ich habe folgendes Problem und hoffe mir kann hier geholfen werden.
Ich habe OTRS 5.0.18 in einer Testumgebung aufgesetzt (Linux) und habe ein Problem mit der LDAP Einbindung. Agenten Anmeldung funktioniert einwandfrei - nur auf der Customerseite kann ich mich (obwohl richtige Anmeldedaten) nicht anmelden. Hier die config.pm
Code: Select all
#------------------------------------------------------------------#
# Agents Authentifizirung via LDAP #
#------------------------------------------------------------------#
#Anmelden an der DB
$Self->{'AuthModule1'} = 'Kernel::System::Auth::DB';
#$Self->{'AuthModule::DB::CryptType'} = 'crypt';
# This is an example configuration for an LDAP auth. backend.
# (Make sure Net::LDAP is installed!)
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'XXX.XXX.XXX.XXX';
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=Domäne,dc=int';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group xyz to use otrs)
$Self->{'AuthModule::LDAP::GroupDN'} = 'CN=OTRS_Admin,DC=Domäne,DC=int';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
# The following is valid but would only be necessary if the
# anonymous user do NOT have permission to read from the LDAP tree
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'cn=LDAP,dc=Domäne,dc=int';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'Passwort';
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
# defines AuthSyncBackend (AuthSyncModule) for AuthModule
# if this key exists and is empty, there won't be a sync.
# example values: AuthSyncBackend, AuthSyncBackend2
$Self->{'AuthModule::UseSyncBackend'} = 'AuthSyncBackend';
# agent data sync against ldap
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = 'XXX.XXX.XXX.XXX';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=Domäne, dc=int';
$Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'cn=LDAP,dc=Domäne,dc=int';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'Passwort';
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
# DB -> LDAP
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
# AuthSyncModule::LDAP::UserSyncInitialGroups
# (sync following group with rw permission after initial create of first agent
# login)
$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
'users',
];
#------------------------------------------------------------------#
# Customer Backend DB #
#------------------------------------------------------------------#
# 1. Customer user backend: DB
# (customer database backend and settings)
$Self->{CustomerUser} = {
Name => 'Customer Database',
Module => 'Kernel::System::CustomerUser::DB',
Params => {
# if you want to use an external database, add the
# required settings
# DSN => 'DBI:odbc:yourdsn',
# Type => 'mssql', # only for ODBC connections
# DSN => 'DBI:mysql:database=customerdb;host=customerdbhost',
# User => '',
# Password => '',
Table => 'customer_user',
},
# customer unique id
CustomerKey => 'login',
# customer #
CustomerID => 'customer_id',
CustomerValid => 'valid_id',
CustomerUserListFields => ['first_name', 'last_name', 'email'],
CustomerUserSearchFields => ['login', 'last_name', 'customer_id'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 50,
CustomerUserPostMasterSearchFields => ['email'],
CustomerUserNameFields => ['title','first_name','last_name'],
CustomerUserEmailUniqCheck => 1,
# # show not own tickets in customer panel, CompanyTickets
# CustomerUserExcludePrimaryCustomerID => 0,
# # generate auto logins
# AutoLoginCreation => 0,
# AutoLoginCreationPrefix => 'auto',
# # admin can change customer preferences
# AdminSetPreferences => 1,
# # cache time to live in sec. - cache any database queries
# CacheTTL => 0,
# # just a read only source
# ReadOnly => 1,
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown (1=always,2=lite), required, storage-type, httplink,readonly, http-link-target
[ 'UserTitle', 'Title', 'title', 1, 0, 'var', '', 0 ],
[ 'UserFirstname', 'Firstname', 'first_name', 1, 1, 'var', '', 0 ],
[ 'UserLastname', 'Lastname', 'last_name', 1, 1, 'var', '', 0 ],
[ 'UserLogin', 'Username', 'login', 1, 1, 'var', '', 0 ],
[ 'UserPassword', 'Password', 'pw', 0, 0, 'var', '', 0 ],
[ 'UserEmail', 'Email', 'email', 1, 1, 'var', '', 0 ],
[ 'UserCustomerID', 'CustomerID', 'customer_id', 0, 1, 'var', '', 0 ],
[ 'UserPhone', 'Phone', 'phone', 1, 0, 'var', '', 0 ],
[ 'UserFax', 'Fax', 'fax', 1, 0, 'var', '', 0 ],
[ 'UserMobile', 'Mobile', 'mobile', 1, 0, 'var', '', 0 ],
[ 'UserStreet', 'Street', 'street', 1, 0, 'var', '', 0 ],
[ 'UserZip', 'Zip', 'zip', 1, 0, 'var', '', 0 ],
[ 'UserCity', 'City', 'city', 1, 0, 'var', '', 0 ],
[ 'UserCountry', 'Country', 'country', 1, 0, 'var', '', 0 ],
[ 'UserComment', 'Comment', 'comments', 1, 0, 'var', '', 0 ],
[ 'ValidID', 'Valid', 'valid_id', 0, 1, 'int', '', 0 ],
],
# default selections
Selections => {
UserTitle => {
'Mr.' => 'Mr.',
'Mrs.' => 'Mrs.',
},
},
};
#------------------------------------------------------------------#
# Ende Customer Backend DB #
#------------------------------------------------------------------#
#------------------------------------------------------------------#
# Customer Backend LDAP #
#------------------------------------------------------------------#
# 2. Customer user backend: LDAP
# (customer ldap backend and settings)
$Self->{CustomerUser2} = {
Name => 'LDAP Datasource',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
# ldap host
Host => 'XXX.XXX.XXX.XXX',
# ldap base dn
BaseDN => 'dc=Domäne, dc=int',
# search scope (one|sub)
SSCOPE => 'sub',
# The following is valid but would only be necessary if the
# anonymous user does NOT have permission to read from the LDAP tree
UserDN => 'cn=LDAP,dc=Domäne,dc=int',
UserPw => 'Passwort',
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter =>
AlwaysFilter => '(&(objectclass=user)(mail=*)(sn=*))',
# if the charset of your ldap server is iso-8859-1, use this:
SourceCharset => 'utf-8',
DestCharset => 'utf-8',
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
Params => {
port => 389,
timeout => 120,
async => 0,
version => 3,
},
},
# customer unique id
CustomerKey => 'sAMAccountName',
# customer #
CustomerID => 'extensionAttribute2',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
# CustomerUserSearchPrefix => '',
# CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 50,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
# show not own tickets in customer panel, CompanyTickets
CustomerUserExcludePrimaryCustomerID => 0,
# add a ldap filter for valid users (expert setting)
# CustomerUserValidFilter => '(!(description=locked))',
# admin can't change customer preferences
AdminSetPreferences => 0,
CacheTTL => 60 * 60 * 24,
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown (1=always,2=lite), required, storage-type, httplink, readonly
[ 'UserSalutation', 'Title', 'title', 1, 0, 'var', '', 0 ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var', '', 0 ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var', '', 0 ],
[ 'UserLogin', 'Username', 'sAMAccountName', 1, 1, 'var', '', 0 ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var', '', 0 ],
[ 'UserCustomerID', 'CustomerID', 'extensionAttribute2', 1, 0, 'var', '', 0 ],
# [ 'UserDepartment', 'Amt', 'department', 1, 0, 'var', '', 0 ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var', '', 0 ],
# [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
# [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
#------------------------------------------------------------------#
# Ende Customer Backend LDAP #
#------------------------------------------------------------------#
#------------------------------------------------------------------#
# Authentifizierung Customer gegen LDAP #
#------------------------------------------------------------------#
# This is the auth. module against the LDAP
$Self->{'AuthModule2'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host2'} = 'XXX.XXX.XXX.XXX';
$Self->{'AuthModule::LDAP::BaseDN2'} = 'dc=Domäne, dc=int';
$Self->{'AuthModule::LDAP::UID2'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::SearchUserDN2'} = 'cn=LDAP,dc=Domäne,dc=int';
$Self->{'AuthModule::LDAP::SearchUserPw2'} = 'Passwort';
# $Self->{'AuthModule::LDAP::AlwaysFilter2'} = '';
# $Self->{'AuthModule::LDAP::UserSuffix2'} = '@domain.de';
$Self->{'AuthModule::LDAP::UserLowerCase2'} = 0;
$Self->{'AuthModule::LDAP::Params2'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
$Self->{'AuthModule::LDAP::Die2'} = 1;
#------------------------------------------------------------------#
# Ende Authentifizierung Customer gegen LDAP #
#------------------------------------------------------------------#
#------------------------------------------------------------------#
# Authentifizierung Customer gegen DB #
#------------------------------------------------------------------#
# This is the auth. module against the otrs db
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::DB';
$Self->{'Customer::AuthModule::DB::Table'} = 'customer_user';
$Self->{'Customer::AuthModule::DB::CustomerKey'} = 'login';
$Self->{'Customer::AuthModule::DB::CustomerPassword'} = 'pw';
#------------------------------------------------------------------#
# Ende Authentifizierung Customer gegen DB #
#------------------------------------------------------------------#
Mayster