Agent ldap authentication issue

Moderator: crythias

Post Reply
bleitner
Znuny newbie
Posts: 17
Joined: 29 Apr 2012, 18:09
Znuny Version: 3.1.4
Real Name: bob
Company: temboo

Agent ldap authentication issue

Post by bleitner »

I could really use some help with this. I've been struggling trying to get ldap configured for agent authentication. I've stripped the Config.pm back to the basics and used the Default.pm as the template and only added this to the config to keep it as simple as possible:

Code: Select all

    $Self->{AuthModule} = 'Kernel::System::Auth::LDAP';
    $Self->{'AuthModule::LDAP::Host'} = '10.11.1.21';
    $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=temboo,dc=corp';
    $Self->{'AuthModule::LDAP::UID'} = 'uid';
    $Self->{'AuthModule::LDAP::SearchUserDN'} = 'otrs.ldap@temboo.corp';
    $Self->{'AuthModule::LDAP::SearchUserPw'} = 'xxxxxxx';
When I try to authenticate using my credentials for AD I get this in /var/log/user.log:

May 7 16:57:30 OTRS003101-Peak OTRS-CGI-10[17813]: [Notice][Kernel::System::Auth::LDAP::Auth] User: bob.leitner@temboo.corp authentication failed, no LDAP entry found!BaseDN='dc=temboo,dc=corp', Filter='(uid=bob.leitner@temboo.corp)', (REMOTE_ADDR: 10.11.2.124).
May 7 16:57:30 OTRS003101-Peak OTRS-CGI-10[17813]: [Error][Kernel::System::User::UserLookup][Line:797]: No UserID found for 'bob.leitner@temboo.corp'!

OTRS 3.1.2 with ITSM
Brand new install and the only other change I've was to follow this (viewtopic.php?f=60&t=9329) to remove /otrs from the URI

Thanks!
Top
smurray
Znuny newbie
Posts: 12
Joined: 28 Mar 2012, 21:46
Znuny Version: 3.1.2
Real Name: Shaun
Company: PayFlex

Re: Agent ldap authentication issue

Post by smurray »

Check to ensure that your 'uid' field is actually configured (Using ADSI Edit helps with checking the parameters). For our AD environment, the uid wasn't; using sAMAccountName. Here is my authentication settings... If you notice, the end, it should automatically put the agent into the DB. Should. As I'm still testing things, but I am getting authenticated as is. Hope this helps get you started.

Code: Select all

$Self->{'AuthModule'} = 'Kernel::System::Auth::DB';

$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'qwest-dc2.payflex.com';
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=payflex,dc=com';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=otrs ldap,OU=System Accounts,DC=payflex,DC=com';
$Self->{'AuthModule::LDAP::SearchUserPw'} = '****supersecretpassword****';

$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = 'qwest-dc2.payflex.com';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=payflex,dc=com';
$Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'CN=otrs ldap,OU=System Accounts,DC=payflex,DC=com';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = '****supersecretpassword****';

$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
    # DB -> LDAP
    UserFirstname => 'givenName',
    UserLastname  => 'sn',
    UserEmail     => 'mail',
};

$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
    'users',
];
Top
Post Reply

Return to “Help”