20070921135825.0Z
> dSCorePropagationData: 20070921135825.0Z
> dSCorePropagationData: 20070921131751.0Z
> dSCorePropagationData: 16010108151056.0Z
> lastLogonTimestamp: 128347680934676250
>
>
> <end snippet from users.ldf>
>
>
> With this configuration, when I attempt to login as an agent using my
> username (which I know is valid in AD), it errors out with:
>
> Login failed! Your username or password was entered incorrectly.
>
> And, when I revert the Config.pm back (so I can log in) and check the
> system log, I see:
>
> User: raldridge authentication failed, no LDAP entry
> found!BaseDN='ou=Tuscaloosa - Sheet Mill,dc=tsteel,dc=com',
> Filter='(sAMAccountName=raldridge)', (REMOTE_ADDR: 10.1.1.50).
>
> Any help would be greatly appreciated.
>
> Thanks,
>
> Robert Aldridge
>
_______________________________________________
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support or consulting for your OTRS system?
=> http://www.otrs.com/
