Hello folks,
well, it still doesn't work for me although I wrote the whole ldap stuff
from Default.pm from scratch.
Which options do you have configured in Config.pm for ldap?
Here is what I got:
Customer-Backend:
# CustomerUser
# (customer user database backend and settings)
# frisch aus der Defaults.pm kopiert und angepasst
$Self->{CustomerUser} = {
Name => 'Database Backend',
Module => 'Kernel::System::CustomerUser::DB',
Params => {
# if you want to use an external database, add the
# required settings
# DSN => 'DBI:odbc:yourdsn',
# DSN => 'DBI:mysql:database=customerdb;host=customerdbhost',
# User => '',
# Password => '',
Table => 'customer_user',
},
# customer uniq id
CustomerKey => 'login',
# customer #
CustomerID => 'customer_id',
CustomerValid => 'valid_id',
CustomerUserListFields => [ 'first_name', 'last_name', 'email' ],
# CustomerUserListFields => ['login', 'first_name', 'last_name',
'customer_id', 'email'],
CustomerUserSearchFields => [ 'login', 'first_name',
'last_name', 'customer_id' , 'firma' ],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['email'],
CustomerUserNameFields => [ 'salutation', 'first_name',
'last_name' ],
CustomerUserEmailUniqCheck => 1,
# # show now own tickets in customer panel, CompanyTickets
# CustomerUserExcludePrimaryCustomerID => 0,
# # generate auto logins
# AutoLoginCreation => 0,
# # generate auto login prefix
# AutoLoginCreationPrefix => 'auto',
# # admin can change customer preferences
# AdminSetPreferences => 1,
# # use customer company support (reference to company, See
CustomerCompany settings)
# CustomerCompanySupport => 1,
# # cache time to life in sec. - cache any database queris
# CacheTTL => 0,
# # just a read only source
# ReadOnly => 1,
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown (1=always,2=lite), required,
storage-type, http-link, readonly, http-link-target
[ 'UserSalutation', 'Salutation', 'salutation', 1, 0, 'var',
'', 0 ],
[ 'UserFirstname', 'Firstname', 'first_name', 1, 1, 'var',
'', 0 ],
[ 'UserLastname', 'Lastname', 'last_name', 1, 1, 'var',
'', 0 ],
# our new option
[ 'UserPhone', 'Phone', 'phone',
1, 0, 'var', '', 0 ],
[ 'UserPhoneTwo', 'Phone 2', 'phonetwo', 1, 0,
'var', '', 0 ],
[ 'UserMobile', 'Mobil', 'mobil',
1, 0, 'var', '', 0 ],
[ 'UserFax', 'Fax', 'fax',
1, 0, 'var', '', 0 ],
[ 'UserAddress', 'Address', 'address', 1, 0,
'var', '', 0 ],
[ 'UserPLZ', 'PLZ', 'plz',
1, 0, 'var', '', 0 ],
[ 'UserOrt', 'Ort', 'ort',
1, 0, 'var', '', 0 ],
[ 'UserFirma', 'Firma', 'firma',
1, 0, 'var', '', 0 ],
[ 'UserLogin', 'Username', 'login', 1, 1, 'var',
'', 0 ],
[ 'UserPassword', 'Password', 'pw', 0, 0, 'var',
'', 0 ],
[ 'UserEmail', 'Email', 'email', 1, 1, 'var',
'', 0 ],
# [ 'UserEmail', 'Email', 'email', 1, 1,
'var',
'$Env{"CGIHandle"}?Action=AgentTicketCompose&ResponseID=1&TicketID=$Data{"TicketID"}&ArticleID=$Data{"ArticleID"}',
0 ],
[ 'UserCustomerID', 'CustomerID', 'customer_id', 0, 1,
'var', '', 0 ],
# [ 'UserCustomerIDs', 'CustomerIDs', 'customer_ids', 1, 0,
'var', '', 0 ],
[ 'UserComment', 'Comment', 'comments', 1, 0, 'var', '', 0 ],
[ 'ValidID', 'Valid', 'valid_id', 0, 1, 'int', '', 0 ],
],
# default selections
Selections => {
# UserSalutation => {
# 'Mr.' => 'Mr.',
# 'Mrs.' => 'Mrs.',
# },
},
};
# CustomerUser
# (customer user ldap backend and settings)
$Self->{CustomerUser1} = {
Name => 'LDAP Backend',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
# ldap host
Host => 'contra.tekomedia.local',
# ldap base dn
BaseDN => 'ou=someou,dc=domain,dc=tld',
# search scope (one|sub)
SSCOPE => 'sub',
# The following is valid but would only be necessary if the
# anonymous user does NOT have permission to read from the
LDAP tree
UserDN => 'cn=somecn,cn=Users,dc=domain,dc=tld',
UserPw => 'somepass',
# in case you want to add always one filter to each ldap
query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or
AlwaysFilter => '(objectclass=user)'
AlwaysFilter => '(mail=*)',
# if your frontend is e. g. iso-8859-1 and the charset of your
# ldap server is utf-8, use this options (if not, ignore it)
# SourceCharset => 'utf-8',
# DestCharset => 'iso-8859-1',
# die if backend can't work, e. g. can't connect to server
Die => 1,
# Net::LDAP new params (if needed - for more info see
perldoc Net::LDAP)
Params => {
port => 389,
timeout => 120,
async => 0,
version => 3,
},
},
# customer uniq id
CustomerKey => 'sAMAccountName',
# customer #
CustomerID => 'otherPager',
CustomerUserListFields => ['cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail',
'sn', 'givenName', 'company', 'otherPager', 'othermailbox'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
# show now own tickets in customer panel, CompanyTickets
CustomerUserExcludePrimaryCustomerID => 0,
# add a ldap filter for valid users (expert setting)
# CustomerUserValidFilter => '(!(description=gesperrt))',
CustomerUserValidFilter =>
'(!(userAccountControl:1.2.840.113556.1.4.803:=2))',
# admin can't change customer preferences
AdminSetPreferences => 0,
# cache time to life in sec. - cache any ldap queris
CacheTTL => 0,
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown (1=always,2=lite), required,
storage-type, http-link, readonly
[ 'UserSalutation', 'Title', 'title',
1,
0, 'var', '', 0 ],
[ 'UserFirstname', 'Firstname', 'givenname',
1,
1, 'var', '', 0 ],
[ 'UserLastname', 'Lastname', 'sn',
1,
1, 'var', '', 0 ],
[ 'UserLogin', 'Username', 'sAMAccountName',
1,
1, 'var', '', 0 ],
[ 'UserEmail', 'Email', 'mail',
1,
1, 'var', '', 0 ],
[ 'UserEmail2', 'Email 2', 'othermailbox',
1,
0, 'var', '', 1 ],
[ 'UserCustomerID', 'CustomerID', 'otherPager',
0, 1,
'var', '', 0 ],
# [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids',
1, 0, 'var', '', 0 ],
[ 'UserPhone', 'Phone', 'telephonenumber',
1,
0, 'var', '', 0 ],
[ 'UserPhoneTwo', 'Phone 2', 'homephone',
1, 0,
'var', '', 0 ],
[ 'UserMobile', 'Mobil', 'mobile',
1, 0, 'var', '',
0 ],
[ 'UserFax', 'Fax',
'facsimileTelephoneNumber', 1, 0,
'var', '', 0 ],
[ 'UserAddress', 'Address', 'streetAddress',
1, 0,
'var', '', 0 ],
[ 'UserPLZ', 'PLZ', 'postalCode',
1, 0, 'var',
'', 0 ],
[ 'UserOrt', 'Ort', 'l',
1, 0, 'var', '', 0 ],
[ 'UserFirma', 'Firma', 'company',
1, 0, 'var',
'', 0 ],
[ 'UserComment', 'Comment', 'description',
1, 0,
'var', '', 0 ],
],
};
-------------------------------------------------------------------------------------
And for customer authentication:
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::Multiple';
$Self->{'Customer::AuthModule::Multiple::Modules'}='Kernel::System::CustomerAuth::DB
Kernel::System::CustomerAuth::LDAP';
# This is an example configuration for an LDAP auth. backend.
# (take care that Net::LDAP is installed!)
# $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'contra.tekomedia.local';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} =
'ou=castroper,dc=tekomedia,dc=local';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group xyz to use otrs)
# $Self->{'Customer::AuthModule::LDAP::GroupDN'} =
'cn=Benutzer,cn=Builtin,dc=domain,dc=tld';
# $Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
# for ldap posixGroups objectclass (just uid)
# $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID';
# for non ldap posixGroups objectclass (full user dn)
# $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN';
# The following is valid but would only be necessary if the
# anonymous user do NOT have permission to read from the LDAP tree
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} =
'cn=somecn,cn=Users,dc=domain,dc=tld';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'somepass';
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter =>
'(objectclass=user)'
$Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} =
'(objectclass=user)';
# in case you want to add a suffix to each customer login name, then
# you can use this option. e. g. user just want to use user but
# in your ldap directory exists [EMAIL PROTECTED]
# $Self->{'Customer::AuthModule::LDAP::UserSuffix'} = '@domain.com';
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'Customer::AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
# Die if backend can't work, e. g. can't connect to server.
$Self->{'Customer::AuthModule::LDAP::Die'} = 1;
# --------------------------------------------------------- #
# Versuch, ein weiteres Kundenauthentifizierungssystem via #
# normaler Datenbank einzurichten #
# --------------------------------------------------------- #
# This is the auth. module againt the otrs db
# $Self->{'Customer::AuthModule1'} = 'Kernel::System::CustomerAuth::DB';
$Self->{'Customer::AuthModule::DB::Table'} = 'customer_user';
$Self->{'Customer::AuthModule::DB::CustomerKey'} = 'login';
$Self->{'Customer::AuthModule::DB::CustomerPassword'} = 'pw';
As already mentioned, all cratched form Defaults.pm, still don't know
where to start.
Ah - the corresponding Multople.pm is attached and stored in
$OTRS_HOME/Kernel/System/CustomerAuth, but even when I try to
authenticate in an usual way through ldap OR DB, I still get the same error.
As already mentioned, I don't think that it got sth. to do with
authentication, as the SystemLog say that the user has authenticated
successfully and as I switched on the display of logged in users, I also
get the messageon the Agent-Frontend, that the corresponding user is online.
Any ideas?
Thanks in advance
Markus Nagel
Serge schrieb:
> Hello,
>
> CARNINO Daniele (FIAT SERVICES) a écrit :
>> Check out the new Defaults.pm of 2.3.x: you can notice that LDAP
>> configuration has slightly changed.
>> I had my LDAP backed broken too after upgrade, so I rewrote from
>> scratch Config.pm using 2.3.2 Defaults.pm as base.
>> Now everything work flawlessly at my site.
>
>
>
> On my test machine, I rewrote Config.pm as you said (ldap part) and
> everything work now !!!
>
> Thank you very much !
>
# --
# Kernel/System/CustomerAuth/Multiple.pm - provides multiple
# authentification module support
# Copyright (C) 2006 Ralf Becker <[EMAIL PROTECTED]>
# --
# $Id$
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (GPL). If you
# did not receive this file, see http://www.gnu.org/licenses/gpl.txt.
# --
# Usage:
# $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::Multiple';
#
$Self->{'Customer::AuthModule::Multiple::Modules'}='Kernel::System::CustomerAuth::DB
Kernel::System::CustomerAuth::LDAP';
# and configure
# Customer::AuthModule::LDAP::*
# Customer::AuthModule::DB::*
# as needed
# --
package Kernel::System::CustomerAuth::Multiple;
use strict;
use vars qw($VERSION);
$VERSION = '$Revision: 1.0 $';
$VERSION =~ s/^\$.*:\W(.*)\W.+?$/$1/;
# --
sub new {
my $Type = shift;
my %Param = @_;
# allocate new hash for object
my $Self = {};
bless ($Self, $Type);
# check needed objects
foreach (qw(LogObject ConfigObject DBObject)) {
$Self->{$_} = $Param{$_} || die "No $_!";
}
# Debug 0=off 1=on
$Self->{Debug} = 1;
# get preferences
$Self->{Modules} =
$Self->{ConfigObject}->Get('Customer::AuthModule::Multiple::Modules')
|| 'Kernel::System::CustomerAuth::DB';
foreach my $GeneratorModule (split /\s+/,$Self->{Modules}) {
eval "require $GeneratorModule";
push @{$Self->{Backends}}, $GeneratorModule->new(%Param);
}
return $Self;
}
# --
sub GetOption {
my $Self = shift;
my %Param = @_;
foreach my $GeneratorModule (@{$Self->{Backends}}) {
my $result = $GeneratorModule->GetOption(%Param);
return $result if $result;
}
}
# --
sub Auth {
my $Self = shift;
my %Param = @_;
# get params
foreach my $GeneratorModule (@{$Self->{Backends}}) {
my $user = $GeneratorModule->Auth(%Param);
return $user if $user;
}
}
# --
1;
_______________________________________________
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
