LDAP Authetification and sync

Moderator: crythias

Post Reply
Grimiik
Znuny newbie
Posts: 4
Joined: 06 Dec 2016, 17:49
Znuny Version: 5.0.13

LDAP Authetification and sync

Post by Grimiik »

Hello there,
I'm new to otrs, I'm currently running version 5.0.13 on debian server and having problem with ldap integration for agent (haven't tried customer yet).
I think i managed to authenticate user, but can't sync (create) user in database (mysql).

With this code:

Code: Select all

$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = '127.0.0.1';
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=xxx,dc=com';
$Self->{'AuthModule::LDAP::UID'} = 'uid';
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'cn=tester,cn=adminuser,ou=ldapusers,dc=xxx,dc=com';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'tester';

$Self->{'AuthModule::LDAP::Params'} = {
    port => 389,
    timeout => 120,
    async => 0,
    version => 3,
};

$Self->{'AuthModule::UseSyncBackend'} = 'AuthSyncBackend';

# agent data sync against ldap
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = '127.0.0.1';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=xxx, dc=com';
$Self->{'AuthSyncModule::LDAP::UID'} = 'uid';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'cn=tester, cn=adminuser, ou=ldapusers, dc=xxx, dc=com';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'tester';
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
    # DB -> LDAP
    UserFirstname => 'givenName',
    UserLastname  => 'sn',
    UserEmail => 'mail',
};

$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [ 'users', ];
On site it tells me that
Panic, user authenticated but no user data can be found in OTRS DB!! Perhaps the user is invalid.
and the error log
Message: Need UserFirstname!
Message: Can't create user 'tester' (cn=tester,cn=adminuser,ou=ldapusers,dc=vse,dc=cz) in RDBMS!
And that's all configuration I made about ldap. I'm not sure if I have problem with database connection or code, but without ldap I was able to login into otrs via root@localhost user account. I've tried many solutions, but none worked for me.

I would appreciate any help, thanks all.
root
Administrator
Posts: 3931
Joined: 18 Dec 2007, 12:23
Znuny Version: Znuny and Znuny LTS
Real Name: Roy Kaldung
Company: Znuny
Contact:

Re: LDAP Authetification and sync

Post by root »

The user can't be synced because there is no givenName attribute.
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO

Use a test system - always.

Do you need professional services? Check out https://www.znuny.com/

Do you want to contribute or want to know where it goes ?
Grimiik
Znuny newbie
Posts: 4
Joined: 06 Dec 2016, 17:49
Znuny Version: 5.0.13

Re: LDAP Authetification and sync

Post by Grimiik »

root wrote:The user can't be synced because there is no givenName attribute.
That's the thing I don't know how to proceed with. I saw some mapping for customers but none for agent, so I'm not really sure how am I suppose to do that.
root
Administrator
Posts: 3931
Joined: 18 Dec 2007, 12:23
Znuny Version: Znuny and Znuny LTS
Real Name: Roy Kaldung
Company: Znuny
Contact:

Re: LDAP Authetification and sync

Post by root »

Grimiik wrote:

Code: Select all

$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
    # DB -> LDAP
    UserFirstname => 'givenName',
    UserLastname  => 'sn',
    UserEmail => 'mail',
};
This is the mapping for users (agents).
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO

Use a test system - always.

Do you need professional services? Check out https://www.znuny.com/

Do you want to contribute or want to know where it goes ?
Grimiik
Znuny newbie
Posts: 4
Joined: 06 Dec 2016, 17:49
Znuny Version: 5.0.13

Re: LDAP Authetification and sync

Post by Grimiik »

root wrote:
Grimiik wrote:

Code: Select all

$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
    # DB -> LDAP
    UserFirstname => 'givenName',
    UserLastname  => 'sn',
    UserEmail => 'mail',
};
This is the mapping for users (agents).
Ok, I get that, but then i need to add givenName, sn and mail columns into mysql database into users table, or am I wrong? I feel so confused by it.
root
Administrator
Posts: 3931
Joined: 18 Dec 2007, 12:23
Znuny Version: Znuny and Znuny LTS
Real Name: Roy Kaldung
Company: Znuny
Contact:

Re: LDAP Authetification and sync

Post by root »

If you use AuthSync just take care of the LDAP attributes givenName, sn and mail. They need a value. That's all. Without AuthSync you have to create the agents before they can authenticate.
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO

Use a test system - always.

Do you need professional services? Check out https://www.znuny.com/

Do you want to contribute or want to know where it goes ?
Grimiik
Znuny newbie
Posts: 4
Joined: 06 Dec 2016, 17:49
Znuny Version: 5.0.13

Re: LDAP Authetification and sync

Post by Grimiik »

root wrote:If you use AuthSync just take care of the LDAP attributes givenName, sn and mail. They need a value. That's all. Without AuthSync you have to create the agents before they can authenticate.
Ok i finally got that right and was able to login via ldap with sync, thanks a lot
Sayannara
Znuny advanced
Posts: 118
Joined: 22 May 2012, 12:37
Znuny Version: OTRS 7.06
Real Name: Yann
Company: FVE
Contact:

Re: LDAP Authetification and sync

Post by Sayannara »

Hello

Please may I have your help, I get a similar error.
[Mon Jan 15 07:37:02 2018][Error][Kernel::System::CustomerUser::_CustomerUserFullname][1348] Need UserFirstname!
This log occures from Monday to Friday only, even the night when no one use OTRS. And It can occrue many times a minute. I understand that a userFirstName is missing but which user ? What does trigger this error ?

I have only one scheduled job with Generci Agent which only change ticket priority.

Thank you
Centos 7 / OTRS::ITSM 6 Business Solutions / MariaDB / Apache
Sayannara
Znuny advanced
Posts: 118
Joined: 22 May 2012, 12:37
Znuny Version: OTRS 7.06
Real Name: Yann
Company: FVE
Contact:

Re: LDAP Authetification and sync

Post by Sayannara »

Centos 7 / OTRS::ITSM 6 Business Solutions / MariaDB / Apache
Post Reply