Rory wrote:
I had some confusion with this recently too.
As I understand it, you can have either DB or LDAP authentication for
agents, not both.
Oh lovely. I guess that explains why I cannot login even as the
root/localhost user.
The way OTRS authenticates is by checking the user against its own
database. Once the user exists in its database it will authenticate
the user against the LDAP directory.
So, otrs is only using ldap to check the passwords? Is the
access/ownership info (i.e. who belongs to which group and can do what
kind of harm) stored in the local DB then? I guess it has to since the
documentation states otrs only does read only access to ldap.
In order for the local DB to have the same user details in the otrs DB
as in the LDAP directory. To do this you need to configure OTRS to
sync its data from the LDAP directory. The data is sync'd the first
time the user logs in. Have a look through the following doc for the
sync config settings;
http://doc.otrs.org/2.4/en/html/x1890.html
After reading it, I began to wonder if it meant that once it gathers
the data it will use the local DB entirely instead of ldap. If that is
the case, wouldn't it mean that it should be able to lookup user info on
both local db and ldap at the same time?
The "first bind failed" TLS error you are getting means that your LDAP
server needs to have a TLS secured connection.
Make sure you have the correct Perl package for TLS installed on your
system. You may or may not need to do somthing like this;
$Self->{'AuthModule::LDAP::Host'} = 'ldaps://ldap-pserver.internal.domain.com';
I hope that helps,
Rory
Support my 365 Challenge in aid of the Irish Cancer Society
www.365challenge.ie
2009/8/5 Mauricio Tavares <[email protected]>:
I am trying to have otrs to have some of my agents defined in ldap.
So, I set /etc/otrs/Kernel/Config.pm as follows:
# Authenticate agents against LDAP backend
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'ldap-pserver.internal.domain.com';
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=domain,dc=com';
$Self->{'AuthModule::LDAP::UID'} = 'uid';
$Self->{'AuthModule::LDAP::GroupDN'} =
'cn=users,ou=Groups,dc=domain,dc=com';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'memberUid';
$Self->{'AuthModule::LDAP::UserAttr'} = 'UID';
$Self->{'AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
verify => 'require',
cafile => '/etc/ssl/certs/root.pem',
# async => 0,
version => 3,
};
When I try to login, either as a previously defined (in its database, and
that includes root) otrs user or as one of the ldap users, it seems to be
looking for them in ldap:
ERROR: OTRS-CGI-10 Perl: 5.10.0 OS: linux Time: Wed Aug 5 12:09:54 2009
Message: First bind failed! TLS confidentiality required
Traceback (32329):
Module: Kernel::System::Auth::LDAP::Auth (v1.46) Line: 191
Module: Kernel::System::Auth::Auth (v1.29) Line: 121
Module: Kernel::System::Web::InterfaceAgent::Run (v1.34) Line: 192
Module: /usr/share/otrs/bin/cgi-bin/index.pl (v1.87) Line: 47
What should I tell otrs to look for users in its own database there and then
for ldap users, well, in ldap? And, what would this "TLS confidentiality
required" error be trying to tell me?
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/
