LDAP Authetification and sync

Moderator: crythias

Grimiik
OTRS newbie
Posts: 4
Joined: 06 Dec 2016, 17:49
OTRS Version?: 5.0.13

LDAP Authetification and sync

Postby Grimiik » 06 Dec 2016, 18:11

Hello there,
I'm new to otrs, I'm currently running version 5.0.13 on debian server and having problem with ldap integration for agent (haven't tried customer yet).
I think i managed to authenticate user, but can't sync (create) user in database (mysql).

With this code:

Code: Select all

$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = '127.0.0.1';
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=xxx,dc=com';
$Self->{'AuthModule::LDAP::UID'} = 'uid';
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'cn=tester,cn=adminuser,ou=ldapusers,dc=xxx,dc=com';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'tester';

$Self->{'AuthModule::LDAP::Params'} = {
    port => 389,
    timeout => 120,
    async => 0,
    version => 3,
};

$Self->{'AuthModule::UseSyncBackend'} = 'AuthSyncBackend';

# agent data sync against ldap
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = '127.0.0.1';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=xxx, dc=com';
$Self->{'AuthSyncModule::LDAP::UID'} = 'uid';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'cn=tester, cn=adminuser, ou=ldapusers, dc=xxx, dc=com';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'tester';
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
    # DB -> LDAP
    UserFirstname => 'givenName',
    UserLastname  => 'sn',
    UserEmail => 'mail',
};

$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [ 'users', ];


On site it tells me that
Panic, user authenticated but no user data can be found in OTRS DB!! Perhaps the user is invalid.


and the error log
Message: Need UserFirstname!
Message: Can't create user 'tester' (cn=tester,cn=adminuser,ou=ldapusers,dc=vse,dc=cz) in RDBMS!


And that's all configuration I made about ldap. I'm not sure if I have problem with database connection or code, but without ldap I was able to login into otrs via root@localhost user account. I've tried many solutions, but none worked for me.

I would appreciate any help, thanks all.

root
Moderator
Posts: 1079
Joined: 18 Dec 2007, 12:23
OTRS Version?: 4/5/6
Real Name: Roy Kaldung
Company: Znuny Inc.
Contact:

Re: LDAP Authetification and sync

Postby root » 06 Dec 2016, 22:53

The user can't be synced because there is no givenName attribute.
OTRS 4/5/6 CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO

You need professional services? Check out http://znuny.com/

Grimiik
OTRS newbie
Posts: 4
Joined: 06 Dec 2016, 17:49
OTRS Version?: 5.0.13

Re: LDAP Authetification and sync

Postby Grimiik » 06 Dec 2016, 23:39

root wrote:The user can't be synced because there is no givenName attribute.


That's the thing I don't know how to proceed with. I saw some mapping for customers but none for agent, so I'm not really sure how am I suppose to do that.

root
Moderator
Posts: 1079
Joined: 18 Dec 2007, 12:23
OTRS Version?: 4/5/6
Real Name: Roy Kaldung
Company: Znuny Inc.
Contact:

Re: LDAP Authetification and sync

Postby root » 07 Dec 2016, 09:09

Grimiik wrote:

Code: Select all

$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
    # DB -> LDAP
    UserFirstname => 'givenName',
    UserLastname  => 'sn',
    UserEmail => 'mail',
};



This is the mapping for users (agents).
OTRS 4/5/6 CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO

You need professional services? Check out http://znuny.com/

Grimiik
OTRS newbie
Posts: 4
Joined: 06 Dec 2016, 17:49
OTRS Version?: 5.0.13

Re: LDAP Authetification and sync

Postby Grimiik » 07 Dec 2016, 10:20

root wrote:
Grimiik wrote:

Code: Select all

$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
    # DB -> LDAP
    UserFirstname => 'givenName',
    UserLastname  => 'sn',
    UserEmail => 'mail',
};



This is the mapping for users (agents).


Ok, I get that, but then i need to add givenName, sn and mail columns into mysql database into users table, or am I wrong? I feel so confused by it.

root
Moderator
Posts: 1079
Joined: 18 Dec 2007, 12:23
OTRS Version?: 4/5/6
Real Name: Roy Kaldung
Company: Znuny Inc.
Contact:

Re: LDAP Authetification and sync

Postby root » 07 Dec 2016, 15:05

If you use AuthSync just take care of the LDAP attributes givenName, sn and mail. They need a value. That's all. Without AuthSync you have to create the agents before they can authenticate.
OTRS 4/5/6 CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO

You need professional services? Check out http://znuny.com/

Grimiik
OTRS newbie
Posts: 4
Joined: 06 Dec 2016, 17:49
OTRS Version?: 5.0.13

Re: LDAP Authetification and sync

Postby Grimiik » 07 Dec 2016, 15:15

root wrote:If you use AuthSync just take care of the LDAP attributes givenName, sn and mail. They need a value. That's all. Without AuthSync you have to create the agents before they can authenticate.


Ok i finally got that right and was able to login via ldap with sync, thanks a lot

Sayannara
OTRS wizard
Posts: 101
Joined: 22 May 2012, 12:37
OTRS Version?: OTRS 6.03
Real Name: Yann
Company: FVE
Contact:

Re: LDAP Authetification and sync

Postby Sayannara » 16 Jan 2018, 12:29

Hello

Please may I have your help, I get a similar error.

[Mon Jan 15 07:37:02 2018][Error][Kernel::System::CustomerUser::_CustomerUserFullname][1348] Need UserFirstname!


This log occures from Monday to Friday only, even the night when no one use OTRS. And It can occrue many times a minute. I understand that a userFirstName is missing but which user ? What does trigger this error ?

I have only one scheduled job with Generci Agent which only change ticket priority.

Thank you
OpenseSuse 13 / OTRS::ITSM 6 / MariaDB / Apache


Return to “Help”

Who is online

Users browsing this forum: No registered users and 4 guests