Justin, I just dealt with this headache myself. Did you have it working and then it quit or is it a simple question of agent authentication? -- Julian Cook Securities and Exchange Commission Operations Center DMZ Ops
On 8/25/09 3:49 PM, "Justin Holt" <[email protected]> wrote: > Is there even a way for the Agent to authenticate over LDAP anymore? It looks > like it has been taken out. I've been going through SysConfig and can't find > anything on it. Anything I also try to throw at it by manually editing > Config.pm leaves the system broken. I've also uninstalled and reinstalled a > few times now. > > Justin > > On Tue, Aug 25, 2009 at 12:18 PM, <[email protected]> wrote: >> Hi, >> >> same problem here, but only with one of 200: >> I have tested it, with case-sensitive typed >> username, it works - but no problem with >> case-sensitive for all the others... >> >> Günther >> >> >> -------- Original-Nachricht -------- >>> > Datum: Tue, 25 Aug 2009 12:12:17 -0400 >>> > Von: Justin Holt <[email protected]> >>> > An: [email protected] >>> > Betreff: [otrs] Active Directory and 2.4.3 issues >> >>> > I finally went to make the jump to 2.4.3 from 2.3.4 and am having a bit of >>> > an issue. Customers still authenticate against our Active Directory >>> > Server >>> > just fine, but when an agent tries to authenticate, it all blows up. >>> > >>> > "Panic, user authenticated but no user data can be found in OTRS DB!! >>> > Perhaps the user is invalid." >>> > >>> > Here is the whole LDAP configuration part from my config.pm >>> <http://config.pm> that I just >>> > copied and pasted out of the config.pm <http://config.pm> for 2.3.4. I >>> have seen that there >>> > are others with this same issue but there have been no responses. This is >>> > all running on a windows 2003 server with a regurlar install of OTRS. Any >>> > Ideas? >>> > #-----------------------Customer >>> > Data------------------------------------------------ >>> > >>> > >>> > #Enable LDAP authentication for Customers / Users >>> > $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; >>> > $Self->{'Customer::AuthModule::LDAP::Host'} = 'vdp-dc-003'; >>> > $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=ci, dc=vernon, >>> > dc=ct, >>> > dc=us'; >>> > $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName'; >>> > >>> > #The following is valid but would only be necessary if the >>> > #anonymous user do NOT have permission to read from the LDAP tree >>> > $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrs_ldap'; >>> > $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = '1qaz2wsx'; >>> > >>> > #CustomerUser >>> > #(customer user database backend and settings) >>> > $Self->{CustomerUser} = { >>> > Module => 'Kernel::System::CustomerUser::LDAP', >>> > Params => { >>> > Host => 'vdp-dc-003', >>> > BaseDN => 'dc=ci, dc=vernon, dc=ct, dc=us', >>> > SSCOPE => 'sub', >>> > UserDN =>'otrs_ldap', >>> > UserPw => '1qaz2wsx', >>> > }, >>> > # customer unique id >>> > CustomerKey => 'sAMAccountName', >>> > # customer # >>> > CustomerID => 'mail', >>> > CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'], >>> > CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'], >>> > CustomerUserSearchPrefix => '', >>> > CustomerUserSearchSuffix => '*', >>> > CustomerUserSearchListLimit => 250, >>> > CustomerUserPostMasterSearchFields => ['mail'], >>> > CustomerUserNameFields => ['givenname', 'sn'], >>> > Map => [ >>> > # note: Login, Email and CustomerID needed! >>> > # var, frontend, storage, shown, required, storage-type >>> > #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ], >>> > [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ], >>> > [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ], >>> > [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ], >>> > [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ], >>> > [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ], >>> > [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ], >>> > #[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ], >>> > #[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ], >>> > ], >>> > }; >>> > # -------------------------End Customer data----------------------------- >>> > >>> > >>> > #------------------------------Agent Data--------------------------------- >>> > >>> > #Enable LDAP authentication for Customers / Users >>> > $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP'; >>> > $Self->{'AuthModule::LDAP::Host'} = 'vdp-dc-003'; >>> > $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=ci, dc=vernon, dc=ct, dc=us'; >>> > $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName'; >>> > >>> > #The following is valid but would only be necessary if the >>> > #anonymous user do NOT have permission to read from the LDAP tree >>> > $Self->{'AuthModule::LDAP::SearchUserDN'} = 'otrs_ldap'; >>> > $Self->{'AuthModule::LDAP::SearchUserPw'} = '1qaz2wsx'; >>> > >>> > # UserSyncLDAPMap >>> > # (map if agent should create/synced from LDAP to DB after login) >>> > $Self->{UserSyncLDAPMap} = { >>> > # DB -> LDAP >>> > UserFirstname => 'givenName', >>> > UserLastname => 'sn', >>> > UserEmail => 'mail', >>> > }; >>> > >>> > # UserSyncLDAPGroups >>> > # (If "LDAP" was selected="selected" for AuthModule, you can specify >>> > # initial user groups for first login.) >>> > $Self->{UserSyncLDAPGroups} = [ >>> > 'users', >>> > ]; >>> > >>> > # UserTable >>> > $Self->{DatabaseUserTable} = 'users'; >>> > $Self->{DatabaseUserTableUserID} = 'id'; >>> > $Self->{DatabaseUserTableUserPW} = 'pw'; >>> > $Self->{DatabaseUserTableUser} = 'login'; >>> > >>> > #Add the following lines when only users are allowed to login if they >>> > reside >>> > in the spicified security group >>> > #Remove these lines if you want to provide login to all users specified in >>> > the User Base DN >>> > $Self->{'AuthModule::LDAP::GroupDN'} >>> > ='CN=otrs_ldap_allow_A,CN=Builtin,DC=ci,DC=vernon,DC=ct,DC=us'; >>> > $Self->{'AuthModule::LDAP::AccessAttr'} = 'member'; >>> > $Self->{'AuthModule::LDAP::UserAttr'} = 'DN'; >>> > >>> > #---------------------------End Agent Data-------------------------------- >> >> -- >> GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT! >> Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01 >> --------------------------------------------------------------------- >> OTRS mailing list: otrs - Webpage: http://otrs.org/ >> Archive: http://lists.otrs.org/pipermail/otrs >> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs >> >> NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! >> http://www.otrs.com/en/support/enterprise-subscription/ > > > > --------------------------------------------------------------------- > OTRS mailing list: otrs - Webpage: http://otrs.org/ > Archive: http://lists.otrs.org/pipermail/otrs > To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs > > NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! > http://www.otrs.com/en/support/enterprise-subscription/
--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
