I finally went to make the jump to 2.4.3 from 2.3.4 and am having a bit of
an issue. Customers still authenticate against our Active Directory Server
just fine, but when an agent tries to authenticate, it all blows up.
"Panic, user authenticated but no user data can be found in OTRS DB!!
Perhaps the user is invalid."
Here is the whole LDAP configuration part from my config.pm that I just
copied and pasted out of the config.pm for 2.3.4. I have seen that there
are others with this same issue but there have been no responses. This is
all running on a windows 2003 server with a regurlar install of OTRS. Any
Ideas?
#-----------------------Customer
Data------------------------------------------------
#Enable LDAP authentication for Customers / Users
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'vdp-dc-003';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=ci, dc=vernon, dc=ct,
dc=us';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrs_ldap';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = '1qaz2wsx';
#CustomerUser
#(customer user database backend and settings)
$Self->{CustomerUser} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'vdp-dc-003',
BaseDN => 'dc=ci, dc=vernon, dc=ct, dc=us',
SSCOPE => 'sub',
UserDN =>'otrs_ldap',
UserPw => '1qaz2wsx',
},
# customer unique id
CustomerKey => 'sAMAccountName',
# customer #
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
#[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
#[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
#[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
# -------------------------End Customer data-----------------------------
#------------------------------Agent Data---------------------------------
#Enable LDAP authentication for Customers / Users
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'vdp-dc-003';
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=ci, dc=vernon, dc=ct, dc=us';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'otrs_ldap';
$Self->{'AuthModule::LDAP::SearchUserPw'} = '1qaz2wsx';
# UserSyncLDAPMap
# (map if agent should create/synced from LDAP to DB after login)
$Self->{UserSyncLDAPMap} = {
# DB -> LDAP
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
# UserSyncLDAPGroups
# (If "LDAP" was selected="selected" for AuthModule, you can specify
# initial user groups for first login.)
$Self->{UserSyncLDAPGroups} = [
'users',
];
# UserTable
$Self->{DatabaseUserTable} = 'users';
$Self->{DatabaseUserTableUserID} = 'id';
$Self->{DatabaseUserTableUserPW} = 'pw';
$Self->{DatabaseUserTableUser} = 'login';
#Add the following lines when only users are allowed to login if they reside
in the spicified security group
#Remove these lines if you want to provide login to all users specified in
the User Base DN
$Self->{'AuthModule::LDAP::GroupDN'}
='CN=otrs_ldap_allow_A,CN=Builtin,DC=ci,DC=vernon,DC=ct,DC=us';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
#---------------------------End Agent Data--------------------------------
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/
