Hi Jeff,
Could you send what otrs gives you as error message?
Because it works without the LDAPSync, I would suppose that one of the
fields you are trying to sync does not exist.
But I don't see how the mapping is done into the DB.
Hope this helps,
C.
On Tue, Jun 10, 2008 at 1:01 AM, Jeff Davis <[EMAIL PROTECTED]>
wrote:
> Tried it w/values from Defaults.pm - same error. All ldap attributes
> exist, user is member of group. It works as long as I do not want to sync
> user to DB. Same issue happens with customer accounts. If past experience
> is any indicator, I must be missing something.
>
> Here's my Config.pm, with just the agent settings.
>
> ################################ LDAP #######################
>
> ########################## AGENTS ########################
>
> # This is an example configuration for an LDAP auth. backend.
> # (take care that Net::LDAP is installed!)
> $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
> $Self->{'AuthModule::LDAP::Host'} = 'ldap.standard.k12.ca.us';
> $Self->{'AuthModule::LDAP::BaseDN'} =
> 'ou=users,dc=standard,dc=k12,dc=ca,dc=us';
> $Self->{'AuthModule::LDAP::UID'} = 'uid';
>
> # Check if the user is allowed to auth in a posixGroup
> # (e. g. user needs to be in a group xyz to use otrs)
> $Self->{'AuthModule::LDAP::GroupDN'} =
> 'cn=techsupport,ou=Groups,dc=standard,dc=k12,dc=ca,dc=us';
> $Self->{'AuthModule::LDAP::AccessAttr'} = 'memberUid';
> # for ldap posixGroups objectclass (just uid)
> $Self->{'AuthModule::LDAP::UserAttr'} = 'UID';
> # for non ldap posixGroups objectclass (with full user dn)
> # $Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
>
> # The following is valid but would only be necessary if the
> # anonymous user do NOT have permission to read from the LDAP tree
> $Self->{'AuthModule::LDAP::SearchUserDN'} =
> 'cn=admin,ou=dsa,dc=standard,dc=k12,dc=ca,dc=us';
> $Self->{'AuthModule::LDAP::SearchUserPw'} = 'xxxxxxxx';
>
> # in case you want to add always one filter to each ldap query, use
> # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter =>
> '(objectclass=user)'
> $Self->{'AuthModule::LDAP::AlwaysFilter'} = '';
>
> # in case you want to add a suffix to each login name, then
> # you can use this option. e. g. user just want to use user but
> # in your ldap directory exists [EMAIL PROTECTED]
> # $Self->{'AuthModule::LDAP::UserSuffix'} = '@domain.com';
>
> # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
> $Self->{'AuthModule::LDAP::Params'} = {
> port => 389,
> timeout => 120,
> async => 0,
> version => 3,
> };
>
> # Die if backend can't work, e. g. can't connect to server.
> $Self->{'AuthModule::LDAP::Die'} = 1;
>
> # UserSyncLDAPMap
> # (map if agent should create/synced from LDAP to DB after login)
> $Self->{UserSyncLDAPMap} = {
> # DB -> LDAP
> UserFirstname => 'givenName',
> UserLastname => 'sn',
> UserEmail => 'mail',
> };
> # UserSyncLDAPGroups
> # (If "LDAP" was selected for AuthModule, you can specify initial
> # user groups for first login.)
> $Self->{UserSyncLDAPGroups} = [
> 'users',
> ];
>
> # ---------------------------------------------------- #
> # ---------------------------------------------------- #
> # #
> # End of your own config options!!! #
> # #
> # ---------------------------------------------------- #
> # ---------------------------------------------------- #
>
> }
>
>
> Christophe Flaviani wrote:
>
>> Hi all,
>>
>> The configuration from Ed is only for the Customer authentication (= users
>> submitting questions to otrs)
>> As Nils correctly stated, there are 2 types of "users":
>> - users --> otrs agents, service desk agents
>> - customers --> users submitting incidents.
>>
>> In the LDAP configuration, there are 2 sections:
>> - $Self->{'AuthModule'} + suffixes: configures the user authentication
>> - $Self->{'Customer::AuthModule'} + suffixes: configures the customer
>> authentication
>>
>> And bear in mind that the UID parameter references the user which will be
>> used to logon to otrs.
>>
>> For the rest, the documentation (pdf version 2.2)is not 100% correct and
>> clear....
>> I used the .../Kernel/Config/Default.pm file to look up the correct
>> parameters. (well explained).
>>
>> What you configure in .../Kernel/Config.pm will overwrite the
>> default/standard settings in ../Kernel/Config/Default.pm
>>
>> Happy doc browsing .. :)
>>
>> C.
>>
>> On Sun, Jun 8, 2008 at 10:09 PM, Nils Breunese (Lemonbit) <
>> [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> wrote:
>>
>> Ed Greenberg wrote:
>>
>> It wasn't easy for me either. A few things I learned (as a
>> newbie):
>>
>> There are both users and customers. You need to enable LDAP
>> lookups for each one separately.
>>
>>
>> It's more accurate to say there are two kinds of users: agents and
>> customers.
>>
>> Nils.
>>
>> _______________________________________________
>> OTRS mailing list: otrs - Webpage: http://otrs.org/
>> Archive: http://lists.otrs.org/pipermail/otrs
>> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
>> Support or consulting for your OTRS system?
>> => http://www.otrs.com/
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> OTRS mailing list: otrs - Webpage: http://otrs.org/
>> Archive: http://lists.otrs.org/pipermail/otrs
>> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
>> Support or consulting for your OTRS system?
>> => http://www.otrs.com/
>>
>
> _______________________________________________
> OTRS mailing list: otrs - Webpage: http://otrs.org/
> Archive: http://lists.otrs.org/pipermail/otrs
> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
> Support or consulting for your OTRS system?
> => http://www.otrs.com/
>
_______________________________________________
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support or consulting for your OTRS system?
=> http://www.otrs.com/
