Edmond, When I change the UserDN (in config.pm) I can no longer search for customers and I get errors in the log file relating to LDAP bind failure. However, if I use UserDN =>'domain\otrsagent' then I can search for customers. I did try changing the sync script from 'domain\otrstest' to "cn=otrsagent,ou=users,dc=domain,dc=org" but it still didn't work cause I still receive the following error when customers attempt to log-in using their AD credentials.
Search failed!000004DC: LdapErr: DSID-0C0906DD, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1772? Thanks for the suggestion! I was thinking and I would like to know if there is a way that I could check the local database used by OTRS to ensure that the sync script is working? Or to even check to see if there are values in the customer users password fields (since the agent interface shows a "-" under the valid/invalid field for customer users)? Ryan Miguel ---------------------------------------------------------------------- Message: 1 Date: Sat, 24 Apr 2010 19:08:05 +0800 From: Edmond Chan <[email protected]> Subject: Re: [otrs] customer users cant login To: "User questions and discussions about OTRS." <[email protected]> Message-ID: <[email protected]> Content-Type: text/plain; charset="windows-1252" Hi Ryan, DN should be a value looks like "cn=otrsagent,ou=users,dc=domain,dc=org", instead of "domain\otrsagent". The following 2 values need be updated to a correct DN. UserDN =>'domain\otrsagent' my $LDAPBindDN = 'domain\otrstest'; On Sat, Apr 24, 2010 at 8:11 AM, Ryan Miguel <[email protected]> wrote: > I am able to see customer users, search for them, add them to tickets > and even send e-mails to them but they can?t login through the > customer.pl page. Whenever customers try to login they receive an > error message saying that their username or password has been entered > incorrectly. When I look in the OTRS logs I see a message like this: > > > > ?[Fri Apr 23 16:35:40 > 2010][Error][Kernel::System::CustomerAuth::LDAP::Auth][220] Search failed! > 000004DC: LdapErr: DSID-0C0906DD, comment: In order to perform this > operation a successful bind must be completed on the connection., data > 0, v1772? > > > > I have tried using the sync-ldap2db.pl script because I have read that > the user data has to be copied to the MSQL DB for users to be able to > login but I am unsure of how I would verify that the data was copied > over correctly. I have also read that some people have been able to > use some extra settings in their config to copy the data of a first > time customer user logging in. My settings are shown below. Any help would be appreciated. > > > > Thanks, > > > > Ryan > > > > > > > > > > > > ##############config.pm####################### > > > > #Enable LDAP authentication for Customers a.k.a non-IT employees > > $Self->{'Customer::AuthModule'} = > 'Kernel::System::CustomerAuth::LDAP'; > > $Self->{'Customer::AuthModule::LDAP::Host'} = 'server.domain.org'; > > $Self->{'Customer::AuthModule::LDAP::BaseDN'} = > 'ou=users,dc=domain,dc=org'; > > $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName'; > > > > #CustomerUser > > #(customer user database backend and settings) > > $Self->{CustomerUser} = { > > Module => 'Kernel::System::CustomerUser::LDAP', > > Params => { > > Host => 'server.domain.org', > > BaseDN => 'OU=staff,DC=domain,DC=org', > > SSCOPE => 'sub', > > UserDN =>'domain\otrsagent', > > UserPw => 'secret', > > }, > > # customer unique id > > CustomerKey => 'sAMAccountName', > > CustomerID => 'mail', > > CustomerUserListFields => ['sAMAccountName', 'mail'], > > CustomerUserSearchFields => ['sAMAccountName','givenname','sn' ], > > CustomerUserSearchPrefix => '*', > > CustomerUserSearchSuffix => '*', > > CustomerUserSearchListLimit => 250, > > CustomerUserPostMasterSearchFields => ['mail', 'givenname', 'sn'], > > CustomerUserNameFields => ['cn', 'sn'], > > Map => [ > > # var,frontend,storage,shown,required,storage-type, http-link, > readonly > > [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var', '',0 > ], > > [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var', '',0], > > [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var', '',0], > > [ 'UserEmail', 'Email', 'mail', 1, 1, 'var', '',0], > > [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var', '',0], > > # [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var', '',0], > > ], > > }; > > > > ###############sync-ldap2db.pl################## > > > > my $UidLDAP = 'domain\otrsagent'; > > my $UidDB = 'otrs'; > > > > my %Map = ( > > # db => ldap > > email => 'mail', > > customer_id => 'mail', > > first_name => 'givenname', > > last_name => 'sn', > > pw => 'password', > > > > ); > > > > my $LDAPHost = 'server.domain.org'; > > my %LDAPParams = (); > > my $LDAPBaseDN = 'ou=users,dc=domain,dc=org'; > > my $LDAPBindDN = 'domain\otrstest'; > > my $LDAPBindPW = 'secret'; > > my $LDAPScope = 'sub'; > > my $LDAPCharset = 'utf-8'; > > > > #my $LDAPFilter = ''; > > my $LDAPFilter = '(ObjectClass=*)'; > > > > my $DBCharset = 'iso-8859-1'; > > my $DBTable = 'customer_user'; > > > > > > ______________________________________________________________________ > > This email has been scanned by the Rebekah Children's Services Email > Security System. > > **** Confidentiality Notice ***** > > The information contained in this e-mail, and any attachment, is > private and confidential and is the property of Rebekah Children's > Services. The information is intended only for the use of the intended > recipient. If you are not the intended recipient, you are hereby > notified that any disclosure, copying, distribution, or taking of any > action in reliance on the contents of the information is strictly > prohibited. If you have received this e-mail in error, please > immediately notify the sender and destroy all copies of the original message. > > All reasonable precautions have been taken to ensure no viruses are > present in this e-mail. We do not accept responsibility for any loss > or damage arising from the use of this e-mail or attachments. We > recommend that you subject these to your virus checking procedures prior to use. > ______________________________________________________________________ > > --------------------------------------------------------------------- > OTRS mailing list: otrs - Webpage: http://otrs.org/ > Archive: http://lists.otrs.org/pipermail/otrs > To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs > > NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! > http://www.otrs.com/en/support/enterprise-subscription/ > -- Best regards, Edmond Chan -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.otrs.org/pipermail/otrs/attachments/20100424/2cabf214/atta chment.html> ------------------------------ --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/ End of otrs Digest, Vol 19, Issue 89 ************************************ ______________________________________________________________________ This email has been scanned by the Rebekah Children's Services Email Security System. ______________________________________________________________________ ______________________________________________________________________ This email has been scanned by the Rebekah Children's Services Email Security System. **** Confidentiality Notice ***** The information contained in this e-mail, and any attachment, is private and confidential and is the property of Rebekah Children's Services. The information is intended only for the use of the intended recipient. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or taking of any action in reliance on the contents of the information is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and destroy all copies of the original message. All reasonable precautions have been taken to ensure no viruses are present in this e-mail. We do not accept responsibility for any loss or damage arising from the use of this e-mail or attachments. We recommend that you subject these to your virus checking procedures prior to use. ______________________________________________________________________ --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
