Re: [otrs] OTRS config : LDAP and Consumers
Hi,
Sorry for my previous email about LDAP.
I loose many time to understand, that the login URL for the
Customers is not the same that the URL for the Agents ;-)
With this URL
https:///otrs/customer.pl
it is OK.
My advice would be finally to copy the necessary blocks from
Kernel/Config/Defaults.pm
and paste & edit them into
Kernel/Config.pm
to adapt at your local configuration.
Useful pages :
http://forums.otterhub.org/viewtopic.php?t=18340
http://wiki.otterhub.org/index.php?title=LDAP_mit_TLS_bzw._SSL
http://trinityhome.org/Home/index.php?content=CONFIGURING_OTRS_TO_MAKE_CUSTOMERS___USERS_AUTHENT_id=18=en=en
http://forums.otterhub.org/viewtopic.php?t=16543
http://itsm-demo.otrs.com/otrs/public.pl?Action=PublicFAQZoom;ItemID=243
Lectures :
Best regards,
Joel Marchand
Le Fri, Nov 04, 2016 at 02:47:40PM +0100, Joel Marchand disait :
>
> Hi
>
> Thanks for your email.
>
> I understand that the two parts
>
> $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
> $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = $SearchUserDN;
> $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = $SearchUserPw;
> $Self->{'Customer::AuthModule::LDAP::Host'} = $Host;
> $Self->{'Customer::AuthModule::LDAP::BaseDN'} = $Base;
> $Self->{'Customer::AuthModule::LDAP::UID'} = 'uid';
> $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'uid';
> $Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} =
> '(objectclass=posixAccount)';
> $Self->{'Customer::AuthModule::LDAP::Params'} = $Params;
>
> and
>
> $Self->{CustomerUser} = {
> Name => 'LDAP Backend',
> Module => 'Kernel::System::CustomerUser::LDAP',
> Params => {
> ...
> [ 'UserComment', 'Comment', 'description', 1, 0,
> 'var', '', 0 ],
> ],
> }
>
> are necessary. Sorry for this mistake.
>
> So I put these two parts in my configuration
> - the first : very similar to the "$Self->{'AuthModule'}" part
> - the second : very carefully edited from Config/Defaults.pm
>
> But I get the same messages when I try to connect
>
> - Web interface : Panic, user authenticated but no user data can be
> found in OTRS DB!! Perhaps the user is invalid.
>
> - error_log : Message: No UserID found for 'jma'!
>
> It is the same with the line
> $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'uid';
> or with the line
> $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID';
>
> Regards,
>
> Joel Marchand
>
> PS : one LDIF entry
>
> # jma, people, huma-num.fr
> dn: uid=jma,ou=people,dc=huma-num,dc=fr
> uid: jma
> loginShell: /bin/bash
> uidNumber: 30001
> gidNumber: 30001
> mail: joel.march...@laposte.net
> gosaMailDeliveryMode: []
> o: CNRS
> supannListeRouge: FALSE
> dateOfBirth: 1963-08-15
> gender: M
> co: France
> fdPrivateMail: joel.march...@laposte.net
> homeDirectory: /home/jma
> cn: jma jma
> sn: jma
> givenName: jma
> gecos: jma jma
> description: TGIR
> sambaSID: S-1-5-21-134782382-3786202306-2389167217-60003
> sambaDomainName: DEFAULT
> sambaMungedDial: IAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgA
> CAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAUAAEABoACA
> ABAEMAdAB4AEMAZgBnAFAAcgBlAHMAZQBuAHQANTUxZTBiYjAYAAgAAQBDAHQAeABDAGYAZwBGAGw
> AYQBnAHMAMQAwMGUwMDAxMBIACAABAEMAdAB4AFMAaABhAGQAbwB3ADAxMDAwMDAwKgACAAEAQwB0
> AHgATQBpAG4ARQBuAGMAcgB5AHAAdABpAG8AbgBMAGUAdgBlAGwAMDA=
> sambaAcctFlags: [U ]
> objectClass: inetOrgPerson
> objectClass: organizationalPerson
> objectClass: person
> objectClass: posixAccount
> objectClass: shadowAccount
> objectClass: gosaMailAccount
> objectClass: eduPerson
> objectClass: supannPerson
> objectClass: fdPersonalInfo
> objectClass: sambaSamAccount
> sambaBadPasswordTime: 0
> sambaBadPasswordCount: 0
> sambaNTPassword: x
> sambaPwdLastSet: 1478193536
>
>
> Le Fri, Nov 04, 2016 at 08:38:46AM -0400, Gerald Young disait :
> > Just for reference, I wrote this old post: http://forums.otterhub.org/
> > viewtopic.php?t=16543
> >
> > The following are important:
> > $Self->{'Customer::AuthModule::LDAP::UID'} = 'uid';
> > $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID';
> >
> > You can change these to mail if you want to try differently.
> >
> > On Fri, Nov 4, 2016 at 5:52 AM, Joel Marchand
> > wrote:
> >
> >
> > Hello,
> >
> > My config : Linux CentOS 7 - otrs-5.0.13-01 (from rpm) - OpenLDAP 2.4
> >
> > I have configured OTRS to use LDAP for the Agents authentification. It
> > is
> > OK.
> >
> > I want to do the same for the Consumers. I read many examples, but
> > without
> > success.
> >
> > 1/ in the Administration/Consumers panel, I see all my LDAP users like :
> >
> > jjma2 jma2 jma2
Re: [otrs] OTRS config : LDAP and Consumers
Hi
Thanks for your email.
I understand that the two parts
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = $SearchUserDN;
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = $SearchUserPw;
$Self->{'Customer::AuthModule::LDAP::Host'} = $Host;
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = $Base;
$Self->{'Customer::AuthModule::LDAP::UID'} = 'uid';
$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'uid';
$Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} =
'(objectclass=posixAccount)';
$Self->{'Customer::AuthModule::LDAP::Params'} = $Params;
and
$Self->{CustomerUser} = {
Name => 'LDAP Backend',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
...
[ 'UserComment', 'Comment', 'description', 1, 0,
'var', '', 0 ],
],
}
are necessary. Sorry for this mistake.
So I put these two parts in my configuration
- the first : very similar to the "$Self->{'AuthModule'}" part
- the second : very carefully edited from Config/Defaults.pm
But I get the same messages when I try to connect
- Web interface : Panic, user authenticated but no user data can be
found in OTRS DB!! Perhaps the user is invalid.
- error_log : Message: No UserID found for 'jma'!
It is the same with the line
$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'uid';
or with the line
$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID';
Regards,
Joel Marchand
PS : one LDIF entry
# jma, people, huma-num.fr
dn: uid=jma,ou=people,dc=huma-num,dc=fr
uid: jma
loginShell: /bin/bash
uidNumber: 30001
gidNumber: 30001
mail: joel.march...@laposte.net
gosaMailDeliveryMode: []
o: CNRS
supannListeRouge: FALSE
dateOfBirth: 1963-08-15
gender: M
co: France
fdPrivateMail: joel.march...@laposte.net
homeDirectory: /home/jma
cn: jma jma
sn: jma
givenName: jma
gecos: jma jma
description: TGIR
sambaSID: S-1-5-21-134782382-3786202306-2389167217-60003
sambaDomainName: DEFAULT
sambaMungedDial: IAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgA
CAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAUAAEABoACA
ABAEMAdAB4AEMAZgBnAFAAcgBlAHMAZQBuAHQANTUxZTBiYjAYAAgAAQBDAHQAeABDAGYAZwBGAGw
AYQBnAHMAMQAwMGUwMDAxMBIACAABAEMAdAB4AFMAaABhAGQAbwB3ADAxMDAwMDAwKgACAAEAQwB0
AHgATQBpAG4ARQBuAGMAcgB5AHAAdABpAG8AbgBMAGUAdgBlAGwAMDA=
sambaAcctFlags: [U ]
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
objectClass: gosaMailAccount
objectClass: eduPerson
objectClass: supannPerson
objectClass: fdPersonalInfo
objectClass: sambaSamAccount
sambaBadPasswordTime: 0
sambaBadPasswordCount: 0
sambaNTPassword: x
sambaPwdLastSet: 1478193536
Le Fri, Nov 04, 2016 at 08:38:46AM -0400, Gerald Young disait :
> Just for reference, I wrote this old post: http://forums.otterhub.org/
> viewtopic.php?t=16543
>
> The following are important:
> $Self->{'Customer::AuthModule::LDAP::UID'} = 'uid';
> $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID';
>
> You can change these to mail if you want to try differently.
>
> On Fri, Nov 4, 2016 at 5:52 AM, Joel Marchand
> wrote:
>
>
> Hello,
>
> My config : Linux CentOS 7 - otrs-5.0.13-01 (from rpm) - OpenLDAP 2.4
>
> I have configured OTRS to use LDAP for the Agents authentification. It is
> OK.
>
> I want to do the same for the Consumers. I read many examples, but without
> success.
>
> 1/ in the Administration/Consumers panel, I see all my LDAP users like :
>
> jjma2 jma2 jma2 j...@jma2.com j...@jma2.com
>
> 2/ when I try to login with an LDAP id, I get these message
>
> Panic, user authenticated but no user data can be found in OTRS
> DB!! Perhaps the user is invalid.
>
> 3/ and in /var/log/httpd/error.log, I get
>
> ERROR: OTRS-CGI-38 Perl: 5.16.3 OS: linux Time: Fri Nov 4 10:40:31 2016
>
> Message: No UserID found for 'jjma2'!
>
> RemoteAddress: 109.190.22.197
> RequestURI: /otrs/index.pl
>
> Traceback (19414):
> Module: Kernel::System::User::UserLookup Line: 935
> Module: Kernel::System::Auth::Auth Line: 206
> Module: Kernel::System::Web::InterfaceAgent::Run Line: 228
> Module: ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_
> 2dbin_index_2epl::handler Line: 40
> Module: (eval) (v1.99) Line: 207
> Module: ModPerl::RegistryCooker::run (v1.99) Line: 207
> Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 173
> Module: ModPerl::Registry::handler (v1.99) Line: 32
>
> ERROR: OTRS-CGI-38 Perl: 5.16.3 OS: linux Time: Fri Nov 4 10:40:31 2016
>
> Message: No UserID found for 'jjma2'!
Re: [otrs] OTRS config : LDAP and Consumers
Just for reference, I wrote this old post:
http://forums.otterhub.org/viewtopic.php?t=16543
The following are important:
$Self->{'Customer::AuthModule::LDAP::UID'} = 'uid';
$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID';
You can change these to mail if you want to try differently.
On Fri, Nov 4, 2016 at 5:52 AM, Joel Marchand
wrote:
>
> Hello,
>
> My config : Linux CentOS 7 - otrs-5.0.13-01 (from rpm) - OpenLDAP 2.4
>
> I have configured OTRS to use LDAP for the Agents authentification. It is
> OK.
>
> I want to do the same for the Consumers. I read many examples, but without
> success.
>
> 1/ in the Administration/Consumers panel, I see all my LDAP users like :
>
> jjma2 jma2 jma2 j...@jma2.com j...@jma2.com
>
> 2/ when I try to login with an LDAP id, I get these message
>
> Panic, user authenticated but no user data can be found in OTRS
> DB!! Perhaps the user is invalid.
>
> 3/ and in /var/log/httpd/error.log, I get
>
> ERROR: OTRS-CGI-38 Perl: 5.16.3 OS: linux Time: Fri Nov 4 10:40:31 2016
>
> Message: No UserID found for 'jjma2'!
>
> RemoteAddress: 109.190.22.197
> RequestURI: /otrs/index.pl
>
> Traceback (19414):
>Module: Kernel::System::User::UserLookup Line: 935
>Module: Kernel::System::Auth::Auth Line: 206
>Module: Kernel::System::Web::InterfaceAgent::Run Line: 228
>Module:
> ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_index_2epl::handler
> Line: 40
>Module: (eval) (v1.99) Line: 207
>Module: ModPerl::RegistryCooker::run (v1.99) Line: 207
>Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 173
>Module: ModPerl::Registry::handler (v1.99) Line: 32
>
> ERROR: OTRS-CGI-38 Perl: 5.16.3 OS: linux Time: Fri Nov 4 10:40:31 2016
>
> Message: No UserID found for 'jjma2'!
>
> RemoteAddress: 109.190.22.197
> RequestURI: /otrs/index.pl
>
> Traceback (19414):
>Module: Kernel::System::User::UserLookup Line: 935
>Module: Kernel::System::Auth::Auth Line: 305
>Module: Kernel::System::Web::InterfaceAgent::Run Line: 228
>Module:
> ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_index_2epl::handler
> Line: 40
>Module: (eval) (v1.99) Line: 207
>Module: ModPerl::RegistryCooker::run (v1.99) Line: 207
>Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 173
>Module: ModPerl::Registry::handler (v1.99) Line: 32
>
> My config is below.
>
> Where is my mistake ?
>
> Thanks a lot for any suggestion.
>
> Joel Marchand
>
>$Self->{CustomerUser} = {
>Name => 'LDAP Backend',
>Module => 'Kernel::System::CustomerUser::LDAP',
>Params => {
># ldap host
>Host => 'ldaps://ldapr1.huma-num.fr:636/',
># ldap base dn
>BaseDN => 'dc=huma-num,dc=fr',
># search scope (one|sub)
>SSCOPE => 'sub',
># The following is valid but would only be necessary if the
># anonymous user does NOT have permission to read from the LDAP
> tree
>UserDN => 'cn=otrs,ou=dsa,dc=huma-num,dc=fr',
>UserPw => '',
># in case you want to add always one filter to each ldap query,
> use
># this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter
> => '(objectclass=user)'
>AlwaysFilter => '(objectclass=posixAccount)',
># if the charset of your ldap server is iso-8859-1, use this:
># SourceCharset => 'iso-8859-1',
># die if backend can't work, e. g. can't connect to server
>Die => 1,
># Net::LDAP new params (if needed - for more info see perldoc
> Net::LDAP)
>Params => {
>port=> 636,
>timeout => 120,
>async => 0,
>version => 3,
> cafile => '/etc/ssl/certs/star_huma-num_
> fr-intermediate.pem',
> clientcert => '/etc/ssl/certs/star_huma-num_fr.pem',
> clientkey => '/etc/ssl/private/star_huma-num_fr.key',
>},
>},
># customer unique id
>CustomerKey => 'uid',
># customer #
>CustomerID => 'mail',
>CustomerUserListFields => ['cn', 'mail'],
>CustomerUserSearchFields => ['uid', 'cn', 'mail'],
>CustomerUserSearchPrefix => '',
>CustomerUserSearchSuffix => '*',
>CustomerUserSearchListLimit => 250,
>CustomerUserPostMasterSearchFields => ['mail'],
>CustomerUserNameFields => ['givenname', 'sn'],
># show now own tickets in customer panel, CompanyTickets
>CustomerUserExcludePrimaryCustomerID => 0,
># add a ldap filter for valid users (expert setting)
># CustomerUserValidFilter => '(!(description=gesperrt))',
># admin can't change customer preferences
>AdminSetPreferences => 0,
># cache time to live in sec. - cache any ldap queries
>CacheTTL => 0,
>
[otrs] OTRS config : LDAP and Consumers
Hello,
My config : Linux CentOS 7 - otrs-5.0.13-01 (from rpm) - OpenLDAP 2.4
I have configured OTRS to use LDAP for the Agents authentification. It is OK.
I want to do the same for the Consumers. I read many examples, but without
success.
1/ in the Administration/Consumers panel, I see all my LDAP users like :
jjma2 jma2 jma2 j...@jma2.com j...@jma2.com
2/ when I try to login with an LDAP id, I get these message
Panic, user authenticated but no user data can be found in OTRS DB!!
Perhaps the user is invalid.
3/ and in /var/log/httpd/error.log, I get
ERROR: OTRS-CGI-38 Perl: 5.16.3 OS: linux Time: Fri Nov 4 10:40:31 2016
Message: No UserID found for 'jjma2'!
RemoteAddress: 109.190.22.197
RequestURI: /otrs/index.pl
Traceback (19414):
Module: Kernel::System::User::UserLookup Line: 935
Module: Kernel::System::Auth::Auth Line: 206
Module: Kernel::System::Web::InterfaceAgent::Run Line: 228
Module:
ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_index_2epl::handler
Line: 40
Module: (eval) (v1.99) Line: 207
Module: ModPerl::RegistryCooker::run (v1.99) Line: 207
Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 173
Module: ModPerl::Registry::handler (v1.99) Line: 32
ERROR: OTRS-CGI-38 Perl: 5.16.3 OS: linux Time: Fri Nov 4 10:40:31 2016
Message: No UserID found for 'jjma2'!
RemoteAddress: 109.190.22.197
RequestURI: /otrs/index.pl
Traceback (19414):
Module: Kernel::System::User::UserLookup Line: 935
Module: Kernel::System::Auth::Auth Line: 305
Module: Kernel::System::Web::InterfaceAgent::Run Line: 228
Module:
ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_index_2epl::handler
Line: 40
Module: (eval) (v1.99) Line: 207
Module: ModPerl::RegistryCooker::run (v1.99) Line: 207
Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 173
Module: ModPerl::Registry::handler (v1.99) Line: 32
My config is below.
Where is my mistake ?
Thanks a lot for any suggestion.
Joel Marchand
$Self->{CustomerUser} = {
Name => 'LDAP Backend',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
# ldap host
Host => 'ldaps://ldapr1.huma-num.fr:636/',
# ldap base dn
BaseDN => 'dc=huma-num,dc=fr',
# search scope (one|sub)
SSCOPE => 'sub',
# The following is valid but would only be necessary if the
# anonymous user does NOT have permission to read from the LDAP tree
UserDN => 'cn=otrs,ou=dsa,dc=huma-num,dc=fr',
UserPw => '',
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter =>
'(objectclass=user)'
AlwaysFilter => '(objectclass=posixAccount)',
# if the charset of your ldap server is iso-8859-1, use this:
# SourceCharset => 'iso-8859-1',
# die if backend can't work, e. g. can't connect to server
Die => 1,
# Net::LDAP new params (if needed - for more info see perldoc
Net::LDAP)
Params => {
port=> 636,
timeout => 120,
async => 0,
version => 3,
cafile => '/etc/ssl/certs/star_huma-num_fr-intermediate.pem',
clientcert => '/etc/ssl/certs/star_huma-num_fr.pem',
clientkey => '/etc/ssl/private/star_huma-num_fr.key',
},
},
# customer unique id
CustomerKey => 'uid',
# customer #
CustomerID => 'mail',
CustomerUserListFields => ['cn', 'mail'],
CustomerUserSearchFields => ['uid', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
# show now own tickets in customer panel, CompanyTickets
CustomerUserExcludePrimaryCustomerID => 0,
# add a ldap filter for valid users (expert setting)
# CustomerUserValidFilter => '(!(description=gesperrt))',
# admin can't change customer preferences
AdminSetPreferences => 0,
# cache time to live in sec. - cache any ldap queries
CacheTTL => 0,
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown (1=always,2=lite), required,
storage-type, http-link, readonly
[ 'UserTitle', 'Title', 'title', 1, 0, 'var',
'', 0 ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var',
'', 0 ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var',
'', 0 ],
[ 'UserLogin', 'Username', 'uid', 1, 1, 'var',
'', 0 ],
[ 'UserEmail', 'Email', 'mail',1, 1, 'var',
