Sorry, I thought we talk about agents auth/sync but the original question
was about customers auth/sync.
We don't authenticate customers through ldap so I can't help you.
Regards.
Jesus.
Michiel Beijen
<michiel.bei...@o
trs.com> Para
"User questions and discussions
Enviado por: about OTRS." <[email protected]>
otrs-boun...@otrs cc
.org
Asunto
07/04/2010 11:30 Re: [otrs] SSO with
Kernel::System::CustomerAuth::HTTPB
Por favor, asicAuth display Panic! No
responda a UserData!!! Error
"User questions
and discussions
about OTRS."
<[email protected]>
Syncing user data when authenticating against an LDAP database is
possible. The problem is, though, that if you do Single Sign On, there
will be no authentication as this is handled by the webserver and not
by OTRS. So if you implement SSO you would need to set up a script
such as otrs/scripts/tools/sync-ldap2db.pl to synchronize users from
AD to OTRS.
Hope this helps,
((enjoy))
-
Michiel Beijen
R&D
Follow me on Twitter: @otrsnl [https://twitter.com/otrsnl]
OTRS AG
Norsk-Data-Str 1.
61352 Bad Homburg
Germany
T: +31 (0) 6457 42418
F: +49 (0) 9421 56818-18
I: http://www.otrs.com/
Business Location: Bad Homburg, Country Court: Bad Homburg, Commercial
register: 10751, Tax ID: 003 240
97505 Chairman of the Board: Burchard Steinbild, Managing Board: André
Mindermann (CEO), Martin Edenhofer
On Wed, Apr 7, 2010 at 11:09 AM, Jesus Peña Martinez <[email protected]>
wrote:
> Hi,
>
> It is necessary to add user identifier manually but you could update
remain
> data from AD when authenticates.
>
> These are Config.pm changes for achieve this function:
>
> $Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
> $Self->{'AuthSyncModule::LDAP::Host'} = 'myldaphost.com';
> $Self->{'AuthSyncModule::LDAP::BaseDN'}
=
> 'cn=Users,dc=mycompany,dc=com';
>
> # AD user identifier
> $Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
>
> # AD query user if not anonymous
> $Self->{'AuthSyncModule::LDAP::SearchUserDN'}
=
> 'cn=QUERYUSER,cn=Users,dc=mycompany,dc=com';
> $Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'xxxxxxx';
>
> # query filter (if necessary)
> $Self->{'AuthSyncModule::LDAP::AlwaysFilter'} =
'(&(|
> (CN=Users)(USER=*)))';
>
> # LDAP to DB parameters map
> $Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
> # DB -> LDAP
> UserFirstname => 'givenName',
> UserLastname => 'sn',
> UserEmail => 'mail',
> # all other data you need
> };
>
> # character set from ldap utf-8 to local (if necessary)
> $Self->{'AuthSyncModule::LDAP::Charset'} = 'iso-8859-1';
>
> # UserTable
> $Self->{DatabaseUserTable} = 'users';
> $Self->{DatabaseUserTableUserID} = 'id';
> $Self->{DatabaseUserTableUserPW} = 'pw';
> $Self->{DatabaseUserTableUser} = 'login';
>
> I hope this helps.
> Regards.
>
>
>
>
> Erling Lothe
> <[email protected]>
> Para
> Enviado por: "User questions and discussions
> otrs-boun...@otrs about OTRS." <[email protected]>
> .org cc
>
> 06/04/2010 16:59 Asunto
> Re: [otrs] SSO with
> Por favor, Kernel::System::CustomerAuth::HTTPB
> responda a asicAuth display Panic! No
> "User questions UserData!!! Error
> and discussions
> about OTRS."
> <[email protected]>
>
>
>
>
>
>
>
> Hello again,
>
> I dont think that is possible in OTRS. We have allways added the user
> manually due to group setup and then let AD work as authentication.
> If you do some scripting you can loop trought the AD and then add the
users
> to the mySQL user table in OTRS.
>
> Vennlig hilsen - Best regards - Saludos Cordiales
>
> Erling Lothe
> IT Consultant
>
>
> ----- Original Message -----
> From: "Arnault Tovar" <[email protected]>
> To: [email protected]
> Sent: Tuesday, April 6, 2010 3:15:07 PM
> Subject: [otrs] SSO with Kernel::System::CustomerAuth::HTTPBasicAuth
> display Panic! No UserData!!! Error
>
> Thank you Erling,
>
> How could I insert automatically email and name from AD to OTRS database
> ?
>
>
>
> ------------------------------------------
>
> The user needs to be in the OTRS user database. It is important that the
> username in OTRS match the user in the AD.
>
>
>
> It will then authenticate with the username and password from the AD and
> not the OTRS but use the userinformation from OTRS. ( Email, name,
> groups e.t.c. )
>
> ----- Original Message -----
> From: "Arnault Tovar" <arnault.tovar at pronatura.com>
> To: otrs at otrs.org
> Sent: Tuesday, April 6, 2010 1:51:42 PM
> Subject: [otrs] SSO with Kernel::System::CustomerAuth::HTTPBasicAuth
> display Panic! No UserData!!! Error
>
> Hi everyone,
>
> I try to configure my OTRS customer interface with SSO Active Directory
> over Apache.
> My Apache authentification works with the sspi module and it looks
> great.
>
> My config.pm works fine with LDAP configuration with this configuration:
>
> $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
> $Self->{'Customer::AuthModule::LDAP::Host'} = 'svr.xx.yy.com';
> $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=xx,dc=yy,dc=com';
> $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
> $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'CN=Helpdesk,
> OU=yy,DC=xx,DC=yy,DC=com';
> $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'Glpi84@';
> $Self->{'Customer::AuthModule::LDAP::Params'} = {
> port => 389,
> timeout => 120,
> async => 0,
> version => 3,
> };
>
> $Self->{CustomerUser} = {
> Module => 'Kernel::System::CustomerUser::LDAP',
> Params => {
> Host => 'svr.xx.yy.com',
> BaseDN => 'OU=yy,DC=xx,DC=yy,DC=com',
> SSCOPE => 'sub',
> UserDN =>'CN=Helpdesk,OU=yy,DC=xx,DC=yy,DC=com',
> UserPw => 'Glpi84@',
> #SourceCharset => 'iso-8859-1',
> #DestCharset => 'utf-8',
> },
>
> # customer unique id
> CustomerKey => 'sAMAccountName',
> # customer #
> CustomerID => 'sAMAccountName',
> #CustomerValid => 'valid_id',
> CustomerUserListFields => ['sAMAccountName', 'sn',
> 'mail'],
> CustomerUserSearchFields => ['sAMAccountName', 'sn',
> 'mail'],
> CustomerUserSearchPrefix => '',
> CustomerUserSearchSuffix => '*',
> CustomerUserSearchListLimit => 250,
> CustomerUserPostMasterSearchFields => ['mail'],
> CustomerUserNameFields => ['givenname', 'sn'],
> Map => [
> # note: Login, Email and CustomerID needed!
> # var, frontend, storage, shown, required,
> storage-type
> #[ 'UserSalutation', 'Title', 'title', 1, 0,
> 'var' ],
> [ 'UserFirstname', 'Firstname', 'givenname', 1,
> 1, 'var' ],
> [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var'
> ],
> [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1,
> 'var' ],
> #['UserPassword', 'Password', 'pw', 0, 1,
> 'var'],
> [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
> [ 'UserCustomerID', 'CustomerID',
> 'sAMAccountName', 0, 1, 'var' ],
> [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0,
>
> 'var' ],
> #[ 'UserAddress', 'Address', 'postaladdress', 1,
>
> 0, 'var' ],
> #[ 'UserComment', 'Comment', 'description', 1,
> 0, 'var' ],
> ],
> };
>
> But when I want to activate the HTTPBasicAuth because I want that my
> users login automatically with their windows authentication, it doesn't
> work. I have an error message in the login forms "Panic! No
> UserData!!!". I have this on my config.pm for HTTPBasicAuth :
> # This is an example configuration for an apache ($ENV{REMOTE_USER})
>
> # auth. backend. Use it if you want to have a singe login through
> # apache http-basic-auth
> $Self->{'Customer::AuthModule'} =
> 'Kernel::System::CustomerAuth::HTTPBasicAuth';
>
> # In case there is a leading domain in the REMOTE_USER, you can
> # replace it by the next config option.
> $Self->{'Customer::AuthModule::HTTPBasicAuth::Replace'} =
> 'terreor\\';
>
> $Self->{CustomerUser} = {
> Module => 'Kernel::System::CustomerUser::LDAP',
> Params => {
> Host => 'svr.xx.yy.com',
> BaseDN => 'OU=yy,DC=xx,DC=yy,DC=com',
> SSCOPE => 'sub',
> UserDN =>'CN=Helpdesk,OU=yy,DC=xx,DC=yy,DC=com',
> UserPw => 'Glpi84@',
> #SourceCharset => 'iso-8859-1',
> #DestCharset => 'utf-8',
> },
>
> # customer unique id
> CustomerKey => 'sAMAccountName',
> # customer #
> CustomerID => 'sAMAccountName',
> #CustomerValid => 'valid_id',
> CustomerUserListFields => ['sAMAccountName', 'sn',
> 'mail'],
> CustomerUserSearchFields => ['sAMAccountName', 'sn',
> 'mail'],
> CustomerUserSearchPrefix => '',
> CustomerUserSearchSuffix => '*',
> CustomerUserSearchListLimit => 250,
> CustomerUserPostMasterSearchFields => ['mail'],
> CustomerUserNameFields => ['givenname', 'sn'],
> Map => [
> # note: Login, Email and CustomerID needed!
> # var, frontend, storage, shown, required,
> storage-type
> #[ 'UserSalutation', 'Title', 'title', 1, 0,
> 'var' ],
> [ 'UserFirstname', 'Firstname', 'givenname', 1,
> 1, 'var' ],
> [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var'
> ],
> [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1,
> 'var' ],
> #['UserPassword', 'Password', 'pw', 0, 1,
> 'var'],
> [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
> [ 'UserCustomerID', 'CustomerID',
> 'sAMAccountName', 0, 1, 'var' ],
> [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0,
>
> 'var' ],
> #[ 'UserAddress', 'Address', 'postaladdress', 1,
>
> 0, 'var' ],
> #[ 'UserComment', 'Comment', 'description', 1,
> 0, 'var' ],
> ],
> };
>
> I tried a lot of different config found on this mailing list but it
> doesn't work.
>
> Laouache
> ---------------------------------------------------------------------
> OTRS mailing list: otrs - Webpage: http://otrs.org/
> Archive: http://lists.otrs.org/pipermail/otrs
> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
>
> NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
> http://www.otrs.com/en/support/enterprise-subscription/
> ---------------------------------------------------------------------
> OTRS mailing list: otrs - Webpage: http://otrs.org/
> Archive: http://lists.otrs.org/pipermail/otrs
> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
>
> NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
> http://www.otrs.com/en/support/enterprise-subscription/
>
> ---------------------------------------------------------------------
> OTRS mailing list: otrs - Webpage: http://otrs.org/
> Archive: http://lists.otrs.org/pipermail/otrs
> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
>
> NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
> http://www.otrs.com/en/support/enterprise-subscription/
>
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/
