I had some confusion with this recently too. As I understand it, you can have either DB or LDAP authentication for agents, not both.
The way OTRS authenticates is by checking the user against its own database. Once the user exists in its database it will authenticate the user against the LDAP directory. In order for the local DB to have the same user details in the otrs DB as in the LDAP directory. To do this you need to configure OTRS to sync its data from the LDAP directory. The data is sync'd the first time the user logs in. Have a look through the following doc for the sync config settings; http://doc.otrs.org/2.4/en/html/x1890.html The "first bind failed" TLS error you are getting means that your LDAP server needs to have a TLS secured connection. Make sure you have the correct Perl package for TLS installed on your system. You may or may not need to do somthing like this; $Self->{'AuthModule::LDAP::Host'} = 'ldaps://ldap-pserver.internal.domain.com'; I hope that helps, Rory Support my 365 Challenge in aid of the Irish Cancer Society www.365challenge.ie 2009/8/5 Mauricio Tavares <[email protected]>: > I am trying to have otrs to have some of my agents defined in ldap. > So, I set /etc/otrs/Kernel/Config.pm as follows: > > # Authenticate agents against LDAP backend > $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP'; > $Self->{'AuthModule::LDAP::Host'} = 'ldap-pserver.internal.domain.com'; > $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=domain,dc=com'; > $Self->{'AuthModule::LDAP::UID'} = 'uid'; > $Self->{'AuthModule::LDAP::GroupDN'} = > 'cn=users,ou=Groups,dc=domain,dc=com'; > $Self->{'AuthModule::LDAP::AccessAttr'} = 'memberUid'; > $Self->{'AuthModule::LDAP::UserAttr'} = 'UID'; > $Self->{'AuthModule::LDAP::Params'} = { > port => 389, > timeout => 120, > verify => 'require', > cafile => '/etc/ssl/certs/root.pem', > # async => 0, > version => 3, > }; > > When I try to login, either as a previously defined (in its database, and > that includes root) otrs user or as one of the ldap users, it seems to be > looking for them in ldap: > > ERROR: OTRS-CGI-10 Perl: 5.10.0 OS: linux Time: Wed Aug 5 12:09:54 2009 > > Message: First bind failed! TLS confidentiality required > > Traceback (32329): > Module: Kernel::System::Auth::LDAP::Auth (v1.46) Line: 191 > Module: Kernel::System::Auth::Auth (v1.29) Line: 121 > Module: Kernel::System::Web::InterfaceAgent::Run (v1.34) Line: 192 > Module: /usr/share/otrs/bin/cgi-bin/index.pl (v1.87) Line: 47 > > > What should I tell otrs to look for users in its own database there and then > for ldap users, well, in ldap? And, what would this "TLS confidentiality > required" error be trying to tell me? > --------------------------------------------------------------------- > OTRS mailing list: otrs - Webpage: http://otrs.org/ > Archive: http://lists.otrs.org/pipermail/otrs > To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs > > NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! > http://www.otrs.com/en/support/enterprise-subscription/ > --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
