Hi Torsten
Thanks for your reply and info.
I incorrectly understood the functionality of this HTTPBasicAuth.
My idea was that I created the right setup for authentication in Perl but i
didn't want my user to manually put in their credentials into the boxes and
therefore wanted to let them login automatically authenticated against the LDAP
(and i thought it was done by perl). If i correctly understand is right now
HTTPBasicAuth is the Apache authentication.
What's the best setup if i want that Agent's can login automatically with their
AD credentials and they do not have to enter anything manually?
Thanks in advance.
Best,
Dave
On 12 dec 2009, at 11:41, Torsten Thau wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Dave,
>
>> I just found out that when i enable this rule the complete login is not
>> working anymore. also manually it's now not possible to login.
>>>> $Self->{'AuthModule'} = 'Kernel::System::Auth::HTTPBasicAuth';
>>
>
> I guess your LDAP-Authenticationbackend is also named
> "$Self->{'AuthModule'}" (a few lines of your Config.pm would be helpful
> to analyze the problem)? If so, activating HTTPBasicAuth disables
> LDAP-Authentication. Using SSO via HTTPBasicAuth requires the user to be
> authenticated BEFORE accessing ../otrs/index.pl. The authentication
> needs to be done by the webserver before (e.g. by configuring the
> webserver to to a basic auth agains a usr-password-file or an LDAP). But
> then it's thejob of the webservers administrator to configure a working
> authentication. The authentication itself is not done by OTRS then anymore.
>
> However you can use more than one authentication backend. Just name your
> LDAP-auth backend $Self->{'AuthModule1'} (and update all corresponding
> config values as well). OTRS will check first for HTTPBasicAuth and if
> this fails will offer you the possibility for a manual authentication.
>
>
>> When i try to login automatically with SSO it's not working and the
>> following entries are written in the log:
>> Sat Dec 12 11:14:11 2009 error OTRS-CGI-10 Need UserLogin or
>> UserID!
>> Sat Dec 12 11:14:11 2009 notice OTRS-CGI-10 User: No
>> $ENV{REMOTE_USER} or $ENV{HTTP_REMOTE_USER} !(REMOTE_ADDR: 10.20.203.100).
>>
>>
>> When i try to login with my credentials username/password manually these
>> lines are also logged,...
>> Sat Dec 12 11:14:31 2009 error OTRS-CGI-10 Need UserLogin or
>> UserID!
>> Sat Dec 12 11:14:31 2009 notice OTRS-CGI-10 User: No
>> $ENV{REMOTE_USER} or $ENV{HTTP_REMOTE_USER} !(REMOTE_ADDR: 10.20.203.100).
>>
>> When i disable the "$Self->{'AuthModule'} =
>> 'Kernel::System::Auth::HTTPBasicAuth';" rule again i can login manually...
>>
>
> regards, T.
>
> - --
> Torsten Thau, Dipl. Inform.
> c.a.p.e. IT Labs GbR - Annaberger Str. 240 - D-09125 Chemnitz
> phone: +49 371 5347 623
> cell: +49 176 66 680 680
> personal pgp-key: 0x93E0A174
> fax: +49 371 5347 625
> http://www.cape-it.de
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
>
> iEYEARECAAYFAksjc1sACgkQvXo8m5PgoXTNXgCghCcNGXuUkKa5Hz2lNY0wNwLC
> N78An2z0qZtl6aT+ofMenSAFPzgcnP1R
> =iubk
> -----END PGP SIGNATURE-----
> ---------------------------------------------------------------------
> OTRS mailing list: otrs - Webpage: http://otrs.org/
> Archive: http://lists.otrs.org/pipermail/otrs
> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
>
> NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
> http://www.otrs.com/en/support/enterprise-subscription/
>
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/
