Re: [otrs] OTRS config : LDAP and Consumers
Hi, Sorry for my previous email about LDAP. I loose many time to understand, that the login URL for the Customers is not the same that the URL for the Agents ;-) With this URL https:///otrs/customer.pl it is OK. My advice would be finally to copy the necessary blocks from Kernel/Config/Defaults.pm and paste & edit them into Kernel/Config.pm to adapt at your local configuration. Useful pages : http://forums.otterhub.org/viewtopic.php?t=18340 http://wiki.otterhub.org/index.php?title=LDAP_mit_TLS_bzw._SSL http://trinityhome.org/Home/index.php?content=CONFIGURING_OTRS_TO_MAKE_CUSTOMERS___USERS_AUTHENT_id=18=en=en http://forums.otterhub.org/viewtopic.php?t=16543 http://itsm-demo.otrs.com/otrs/public.pl?Action=PublicFAQZoom;ItemID=243 Lectures : Best regards, Joel Marchand Le Fri, Nov 04, 2016 at 02:47:40PM +0100, Joel Marchand disait : > > Hi > > Thanks for your email. > > I understand that the two parts > > $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; > $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = $SearchUserDN; > $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = $SearchUserPw; > $Self->{'Customer::AuthModule::LDAP::Host'} = $Host; > $Self->{'Customer::AuthModule::LDAP::BaseDN'} = $Base; > $Self->{'Customer::AuthModule::LDAP::UID'} = 'uid'; > $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'uid'; > $Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = > '(objectclass=posixAccount)'; > $Self->{'Customer::AuthModule::LDAP::Params'} = $Params; > > and > > $Self->{CustomerUser} = { > Name => 'LDAP Backend', > Module => 'Kernel::System::CustomerUser::LDAP', > Params => { > ... > [ 'UserComment', 'Comment', 'description', 1, 0, > 'var', '', 0 ], > ], > } > > are necessary. Sorry for this mistake. > > So I put these two parts in my configuration > - the first : very similar to the "$Self->{'AuthModule'}" part > - the second : very carefully edited from Config/Defaults.pm > > But I get the same messages when I try to connect > > - Web interface : Panic, user authenticated but no user data can be > found in OTRS DB!! Perhaps the user is invalid. > > - error_log : Message: No UserID found for 'jma'! > > It is the same with the line > $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'uid'; > or with the line > $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID'; > > Regards, > > Joel Marchand > > PS : one LDIF entry > > # jma, people, huma-num.fr > dn: uid=jma,ou=people,dc=huma-num,dc=fr > uid: jma > loginShell: /bin/bash > uidNumber: 30001 > gidNumber: 30001 > mail: joel.march...@laposte.net > gosaMailDeliveryMode: [] > o: CNRS > supannListeRouge: FALSE > dateOfBirth: 1963-08-15 > gender: M > co: France > fdPrivateMail: joel.march...@laposte.net > homeDirectory: /home/jma > cn: jma jma > sn: jma > givenName: jma > gecos: jma jma > description: TGIR > sambaSID: S-1-5-21-134782382-3786202306-2389167217-60003 > sambaDomainName: DEFAULT > sambaMungedDial: IAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgA > CAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAUAAEABoACA > ABAEMAdAB4AEMAZgBnAFAAcgBlAHMAZQBuAHQANTUxZTBiYjAYAAgAAQBDAHQAeABDAGYAZwBGAGw > AYQBnAHMAMQAwMGUwMDAxMBIACAABAEMAdAB4AFMAaABhAGQAbwB3ADAxMDAwMDAwKgACAAEAQwB0 > AHgATQBpAG4ARQBuAGMAcgB5AHAAdABpAG8AbgBMAGUAdgBlAGwAMDA= > sambaAcctFlags: [U ] > objectClass: inetOrgPerson > objectClass: organizationalPerson > objectClass: person > objectClass: posixAccount > objectClass: shadowAccount > objectClass: gosaMailAccount > objectClass: eduPerson > objectClass: supannPerson > objectClass: fdPersonalInfo > objectClass: sambaSamAccount > sambaBadPasswordTime: 0 > sambaBadPasswordCount: 0 > sambaNTPassword: x > sambaPwdLastSet: 1478193536 > > > Le Fri, Nov 04, 2016 at 08:38:46AM -0400, Gerald Young disait : > > Just for reference, I wrote this old post: http://forums.otterhub.org/ > > viewtopic.php?t=16543 > > > > The following are important: > > $Self->{'Customer::AuthModule::LDAP::UID'} = 'uid'; > > $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID'; > > > > You can change these to mail if you want to try differently. > > > > On Fri, Nov 4, 2016 at 5:52 AM, Joel Marchand> > wrote: > > > > > > Hello, > > > > My config : Linux CentOS 7 - otrs-5.0.13-01 (from rpm) - OpenLDAP 2.4 > > > > I have configured OTRS to use LDAP for the Agents authentification. It > > is > > OK. > > > > I want to do the same for the Consumers. I read many examples, but > > without > > success. > > > > 1/ in the Administration/Consumers panel, I see all my LDAP users like : > > > > jjma2 jma2 jma2
Re: [otrs] OTRS config : LDAP and Consumers
Hi Thanks for your email. I understand that the two parts $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = $SearchUserDN; $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = $SearchUserPw; $Self->{'Customer::AuthModule::LDAP::Host'} = $Host; $Self->{'Customer::AuthModule::LDAP::BaseDN'} = $Base; $Self->{'Customer::AuthModule::LDAP::UID'} = 'uid'; $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'uid'; $Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '(objectclass=posixAccount)'; $Self->{'Customer::AuthModule::LDAP::Params'} = $Params; and $Self->{CustomerUser} = { Name => 'LDAP Backend', Module => 'Kernel::System::CustomerUser::LDAP', Params => { ... [ 'UserComment', 'Comment', 'description', 1, 0, 'var', '', 0 ], ], } are necessary. Sorry for this mistake. So I put these two parts in my configuration - the first : very similar to the "$Self->{'AuthModule'}" part - the second : very carefully edited from Config/Defaults.pm But I get the same messages when I try to connect - Web interface : Panic, user authenticated but no user data can be found in OTRS DB!! Perhaps the user is invalid. - error_log : Message: No UserID found for 'jma'! It is the same with the line $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'uid'; or with the line $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID'; Regards, Joel Marchand PS : one LDIF entry # jma, people, huma-num.fr dn: uid=jma,ou=people,dc=huma-num,dc=fr uid: jma loginShell: /bin/bash uidNumber: 30001 gidNumber: 30001 mail: joel.march...@laposte.net gosaMailDeliveryMode: [] o: CNRS supannListeRouge: FALSE dateOfBirth: 1963-08-15 gender: M co: France fdPrivateMail: joel.march...@laposte.net homeDirectory: /home/jma cn: jma jma sn: jma givenName: jma gecos: jma jma description: TGIR sambaSID: S-1-5-21-134782382-3786202306-2389167217-60003 sambaDomainName: DEFAULT sambaMungedDial: IAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgA CAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAUAAEABoACA ABAEMAdAB4AEMAZgBnAFAAcgBlAHMAZQBuAHQANTUxZTBiYjAYAAgAAQBDAHQAeABDAGYAZwBGAGw AYQBnAHMAMQAwMGUwMDAxMBIACAABAEMAdAB4AFMAaABhAGQAbwB3ADAxMDAwMDAwKgACAAEAQwB0 AHgATQBpAG4ARQBuAGMAcgB5AHAAdABpAG8AbgBMAGUAdgBlAGwAMDA= sambaAcctFlags: [U ] objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: posixAccount objectClass: shadowAccount objectClass: gosaMailAccount objectClass: eduPerson objectClass: supannPerson objectClass: fdPersonalInfo objectClass: sambaSamAccount sambaBadPasswordTime: 0 sambaBadPasswordCount: 0 sambaNTPassword: x sambaPwdLastSet: 1478193536 Le Fri, Nov 04, 2016 at 08:38:46AM -0400, Gerald Young disait : > Just for reference, I wrote this old post: http://forums.otterhub.org/ > viewtopic.php?t=16543 > > The following are important: > $Self->{'Customer::AuthModule::LDAP::UID'} = 'uid'; > $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID'; > > You can change these to mail if you want to try differently. > > On Fri, Nov 4, 2016 at 5:52 AM, Joel Marchand> wrote: > > > Hello, > > My config : Linux CentOS 7 - otrs-5.0.13-01 (from rpm) - OpenLDAP 2.4 > > I have configured OTRS to use LDAP for the Agents authentification. It is > OK. > > I want to do the same for the Consumers. I read many examples, but without > success. > > 1/ in the Administration/Consumers panel, I see all my LDAP users like : > > jjma2 jma2 jma2 j...@jma2.com j...@jma2.com > > 2/ when I try to login with an LDAP id, I get these message > > Panic, user authenticated but no user data can be found in OTRS > DB!! Perhaps the user is invalid. > > 3/ and in /var/log/httpd/error.log, I get > > ERROR: OTRS-CGI-38 Perl: 5.16.3 OS: linux Time: Fri Nov 4 10:40:31 2016 > > Message: No UserID found for 'jjma2'! > > RemoteAddress: 109.190.22.197 > RequestURI: /otrs/index.pl > > Traceback (19414): > Module: Kernel::System::User::UserLookup Line: 935 > Module: Kernel::System::Auth::Auth Line: 206 > Module: Kernel::System::Web::InterfaceAgent::Run Line: 228 > Module: ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_ > 2dbin_index_2epl::handler Line: 40 > Module: (eval) (v1.99) Line: 207 > Module: ModPerl::RegistryCooker::run (v1.99) Line: 207 > Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 173 > Module: ModPerl::Registry::handler (v1.99) Line: 32 > > ERROR: OTRS-CGI-38 Perl: 5.16.3 OS: linux Time: Fri Nov 4 10:40:31 2016 > > Message: No UserID found for 'jjma2'!
Re: [otrs] OTRS config : LDAP and Consumers
Just for reference, I wrote this old post: http://forums.otterhub.org/viewtopic.php?t=16543 The following are important: $Self->{'Customer::AuthModule::LDAP::UID'} = 'uid'; $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID'; You can change these to mail if you want to try differently. On Fri, Nov 4, 2016 at 5:52 AM, Joel Marchandwrote: > > Hello, > > My config : Linux CentOS 7 - otrs-5.0.13-01 (from rpm) - OpenLDAP 2.4 > > I have configured OTRS to use LDAP for the Agents authentification. It is > OK. > > I want to do the same for the Consumers. I read many examples, but without > success. > > 1/ in the Administration/Consumers panel, I see all my LDAP users like : > > jjma2 jma2 jma2 j...@jma2.com j...@jma2.com > > 2/ when I try to login with an LDAP id, I get these message > > Panic, user authenticated but no user data can be found in OTRS > DB!! Perhaps the user is invalid. > > 3/ and in /var/log/httpd/error.log, I get > > ERROR: OTRS-CGI-38 Perl: 5.16.3 OS: linux Time: Fri Nov 4 10:40:31 2016 > > Message: No UserID found for 'jjma2'! > > RemoteAddress: 109.190.22.197 > RequestURI: /otrs/index.pl > > Traceback (19414): >Module: Kernel::System::User::UserLookup Line: 935 >Module: Kernel::System::Auth::Auth Line: 206 >Module: Kernel::System::Web::InterfaceAgent::Run Line: 228 >Module: > ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_index_2epl::handler > Line: 40 >Module: (eval) (v1.99) Line: 207 >Module: ModPerl::RegistryCooker::run (v1.99) Line: 207 >Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 173 >Module: ModPerl::Registry::handler (v1.99) Line: 32 > > ERROR: OTRS-CGI-38 Perl: 5.16.3 OS: linux Time: Fri Nov 4 10:40:31 2016 > > Message: No UserID found for 'jjma2'! > > RemoteAddress: 109.190.22.197 > RequestURI: /otrs/index.pl > > Traceback (19414): >Module: Kernel::System::User::UserLookup Line: 935 >Module: Kernel::System::Auth::Auth Line: 305 >Module: Kernel::System::Web::InterfaceAgent::Run Line: 228 >Module: > ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_index_2epl::handler > Line: 40 >Module: (eval) (v1.99) Line: 207 >Module: ModPerl::RegistryCooker::run (v1.99) Line: 207 >Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 173 >Module: ModPerl::Registry::handler (v1.99) Line: 32 > > My config is below. > > Where is my mistake ? > > Thanks a lot for any suggestion. > > Joel Marchand > >$Self->{CustomerUser} = { >Name => 'LDAP Backend', >Module => 'Kernel::System::CustomerUser::LDAP', >Params => { ># ldap host >Host => 'ldaps://ldapr1.huma-num.fr:636/', ># ldap base dn >BaseDN => 'dc=huma-num,dc=fr', ># search scope (one|sub) >SSCOPE => 'sub', ># The following is valid but would only be necessary if the ># anonymous user does NOT have permission to read from the LDAP > tree >UserDN => 'cn=otrs,ou=dsa,dc=huma-num,dc=fr', >UserPw => '', ># in case you want to add always one filter to each ldap query, > use ># this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter > => '(objectclass=user)' >AlwaysFilter => '(objectclass=posixAccount)', ># if the charset of your ldap server is iso-8859-1, use this: ># SourceCharset => 'iso-8859-1', ># die if backend can't work, e. g. can't connect to server >Die => 1, ># Net::LDAP new params (if needed - for more info see perldoc > Net::LDAP) >Params => { >port=> 636, >timeout => 120, >async => 0, >version => 3, > cafile => '/etc/ssl/certs/star_huma-num_ > fr-intermediate.pem', > clientcert => '/etc/ssl/certs/star_huma-num_fr.pem', > clientkey => '/etc/ssl/private/star_huma-num_fr.key', >}, >}, ># customer unique id >CustomerKey => 'uid', ># customer # >CustomerID => 'mail', >CustomerUserListFields => ['cn', 'mail'], >CustomerUserSearchFields => ['uid', 'cn', 'mail'], >CustomerUserSearchPrefix => '', >CustomerUserSearchSuffix => '*', >CustomerUserSearchListLimit => 250, >CustomerUserPostMasterSearchFields => ['mail'], >CustomerUserNameFields => ['givenname', 'sn'], ># show now own tickets in customer panel, CompanyTickets >CustomerUserExcludePrimaryCustomerID => 0, ># add a ldap filter for valid users (expert setting) ># CustomerUserValidFilter => '(!(description=gesperrt))', ># admin can't change customer preferences >AdminSetPreferences => 0, ># cache time to live in sec. - cache any ldap queries >CacheTTL => 0, >
[otrs] OTRS config : LDAP and Consumers
Hello, My config : Linux CentOS 7 - otrs-5.0.13-01 (from rpm) - OpenLDAP 2.4 I have configured OTRS to use LDAP for the Agents authentification. It is OK. I want to do the same for the Consumers. I read many examples, but without success. 1/ in the Administration/Consumers panel, I see all my LDAP users like : jjma2 jma2 jma2 j...@jma2.com j...@jma2.com 2/ when I try to login with an LDAP id, I get these message Panic, user authenticated but no user data can be found in OTRS DB!! Perhaps the user is invalid. 3/ and in /var/log/httpd/error.log, I get ERROR: OTRS-CGI-38 Perl: 5.16.3 OS: linux Time: Fri Nov 4 10:40:31 2016 Message: No UserID found for 'jjma2'! RemoteAddress: 109.190.22.197 RequestURI: /otrs/index.pl Traceback (19414): Module: Kernel::System::User::UserLookup Line: 935 Module: Kernel::System::Auth::Auth Line: 206 Module: Kernel::System::Web::InterfaceAgent::Run Line: 228 Module: ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_index_2epl::handler Line: 40 Module: (eval) (v1.99) Line: 207 Module: ModPerl::RegistryCooker::run (v1.99) Line: 207 Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 173 Module: ModPerl::Registry::handler (v1.99) Line: 32 ERROR: OTRS-CGI-38 Perl: 5.16.3 OS: linux Time: Fri Nov 4 10:40:31 2016 Message: No UserID found for 'jjma2'! RemoteAddress: 109.190.22.197 RequestURI: /otrs/index.pl Traceback (19414): Module: Kernel::System::User::UserLookup Line: 935 Module: Kernel::System::Auth::Auth Line: 305 Module: Kernel::System::Web::InterfaceAgent::Run Line: 228 Module: ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_index_2epl::handler Line: 40 Module: (eval) (v1.99) Line: 207 Module: ModPerl::RegistryCooker::run (v1.99) Line: 207 Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 173 Module: ModPerl::Registry::handler (v1.99) Line: 32 My config is below. Where is my mistake ? Thanks a lot for any suggestion. Joel Marchand $Self->{CustomerUser} = { Name => 'LDAP Backend', Module => 'Kernel::System::CustomerUser::LDAP', Params => { # ldap host Host => 'ldaps://ldapr1.huma-num.fr:636/', # ldap base dn BaseDN => 'dc=huma-num,dc=fr', # search scope (one|sub) SSCOPE => 'sub', # The following is valid but would only be necessary if the # anonymous user does NOT have permission to read from the LDAP tree UserDN => 'cn=otrs,ou=dsa,dc=huma-num,dc=fr', UserPw => '', # in case you want to add always one filter to each ldap query, use # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)' AlwaysFilter => '(objectclass=posixAccount)', # if the charset of your ldap server is iso-8859-1, use this: # SourceCharset => 'iso-8859-1', # die if backend can't work, e. g. can't connect to server Die => 1, # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP) Params => { port=> 636, timeout => 120, async => 0, version => 3, cafile => '/etc/ssl/certs/star_huma-num_fr-intermediate.pem', clientcert => '/etc/ssl/certs/star_huma-num_fr.pem', clientkey => '/etc/ssl/private/star_huma-num_fr.key', }, }, # customer unique id CustomerKey => 'uid', # customer # CustomerID => 'mail', CustomerUserListFields => ['cn', 'mail'], CustomerUserSearchFields => ['uid', 'cn', 'mail'], CustomerUserSearchPrefix => '', CustomerUserSearchSuffix => '*', CustomerUserSearchListLimit => 250, CustomerUserPostMasterSearchFields => ['mail'], CustomerUserNameFields => ['givenname', 'sn'], # show now own tickets in customer panel, CompanyTickets CustomerUserExcludePrimaryCustomerID => 0, # add a ldap filter for valid users (expert setting) # CustomerUserValidFilter => '(!(description=gesperrt))', # admin can't change customer preferences AdminSetPreferences => 0, # cache time to live in sec. - cache any ldap queries CacheTTL => 0, Map => [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly [ 'UserTitle', 'Title', 'title', 1, 0, 'var', '', 0 ], [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var', '', 0 ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var', '', 0 ], [ 'UserLogin', 'Username', 'uid', 1, 1, 'var', '', 0 ], [ 'UserEmail', 'Email', 'mail',1, 1, 'var',