Sorry Jeff,
Can't see what's wrong with your install.
Possible clues could be the version of the Net::LDAP package you installed
or the version of otrs.
My implementation works fine (with the userLDAPSync), but with an AD
backend.
I had to replace the UID (which is not present in AD) by the DN. Maybe this
would solve the problem.
Good luck,
C.
On Thu, Jun 12, 2008 at 7:46 PM, Jeff Davis <[EMAIL PROTECTED]>
wrote:
>
>> Hi Jeff,
>> If you do an ldapsearch, does the attribute givenName exists?
>> C.
>>
>
> Yes.
>
> (BTW thanks for responding - I appreciate your willingness to give me a
> hand on this - I'm about at the end of my rope in identifying my
> configuration error).
>
> If you have additional ideas for testing/debugging this I would very much
> like to hear them...
>
> Fields asked for in Config.pm are present using
> AuthModule::LDAP::SearchUserDN account, so I don't think ACLs are the issue.
> Even tried with root dn account to be sure. If I had to guess I'd say it's
> unable to pull something from LDAP. Just don't know why as ldapsearch has
> no issues with it.
>
> Here's an LDIF:
>
> dn: uid=tstaff,ou=Users,dc=example,dc=com
> uidNumber: 2306
> *givenName: Test*
> ssdSiteName: ESC
> uid: tstaff
> cn: Test Staff
> homeDirectory: /u/tstaff
> *sn: Staff*
> ssdRole: Test Staff User
> departmentNumber: Test Staff User
> *mail: [EMAIL PROTECTED]
> mailLocalAddress: [EMAIL PROTECTED]
> mailRoutingAddress: [EMAIL PROTECTED]
> objectClass: top
> objectClass: person
> objectClass: posixAccount
> objectClass: inetLocalMailRecipient
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> objectClass: shadowAccount
> objectClass: standardSchoolDistrict
> objectClass: sambaSamAccount
> gidNumber: 2000
> gecos: Test Staff Account
> description: Test Staff Account
> displayName: Test Staff Account
> loginShell: /bin/bash
>
> Christophe Flaviani wrote:
>
>>
>>
>>
>> On Wed, Jun 11, 2008 at 7:32 PM, Jeff Davis <[EMAIL PROTECTED] <mailto:
>> [EMAIL PROTECTED]>> wrote:
>>
>> Well, I've gotten openldap auth to work but cannot get the
>> UserSyncLDAPMap to work. I've copied the code from Defaults.pm
>> and configured for our ldap config. Have been working on this on
>> and off for 3 days, and still no luck. The code in LDAP.pm that
>> fails appears to be trying to pull attribute values from the
>> directory, but adding code to put more detail into the log has not
>> been illuminating. Posts ive found in the archive seemto speak
>> primarily to AD issues, which in some ways makes me think that
>> OpenLDAP or a more standards-based LDAP implementation should be
>> more straightforward. "Obviously I'm mistaken". I would sure
>> like to get this figured out so we can move forward. Otherwise I
>> will probably have to look at a different system.
>>
>> This is the value that throws the error:
>>
>>
>> Net::LDAP::Entry=HASH(0xace6e04)->get_value(Kernel::Config=HASH(0x9af735c)->Get('UserSyncLDAPMap'.)->{UserFirstname})
>>
>> The following code block in LDAP.pm is where the problem occurs
>> (line 348 is bolded):
>>
>> foreach my $Entry ($Result->all_entries) {
>> $UserDN = $Entry->dn();
>> foreach my $Key (keys
>> %{$Self->{ConfigObject}->Get('UserSyncLDAPMap'.$Self->{Count})}) {
>> # detect old config setting
>> if ($Key =~ /^(Firstname|Lastname|Email)/) {
>> $Key = "User".$Key;
>> $Self->{LogObject}->Log(
>> Priority => 'error',
>> Message => "Old config setting detected, please use
>> the new one from Kernel/Config/Defaults.pm (User* has been added!).",
>> );
>> }
>> * $SyncUser{$Key} =
>>
>>
>> $Entry->get_value($Self->{ConfigObject}->Get('UserSyncLDAPMap'.$Self->{Count})->{$Key});*
>> # e. g. set utf-8 flag
>> $SyncUser{$Key} = $Self->_ConvertFrom($SyncUser{$Key},
>> $Self->{ConfigObject}->Get('DefaultCharset'));
>> }
>> if ($Entry->get_value('userPassword')) {
>> $SyncUser{Pw} = $Entry->get_value('userPassword');
>> # e. g. set utf-8 flag
>> $SyncUser{Pw} = $Self->_ConvertFrom($SyncUser{Pw},
>> $Self->{ConfigObject}->Get('DefaultCharset'));
>> }
>> }
>>
>>
>> When logging in it throws the following error:
>>
>> Software error:
>>
>> Can't locate object method "get_value" via package
>> "Net::LDAP::Entry" at ../..//Kernel/System/Auth/LDAP.pm line 348,
>> <PRODUCT> line 4.
>>
>> For help, please send mail to the webmaster ([EMAIL PROTECTED]
>> <mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>), giving this
>> error message and the time and date of the error.
>>
>> Here's the agent portion of my config.pm <http://config.pm/>.
>>
>> # This is an example configuration for an LDAP auth. backend.
>> # (take care that Net::LDAP is installed!)
>> $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
>> $Self->{'AuthModule::LDAP::Host'} = 'ldap.example.com
>> <http://ldap.example.com/>';
>> $Self->{'AuthModule::LDAP::BaseDN'} = 'ou=users,dc=example,dc=com';
>> $Self->{'AuthModule::LDAP::UID'} = 'uid';
>>
>> # Check if the user is allowed to auth in a posixGroup
>> # (e. g. user needs to be in a group xyz to use otrs)
>> $Self->{'AuthModule::LDAP::GroupDN'} =
>> 'cn=techsupport,ou=Groups,dc=example,dc=com';
>> $Self->{'AuthModule::LDAP::AccessAttr'} = 'memberUid';
>> # for ldap posixGroups objectclass (just uid)
>> $Self->{'AuthModule::LDAP::UserAttr'} = 'UID';
>> # for non ldap posixGroups objectclass (with full user dn)
>> #$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
>>
>> # The following is valid but would only be necessary if the
>> # anonymous user do NOT have permission to read from the LDAP tree
>> $Self->{'AuthModule::LDAP::SearchUserDN'} =
>> 'cn=xxxxxxxxx,ou=xxx,dc=example,dc=com';
>> $Self->{'AuthModule::LDAP::SearchUserPw'} = 'xxxxxxxx';
>>
>> # in case you want to add always one filter to each ldap query, use
>> # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter =>
>> '(objectclass=user)'
>> $Self->{'AuthModule::LDAP::AlwaysFilter'} = '';
>>
>> # in case you want to add a suffix to each login name, then
>> # you can use this option. e. g. user just want to use user but
>> # in your ldap directory exists [EMAIL PROTECTED]
>> #$Self->{'AuthModule::LDAP::UserSuffix'} = '@domain.com
>> <http://domain.com/>';
>>
>>
>> # Net::LDAP new params (if needed - for more info see perldoc
>> Net::LDAP)
>> $Self->{'AuthModule::LDAP::Params'} = {
>> port => 389,
>> timeout => 120,
>> async => 0,
>> version => 3,
>> };
>>
>> # Die if backend can't work, e. g. can't connect to server.
>> $Self->{'AuthModule::LDAP::Die'} = 1;
>>
>> # UserSyncLDAPMap
>> # (map if agent should create/synced from LDAP to DB after login)
>> $Self->{UserSyncLDAPMap} = {
>> ## DB -> LDAP
>> UserFirstname => 'givenName',
>> UserLastname => 'sn',
>> UserEmail => 'mail',
>> };
>> # UserSyncLDAPGroups
>> # (If "LDAP" was selected for AuthModule, you can specify initial
>> # user groups for first login.)
>> $Self->{UserSyncLDAPGroups} = [
>> 'users',
>> ];
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> OTRS mailing list: otrs - Webpage: http://otrs.org/
>> Archive: http://lists.otrs.org/pipermail/otrs
>> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
>> Support or consulting for your OTRS system?
>> => http://www.otrs.com/
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> OTRS mailing list: otrs - Webpage: http://otrs.org/
>> Archive: http://lists.otrs.org/pipermail/otrs
>> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
>> Support or consulting for your OTRS system?
>> => http://www.otrs.com/
>>
>
> _______________________________________________
> OTRS mailing list: otrs - Webpage: http://otrs.org/
> Archive: http://lists.otrs.org/pipermail/otrs
> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
> Support or consulting for your OTRS system?
> => http://www.otrs.com/
>
_______________________________________________
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support or consulting for your OTRS system?
=> http://www.otrs.com/
