David, you would be my hero if you did that! Please please please post your current template!
Thanks Much! Justin Holt On Wed, Aug 26, 2009 at 9:13 AM, David Holder <[email protected]>wrote: > Hi Chaps, > > I've managed to get OTRS 2.4.3 working with Microsoft AD. > > I've just had a quick browse of your config and notice that there is no > AuthSyncModule code in there, you need to sync your agent data to OTRS's > database. For example: > > # Now sync data with OTRS DB > $Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP'; > $Self->{'AuthSyncModule::LDAP::Host'} = 'servername.companyname.local'; > $Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=companyname, dc=local'; > $Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName'; > $Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'cn=OTRS > Searcher,ou=OTRS LDAP Searcher,dc=companyname,dc=local'; > $Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'searcherpassword'; > $Self->{'AuthSyncModule::LDAP::UserSyncMap'} = { > # DB -> LDAP > UserFirstname => 'givenName', > UserLastname => 'sn', > UserEmail => 'mail', > }; > > > # AuthSyncModule::LDAP::UserSyncInitialGroups > # (sync following group with rw permission after initial create of > first agent > # login) > $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [ > 'users', > ]; > > > If you want I can post my complete LDAP template, which has allowed Agents > to authenticate against AD (as a requirement, must belong to a particular AD > group) and customers to log on too. > > Regards, > > David > > > On Tue, Aug 25, 2009 at 10:03 PM, Justin Holt <[email protected]>wrote: > >> Sorry to keep flooding you guys with emails, but disregard that last >> email. It didn't work. I only managed to log in because I had created an >> account for myself with the same password and it worked, stupid me. So does >> anyone know how to get agents to authenticate and to get incoming emails >> turned into tickets? >> >> Thank you so much to everyone, >> Justin Holt >> >> >> >> On Tue, Aug 25, 2009 at 4:52 PM, Justin Holt <[email protected]>wrote: >> >>> Well, just for laughs, I decided to export my settings through SysConfig >>> and re-import them to the new setup. I gasped in awe as it actually >>> worked. My other question, if I exported settings that allowed the old >>> system to consider emails sent to its email address as tickets, should those >>> settings come over and work just the same as well? >>> >>> Thanks >>> Justin >>> >>> >>> On Tue, Aug 25, 2009 at 4:07 PM, Justin Holt >>> <[email protected]>wrote: >>> >>>> I had it fully working in 2.3.4 and made a full backup of the 2.3.4 otrs >>>> folder. I then uninstalled 2.3.4 and installed 2.4.3. I tried first to >>>> copy and past my whole config.pm file from 2.3.4 to 2.4.3 and that did >>>> not work. I tried just the segment I have below and that still did not >>>> work. Is it somewhere in the documentation and I'm missing it or can you >>>> give me a portion of your config.pm and just have me fill in my stuff? >>>> >>>> Thanks, >>>> Justin >>>> >>>> >>>> On Tue, Aug 25, 2009 at 3:53 PM, Cook, Julian <[email protected]> wrote: >>>> >>>>> Justin, I just dealt with this headache myself. Did you have it >>>>> working and then it quit or is it a simple question of agent >>>>> authentication? >>>>> -- >>>>> Julian Cook >>>>> Securities and Exchange Commission >>>>> Operations Center >>>>> DMZ Ops >>>>> >>>>> >>>>> On 8/25/09 3:49 PM, "Justin Holt" <[email protected]> wrote: >>>>> >>>>> Is there even a way for the Agent to authenticate over LDAP anymore? >>>>> It looks like it has been taken out. I've been going through SysConfig >>>>> and >>>>> can't find anything on it. Anything I also try to throw at it by manually >>>>> editing Config.pm leaves the system broken. I've also uninstalled and >>>>> reinstalled a few times now. >>>>> >>>>> Justin >>>>> >>>>> On Tue, Aug 25, 2009 at 12:18 PM, <[email protected]> wrote: >>>>> >>>>> Hi, >>>>> >>>>> same problem here, but only with one of 200: >>>>> I have tested it, with case-sensitive typed >>>>> username, it works - but no problem with >>>>> case-sensitive for all the others... >>>>> >>>>> Günther >>>>> >>>>> >>>>> -------- Original-Nachricht -------- >>>>> > Datum: Tue, 25 Aug 2009 12:12:17 -0400 >>>>> > Von: Justin Holt <[email protected]> >>>>> > An: [email protected] >>>>> > Betreff: [otrs] Active Directory and 2.4.3 issues >>>>> >>>>> > I finally went to make the jump to 2.4.3 from 2.3.4 and am having a >>>>> bit of >>>>> > an issue. Customers still authenticate against our Active Directory >>>>> > Server >>>>> > just fine, but when an agent tries to authenticate, it all blows up. >>>>> > >>>>> > "Panic, user authenticated but no user data can be found in OTRS DB!! >>>>> > Perhaps the user is invalid." >>>>> > >>>>> > Here is the whole LDAP configuration part from my config.pm < >>>>> http://config.pm> that I just >>>>> > copied and pasted out of the config.pm <http://config.pm> for >>>>> 2.3.4. I have seen that there >>>>> >>>>> > are others with this same issue but there have been no responses. >>>>> This is >>>>> > all running on a windows 2003 server with a regurlar install of OTRS. >>>>> Any >>>>> > Ideas? >>>>> > #-----------------------Customer >>>>> > Data------------------------------------------------ >>>>> > >>>>> > >>>>> > #Enable LDAP authentication for Customers / Users >>>>> > $Self->{'Customer::AuthModule'} = >>>>> 'Kernel::System::CustomerAuth::LDAP'; >>>>> > $Self->{'Customer::AuthModule::LDAP::Host'} = 'vdp-dc-003'; >>>>> > $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=ci, dc=vernon, >>>>> > dc=ct, >>>>> > dc=us'; >>>>> > $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName'; >>>>> > >>>>> > #The following is valid but would only be necessary if the >>>>> > #anonymous user do NOT have permission to read from the LDAP tree >>>>> > $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrs_ldap'; >>>>> > $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = '1qaz2wsx'; >>>>> > >>>>> > #CustomerUser >>>>> > #(customer user database backend and settings) >>>>> > $Self->{CustomerUser} = { >>>>> > Module => 'Kernel::System::CustomerUser::LDAP', >>>>> > Params => { >>>>> > Host => 'vdp-dc-003', >>>>> > BaseDN => 'dc=ci, dc=vernon, dc=ct, dc=us', >>>>> > SSCOPE => 'sub', >>>>> > UserDN =>'otrs_ldap', >>>>> > UserPw => '1qaz2wsx', >>>>> > }, >>>>> > # customer unique id >>>>> > CustomerKey => 'sAMAccountName', >>>>> > # customer # >>>>> > CustomerID => 'mail', >>>>> > CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'], >>>>> > CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'], >>>>> > CustomerUserSearchPrefix => '', >>>>> > CustomerUserSearchSuffix => '*', >>>>> > CustomerUserSearchListLimit => 250, >>>>> > CustomerUserPostMasterSearchFields => ['mail'], >>>>> > CustomerUserNameFields => ['givenname', 'sn'], >>>>> > Map => [ >>>>> > # note: Login, Email and CustomerID needed! >>>>> > # var, frontend, storage, shown, required, storage-type >>>>> > #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ], >>>>> > [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ], >>>>> > [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ], >>>>> > [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ], >>>>> > [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ], >>>>> > [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ], >>>>> > [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ], >>>>> > #[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ], >>>>> > #[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ], >>>>> > ], >>>>> > }; >>>>> > # -------------------------End Customer >>>>> data----------------------------- >>>>> > >>>>> > >>>>> > #------------------------------Agent >>>>> Data--------------------------------- >>>>> > >>>>> > #Enable LDAP authentication for Customers / Users >>>>> > $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP'; >>>>> > $Self->{'AuthModule::LDAP::Host'} = 'vdp-dc-003'; >>>>> > $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=ci, dc=vernon, dc=ct, >>>>> dc=us'; >>>>> > $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName'; >>>>> > >>>>> > #The following is valid but would only be necessary if the >>>>> > #anonymous user do NOT have permission to read from the LDAP tree >>>>> > $Self->{'AuthModule::LDAP::SearchUserDN'} = 'otrs_ldap'; >>>>> > $Self->{'AuthModule::LDAP::SearchUserPw'} = '1qaz2wsx'; >>>>> > >>>>> > # UserSyncLDAPMap >>>>> > # (map if agent should create/synced from LDAP to DB after login) >>>>> > $Self->{UserSyncLDAPMap} = { >>>>> > # DB -> LDAP >>>>> > UserFirstname => 'givenName', >>>>> > UserLastname => 'sn', >>>>> > UserEmail => 'mail', >>>>> > }; >>>>> > >>>>> > # UserSyncLDAPGroups >>>>> > # (If "LDAP" was selected="selected" for AuthModule, you can specify >>>>> > # initial user groups for first login.) >>>>> > $Self->{UserSyncLDAPGroups} = [ >>>>> > 'users', >>>>> > ]; >>>>> > >>>>> > # UserTable >>>>> > $Self->{DatabaseUserTable} = 'users'; >>>>> > $Self->{DatabaseUserTableUserID} = 'id'; >>>>> > $Self->{DatabaseUserTableUserPW} = 'pw'; >>>>> > $Self->{DatabaseUserTableUser} = 'login'; >>>>> > >>>>> > #Add the following lines when only users are allowed to login if they >>>>> > reside >>>>> > in the spicified security group >>>>> > #Remove these lines if you want to provide login to all users >>>>> specified in >>>>> > the User Base DN >>>>> > $Self->{'AuthModule::LDAP::GroupDN'} >>>>> > ='CN=otrs_ldap_allow_A,CN=Builtin,DC=ci,DC=vernon,DC=ct,DC=us'; >>>>> > $Self->{'AuthModule::LDAP::AccessAttr'} = 'member'; >>>>> > $Self->{'AuthModule::LDAP::UserAttr'} = 'DN'; >>>>> > >>>>> > #---------------------------End Agent >>>>> Data-------------------------------- >>>>> >>>>> -- >>>>> GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT! >>>>> Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01 >>>>> --------------------------------------------------------------------- >>>>> OTRS mailing list: otrs - Webpage: http://otrs.org/ >>>>> Archive: http://lists.otrs.org/pipermail/otrs >>>>> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs >>>>> >>>>> NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! >>>>> http://www.otrs.com/en/support/enterprise-subscription/ >>>>> >>>>> >>>>> >>>>> ------------------------------ >>>>> --------------------------------------------------------------------- >>>>> OTRS mailing list: otrs - Webpage: http://otrs.org/ >>>>> Archive: http://lists.otrs.org/pipermail/otrs >>>>> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs >>>>> >>>>> NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! >>>>> http://www.otrs.com/en/support/enterprise-subscription/ >>>>> >>>>> >>>>> >>>>> >>>>> --------------------------------------------------------------------- >>>>> OTRS mailing list: otrs - Webpage: http://otrs.org/ >>>>> Archive: http://lists.otrs.org/pipermail/otrs >>>>> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs >>>>> >>>>> NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! >>>>> http://www.otrs.com/en/support/enterprise-subscription/ >>>>> >>>> >>>> >>> >> >> --------------------------------------------------------------------- >> OTRS mailing list: otrs - Webpage: http://otrs.org/ >> Archive: http://lists.otrs.org/pipermail/otrs >> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs >> >> NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! >> http://www.otrs.com/en/support/enterprise-subscription/ >> > > > --------------------------------------------------------------------- > OTRS mailing list: otrs - Webpage: http://otrs.org/ > Archive: http://lists.otrs.org/pipermail/otrs > To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs > > NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! > http://www.otrs.com/en/support/enterprise-subscription/ >
--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
