Customer -> Active Directory

Hilfe zu OTRS Problemen aller Art
Forum rules
Post Reply
tw
Znuny newbie
Posts: 2
Joined: 06 Mar 2006, 21:29

Customer -> Active Directory

Post by tw »

Hallo zusammen,

so langsam verzweifel ich an dieser Konfiguration. Ich würde mich sehr freuen, wenn mir hier jemand weiterhelfen könnte.

Ich möchte das die Customer sich am LDAP (AD, Windows 2000) authentifizieren.
Ich habe also die Config.pm folgenermaßen (wie im Wiki beschrieben) angepasst:

Code: Select all

    # ---------------------------------------------------- #
    # Customer Authentifizirung via LDAP                   #
    # ---------------------------------------------------- #
    $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
    $Self->{'Customer::AuthModule::LDAP::Host'} = '192.168.125.243';
    $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=xxx,dc=de';
    #$Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '';
    $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'user@xxx.de';
    $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'xxxx';
    #$Self->{'Customer::AuthModule::LDAP::UserSuffix'} = '@xxx.de';
    $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
    $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN';
    #$Self->{'Customer::AuthModule::LDAP::GroupDN'} = '';
    $Self->{'Customer::AuthModule::LDAP::Params'} = {
    #   port => 389,
    #   timeout => 120,
    #   async => 0,
        version => 3,
        SourceCharset => 'utf-8',
        DestCharset => 'iso-8859-1',
    };
und

Code: Select all

    # ---------------------------------------------------- #
    # # customer Auth                                        #
    # # ---------------------------------------------------- #
    $Self->{CustomerUser} = {
        Name => 'LDAP Datenquelle',
        Module => 'Kernel::System::CustomerUser::LDAP',
        Params => {
                Host => '192.168.125.243',
                BaseDN => 'dc=xxx,dc=de',
                SSCOPE => 'sub',
                UserDN => 'user@xxx.de',
                UserPw => 'xxx',

                AlwaysFilter => ,
                #       Params => {
                #       port => 389,
                #       timeout => 120,
                #       async => 0,
                #       version => 3,
                #       SourceCharset => 'utf-8',
                #       DestCharset => 'iso-8859-1',
                #       },
                },
        CustomerKey => 'sAMAccountName',
        CustomerID => 'mail',
        CustomerUserListFields => ['sn', 'cn', 'mail'],
        CustomerUserSearchFields => ['uid', 'cn', 'sn', 'mail'],
        CustomerUserSearchPrefix => ,
        CustomerUserSearchSuffix => '*',
        CustomerUserSearchListLimit => 250,
        CustomerUserPostMasterSearchFields => ['mail'],
        CustomerUserNameFields => ['givenname', 'sn'],
        CustomerUserExcludePrimaryCustomerID => 0,
        AdminSetPreferences => 0,
        Map => [
                [ 'UserSalutation', 'Title',      'title',           1, 0, 'var', , 0 ],
                [ 'UserFirstname',  'Firstname',  'givenName',              1, 1, 'var', , 0 ],
                [ 'UserLastname',   'Lastname',   'sn',              1, 1, 'var', , 0 ],
                [ 'UserLogin',      'Username',   'sAMAccountName',             1, 1, 'var', , 0 ],
                [ 'UserEmail',      'Email',      'mail',            1, 1, 'var', , 0 ],
                [ 'UserCustomerID', 'CustomerID', 'mail',            0, 1, 'var', , 0 ],
                [ 'UserPhone',      'Phone',      'telephonenumber', 1, 0, 'var', , 0 ],
                [ 'UserAddress',    'Address',    'postaladdress',   1, 0, 'var', , 0 ],
                [ 'UserComment',    'Comment',    'description',     1, 0, 'var', , 0 ],
                ],
        };
Wenn ich mich jedoch jetzt mit gültigen Benutzerdaten anmelde, bekomme ich eine Fehlermeldung
Panic! No UserData!!!
Ich hab schon den Debug-Modus eingeschaltet, jedoch werde ich daraus auch nicht schlauer, denn es sieht alles okay aus.

Code: Select all

user 20:27:57 OTRS-CGI-01[20407]: [Notice][Kernel::System::CustomerAuth::LDAP::Auth] CustomerUser: thomas.weisshaar authentification ok (REMOTE_ADDR: 192.168.125.244). 
user 20:27:56 OTRS-CGI-01[20407]: [Debug][Kernel::System::Web::InterfaceCustomer::new][88] Global handle started...
P.S. OTRS läuft auf einem aktuellen Gentoo-Linux.
Vielen Dank!
Top
spas_
Znuny newbie
Posts: 13
Joined: 21 Dec 2005, 09:58

Post by spas_ »

Genau dasselbe Problem hatte ich auch (mit derselben Konfiguration).

Kopiere einfach folgende Zeilen in die config.pl:

Code: Select all

# UserSyncLDAPMap 
# (map if agent should create/synced from LDAP to DB after login) 
$Self->{UserSyncLDAPMap} = { 
# DB -> LDAP 
Firstname => 'givenName', 
Lastname => 'sn', 
Email => 'mail', 
};
Das Problem ist einfach, daß zwar aus der LDAP authentifiziert wird, in der DB jedoch keine Einträge gefunden werden.
Mit obigen Code wird jeder, der das erste mal sich anmeldet automatisch in die DB eingetragen.

Vielleicht sollte man im Wiki auf dieses Problem hinweisen...
Top
Andre Bauer
Znuny guru
Posts: 2189
Joined: 08 Dec 2005, 17:01
Znuny Version: 5.0.x
Real Name: André Bauer
Company: Magix Software GmbH
Location: Dresden
Contact:
Contact Andre Bauer

Post by Andre Bauer »

Schreib das doch bitte im Wiki gleich dazu.
Danke!
Prod: Ubuntu Server 16.04 / Zammad 1.2

DO NOT PM ME WITH OTRS RELATED QUESTIONS! ASK IN THE FORUMS!

OtterHub.org
Top
tw
Znuny newbie
Posts: 2
Joined: 06 Mar 2006, 21:29

Post by tw »

Super! Danke für Deine Hilfe! Es funktioniert :-)
Ich poste mal die relevaten Abschnitte aus der "Config.pm":

Code: Select all

        # ---------------------------------------------------- #
        # UserSyncLDAPMap																			 #
        # ---------------------------------------------------- #
        # (map if agent should create/synced from LDAP to DB after login)
        $Self->{UserSyncLDAPMap} = {
        # DB -> LDAP
        Firstname => 'givenName',
        Lastname => 'sn',
        Email => 'mail',
        };

        # ---------------------------------------------------- #
        # Customer Authentifizirung via LDAP                   #
        # ---------------------------------------------------- #
        $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
        $Self->{'Customer::AuthModule::LDAP::Host'} = '192.168.125.243';
        $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=domain,dc=de';
        $Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '';
        $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'thomas.nachname@domain.de';
        $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'secret';
        $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
        $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN';
        #$Self->{'Customer::AuthModule::LDAP::GroupDN'} = '';
        $Self->{'Customer::AuthModule::LDAP::Params'} = {
        #       port => 389,
        #       timeout => 120,
        #       async => 0,
        #       version => 3,
                SourceCharset => 'utf-8',
                DestCharset => 'utf-8',
        };

        # ---------------------------------------------------- #
        # customer Auth                                        #
        # ---------------------------------------------------- #
        # CustomerUser
        # (customer user ldap backend and settings)
        $Self->{CustomerUser} = {
        Module => 'Kernel::System::CustomerUser::LDAP',
        Params => {
                # ldap host
                Host => '192.168.125.243',
                # ldap base dn
                BaseDN => 'dc=domain, dc=de',
                # search scope (one|sub)
                SSCOPE => 'sub',
                UserDN => 'thomas.nachname@domain.de',
                UserPw => 'secret',
                AlwaysFilter => '',
                SourceCharset => 'utf-8',
                DestCharset => 'iso-8859-1',
                },
        # customer uniq id
        CustomerKey => 'sAMAccountName',
        # customer #
        CustomerID => 'mail',
        CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
        CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
        CustomerUserSearchPrefix => '',
        CustomerUserSearchSuffix => '*',
        CustomerUserSearchListLimit => 250,
        CustomerUserPostMasterSearchFields => ['mail'],
        CustomerUserNameFields => ['givenname', 'sn'],
        Map => [
        # note: Login, Email and CustomerID needed!
        # var, frontend, storage, shown, required, storage-type
                #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
                [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
                [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
                [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
                [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
                [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
                [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
                #[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
                #[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
                ],
        };
Gruß,
Thomas
Top
Andreas Pietras
Znuny newbie
Posts: 4
Joined: 05 Jul 2006, 10:03

LdapErr: DSID-0C090627

Post by Andreas Pietras »

Hi,

ich habe alles so eingegeben, wie es vorgeschlagen wurde.
Doch jetzt bekomme ich diese Fehlermeldung:

[Tue Jul 18 15:43:24 2006][Error][Kernel::System::CustomerUser::LDAP::CustomerSearch][189] 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece

Was will mir das sagen?
OTRS 2.04
Debian (?) in VM
Top
Andreas Pietras
Znuny newbie
Posts: 4
Joined: 05 Jul 2006, 10:03

LDAP an AD lebt!

Post by Andreas Pietras »

Hi,

ich hab's hinbekommen. Im Eintrag des Searchusers fehlte noch "cn=users".

Das wars.

Naja, die nächsten Fragen kommen dann noch. :D

Andreas
OTRS 2.04
Debian (?) in VM
Top
Cine22
Znuny newbie
Posts: 1
Joined: 15 Jul 2010, 08:49
Znuny Version: OTRS latest

Re: LDAP an AD lebt!

Post by Cine22 »

Andreas Pietras wrote:Hi,

ich hab's hinbekommen. Im Eintrag des Searchusers fehlte noch "cn=users".

Das wars.

Naja, die nächsten Fragen kommen dann noch. :D

Andreas
Agree...Naja, die nächsten Fragen kommen dann noch. :) :) :)
CiNe
Top
Post Reply

Return to “Hilfe”