Hi Dears,
I am new to OTRS. And I installed latest version of otrs on FreeBSD 8.0
RC1 running on sparc 64 machine. I want to enable LDAP authentication.
But I cannot do it :(. It always says there is an error.
My configuration in Config.pm is following:
#Enable LDAP authentication for Agents
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'domain.xxx.com';
$Self->{'AuthModule::LDAP::BaseDN'} = 'DC=xxx,DC=com';
$Self->{'AuthModule::LDAP::UID'} = 'uid';
# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group xyz to use otrs)
$Self->{'AuthModule::LDAP::GroupDN'} =
'CN=OTRS_Agents,OU=otrs_group,DC=xxx,DC=com';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'memberUid';
# for ldap posixGroups objectclass (just uid)
# $Self->{'AuthModule::LDAP::UserAttr'} = 'UID';
# for non ldap posixGroups objectclass (with full user dn)
# $Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
# The following is valid but would only be necessary if the
# anonymous user do NOT have permission to read from the LDAP tree
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=otrs_ldap,
OU=otrs_group, DC=xxx, DC=com';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'pwd';
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter =>
'(objectclass=user)'
$Self->{'AuthModule::LDAP::AlwaysFilter'} = '';
# in case you want to add a suffix to each login name, then
# you can use this option. e. g. user just want to use user but
# in your ldap directory exists u...@domain.
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
# agent data sync against ldap
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = 'domain.xxx.com';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'DC=xxx, DC=com';
$Self->{'AuthSyncModule::LDAP::UID'} = 'UID';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'UID=otrs_ldap,
OU=otrs_group, DC=xxx, DC=com';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'pwd';
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
# DB -> LDAP
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
# [...]
# AuthSyncModule::LDAP::UserSyncInitialGroups
# (sync following group with rw permission after initial create of
first agent
# login)
$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
'users',
];
Can you tell me what is wrong on my configuration. Also I sent you log
entries:
Oct 15 10:49:28 otrs OTRS-CGI-10[2271]:
[Error][Kernel::System::Auth::LDAP::Auth][Line:187]: First bind failed!
80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error,
data 525, vece
Oct 15 10:49:28 otrs OTRS-CGI-10[2271]:
[Error][Kernel::System::User::UserLookup][Line:696]: No UserID found for
'[email protected]'!
Oct 15 10:50:28 otrs OTRS-CGI-10[2278]:
[Error][Kernel::System::Auth::LDAP::Auth][Line:187]: First bind failed!
80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error,
data 525, vece
Please help me, guys :)
--
BR,
Altangerel Ganbold
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/
