Zero-byte response opening Admin menus, LDAP backend

mjavahery · Post by **mjavahery** » 31 Oct 2017, 15:36

I have configured LDAP backend for both agent and customer auth (Clean 5.0.23 installation). When I try to open customer-related menu items in Admin panel or try to open Customer User Administration from top menu, my browser asks me where to save downloaded index.pl file:

menu.png

This is my whole Config.pm (comment lines removed)

Code: Select all

package Kernel::Config;

use strict;
use warnings;
use utf8;

sub Load {
    my $Self = shift;

    $Self->{'AuthModule1'} = 'Kernel::System::Auth::LDAP';
    $Self->{'AuthModule::LDAP:Host1'} = 'eedc.ee.local';
    $Self->{'AuthModule::LDAP::BaseDN1'} = 'dc=ee,dc=local';
    $Self->{'AuthModule::LDAP::UID1'} = 'userPrincipalName';
    $Self->{'AuthModule::LDAP::GroupDN1'} = 'cn=OTRS Agents,ou=Groups,dc=ee,dc=local';
    $Self->{'AuthModule::LDAP::AccessAttr1'} = 'member';
    $Self->{'AuthModule::LDAP::UserAttr1'} = 'DN';
    $Self->{'AuthModule::LDAP::SearchUserDN1'} = 'cn=OTRS Authenticator,ou=Special Access,dc=ee,dc=local';
    $Self->{'AuthModule::LDAP::SearchUserPw1'} = 'Oa))3456!@##';
    $Self->{'AuthModule::LDAP::Params1'} = {
        port    => 389,
        timeout => 120,
        async   => 0,
        version => 3,
    };

    $Self->{'AuthModule::LDAP::Die'} = 1;

    $Self->{'Customer::AuthModule1'} = 'Kernel::System::CustomerAuth::LDAP';
    $Self->{'Customer::AuthModule::LDAP::Host1'} = 'eedc.ee.local';
    $Self->{'Customer::AuthModule::LDAP::BaseDN1'} = 'dc=ee,dc=local';
    $Self->{'Customer::AuthModule::LDAP::UID1'} = 'sAMAccountName';
    $Self->{'Customer::AuthModule::LDAP::SearchUserDN1'} = 'cn=OTRS Authenticator,ou=Special Access,dc=ee,dc=local';
    $Self->{'Customer::AuthModule::LDAP::SearchUserPw1'} = 'Oa))3456!@##';
    $Self->{'Customer::AuthModule::LDAP::Params1'} = {
        port    => 389,
        timeout => 120,
        async   => 0,
        version => 3,
    };

    $Self->{'Customer::AuthModule::LDAP::Die'} = 1;

    $Self->{'AuthSyncModule1'} = 'Kernel::System::Auth::Sync::LDAP';
    $Self->{'AuthSyncModule::LDAP::Host1'} = 'eedc.ee.local';
    $Self->{'AuthSyncModule::LDAP::BaseDN1'} = 'dc=ee,dc=local';
    $Self->{'AuthSyncModule::LDAP::UID1'} = 'userPrincipalName';
    $Self->{'AuthSyncModule::LDAP::SearchUserDN1'} = 'cn=OTRS Authenticator,ou=Special Access,dc=ee,dc=local';
    $Self->{'AuthSyncModule::LDAP::SearchUserPw1'} = 'Oa))3456!@##';
    $Self->{'AuthSyncModule::LDAP::UserSyncMap1'} = {
        UserFirstname   => 'givenName',
        UserLatname     => 'sn',
        UserEmal        => 'mail',
    };
    $Self->{'AuthSyncModule::LDAP::Charset1'} = 'iso-8859-1';
    $Self->{'AuthSyncModule::LDAP::Params1'} = {
        port    => 389,
        timeout => 120,
        async   => 0,
        version => 3,
    };

    $Self->{'AuthSyncModule::LDAP::Die'} = 1;

    $Self->{'CustomerUser1'} = {
        Name => 'Electrical Engineering',
        Module => 'Kernel::System:CustomerUser::LDAP',
        Params => {
                Host => 'eedc.ee.local',
                BaseDN => 'dc=ee,dc=local',
                SSCOPE => 'sub',
                UserDN => 'cn=OTRS Authenticator,ou=Special Access,dc=ee,dc=local',
                UserPw => 'Oa))3456!@##',
                AlwasFilter => '(userPrincipalName=*@ee.local}',
                SourceCharset => 'utf-8',
                DestCharset => 'utf-8',
                Die => 0,
                Params => {
                        port    => 389,
                        timeout => 120,
                        async   => 0,
                        version => 3,
                },
        },
        CustomerKey => 'sAMAccountName',
        CustomerID => 'sAMAccountName',
        CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
        CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
        CustomerUserSearchListLimit => 1000,
        CustomerUserPostMasterSearchFields => ['mail'],
        CustomerUserNameFieds => ['givenName', 'sn'],
        CustomerUserExcludePrimaryCustomerID => 0,
        CustomerUserCalidFilter => '(!(description=locked))',
        AdminSetPreferences => 1,
        CacheTTL => 0,
        Map => [
                [ 'UserTitle',          'Title',        'title',          1, 0, 'var', '', 0 ],
                [ 'UserFirstname',      'Firstname',    'givenName',      1, 1, 'var', '', 0 ],
                [ 'UserLastname',       'Lastname',     'sn',             1, 1, 'var', '', 0 ],
                [ 'UserLogin',          'Username',     'sAMAccountName', 1, 1, 'var', '', 0 ],
                [ 'UserEmail',          'Email',        'mail',           1, 1, 'var', '', 0 ],
                [ 'UserCustomerID',     'CustomerID',   'sAMAccountName', 0, 1, 'var', '', 0 ],
        ],
    };
    $Self->{'PostmasterDefaultState'} = 'new';
    $Self->{'CustomerDefaultState'} = 'new';

    $Self->{'DatabaseHost'} = '127.0.0.1';
    $Self->{'Database'} = "otrs";
    $Self->{'DatabaseUser'} = "otrs";
    $Self->{'DatabasePw'} = 'TaBT2lZikYiu44TK';
    $Self->{'DatabaseDSN'} = "DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost};";
    $Self->{Home} = '/opt/otrs';
}

use Kernel::Config::Defaults; # import Translatable()
use base qw(Kernel::Config::Defaults);

1;

In addition, none of agents can login (I haven't had tried customers yet). What's happening?!

reneeb · Post by **reneeb** » 31 Oct 2017, 18:33

Code: Select all

AlwasFilter => '(userPrincipalName=*@ee.local}',

This is wrong. It should be

Code: Select all

AlwaysFilter => '(userPrincipalName=*@ee.local)',

But the rest looks ok. What's the error message in the Apache log? Can you run

Code: Select all

perl bin/cgi-bin/index.pl

on the command line?

mjavahery · Post by **mjavahery** » 01 Nov 2017, 06:54

Thanks a lot for your response.

reneeb wrote:
Code: Select all
AlwasFilter => '(userPrincipalName=*@ee.local}',
This is wrong. It should be
Code: Select all
AlwaysFilter => '(userPrincipalName=*@ee.local)',

I fixed this, and when I first ran this:

Code: Select all

perl bin/cgi-bin/index.pl

it said:

Code: Select all

ERROR: OTRS-CGI-87 Perl: 5.16.3 OS: linux Time: Wed Nov  1 07:51:31 2017

 Message: Need AuthModule::LDAP::Host1 in Kernel/Config.pm

 Traceback (8808):
   Module: Kernel::System::Auth::LDAP::new Line: 43
   Module: Kernel::System::Auth::new Line: 74
   Module: Kernel::System::ObjectManager::_ObjectBuild Line: 227
   Module: Kernel::System::ObjectManager::Get Line: 181
   Module: Kernel::System::Web::InterfaceAgent::Run Line: 777
   Module: /opt/otrs/bin/cgi-bin/indexl. pl Line: 40

I found that I have missed a colon in corresponding line. When fixed it, these errors disappeared and no more error(s) found. But this didn't fix the problem as I have had missed another colon too! After fixing all of these, now I can access customer-related menus, but there are nothing displayed (I have 958 customers in LDAP backend) and still no agents can login. Where can I find corresponding log files to find where the problem lies? According to Defaults.pm, there should be a /tmp/otrs.log file, but isn't. I also receive random internal server errors (code 500).

mjavahery · Post by **mjavahery** » 01 Nov 2017, 07:18

Finally solved the problem. Tailed /var/log/messages and found out that OTRS can't resolve FQDN of LDAP server. Replaced it with IP and both agents and customers are now able to login and all customer user data is now fetched. The only remaining problem is now random HTTP 500 errors, which I can't find where it lies.

Znuny and ((OTRS)) Community Edition

Zero-byte response opening Admin menus, LDAP backend

Zero-byte response opening Admin menus, LDAP backend

Re: Zero-byte response opening Admin menus, LDAP backend

Re: Zero-byte response opening Admin menus, LDAP backend

Re: Zero-byte response opening Admin menus, LDAP backend