Trouble configuring LDAP, first bind fails, unexpected EOF

[boucherman]

Evaluating OTRS for use at HP. Need it to be able to authenticate logins via our enterprise directory which requires secure access to perform authentication. Can manually do this via a perl script outside of OTRS, but having no luck in OTRS, at all.

Here is the config code from OTRS:
$Self->{'Customer::AuthModule::LDAP::Params'} = {
'cafile' => 'c:\\certs\\hp-ca2.pem',
'port' => '636',
'sslversion' => 'sslv3',
'verify' => 'required'
};
$Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '(objectclass=person)';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'REMOVEDPW';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'REMOVEDUSERID';
$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID';
$Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'memberUid';
$Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'cn=REMOVEDGROUPNAME,ou=Groups,o=hp.com';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'uid';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'o=hp.com';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'REMOVED LDAP SERVER NAME';
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';

OTRS logs the following error:
[Wed Sep 7 21:06:23 2011][Error][Kernel::System::CustomerAuth::LDAP::Auth][193] First bind failed! Unexpected EOF

Apache/Perl logs the following error:
ERROR: OTRS-CGI-10 Perl: 5.12.3 OS: MSWin32 Time: Wed Sep 7 21:06:23 2011

Message: First bind failed! Unexpected EOF

Traceback (6304):
Module: Kernel::System::CustomerAuth::LDAP::Auth (v1.37) Line: 193
Module: Kernel::System::CustomerAuth::Auth (v1.34.2.2) Line: 151
Module: Kernel::System::Web::InterfaceCustomer::Run (v1.56.2.5) Line: 203
Module: ModPerl::ROOT::ModPerl::Registry::C_3a_Program_20Files_20_28x86_29_OTRS_OTRS_bin_cgi_2dbin_customer_2epl::handler (unknown version) Line: 49
Module: (eval) (v1.43.2.1) Line: 204
Module: ModPerl::RegistryCooker::run (v1.43.2.1) Line: 204
Module: ModPerl::RegistryCooker::default_handler (v1.43.2.1) Line: 170
Module: ModPerl::Registry::handler (v1.99) Line: 31

[ferrosti]

In case this is a Microsoft Windows AD, make sure that

Code: Select all

$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'REMOVEDUSERID';

is a full DN, not only an ID

Code: Select all

$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'REMOVEDPW';

there are no problems with some special chars in PWD

Code: Select all

$Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '(objectclass=person)';

is of class 'person', not 'user'

Code: Select all

$Self->{'Customer::AuthModule::LDAP::UID'} = 'uid';

needs to be 'samaccountname' in MS AD

First Bind and EOF rather makes me believe that your login for your search user fails and it does not even come to the first handshake. There are different error messages when search user is not able to login. In your case I believe this error comes up BEFORE it comes to search user authentication. Please also make sure you have the latest active state perl (or whichever perl installation suites you) running, as well as the latest NET::LDAP package.

[boucherman]

Sorry, this is running on Windows 7 with Apache, MySQL, Perl... It is talking to a non-AD LDAP, so no Microsoft AD syntax is allowed.

[ferrosti]

Please fill your signature with your setup. This eases troubleshooting.

[boucherman]

So did I supply enough info last time? Any ideas on the problems folks?

[ferrosti]

Which of the tricks have you tried already?
A description of your AD could be somewhat helpful.

Please fill your signature!

[boucherman]

Not sure what you mean by: Please fill your signature!

But I was able to get LDAP working for CustomerAuth. LDAPS instead of LDAP.

Now working on Agents and synching the data.

[boucherman]

BTW, I had to stop and restart all OTRS related services in order for my LDAP changes to go into effect... no one seemed to mention that in any of the documentation or forum posts.

[ferrosti]

This might be due to cacheing effects. Changes in Config.pm go active right away. Except one played around with apache mod_perl config and entered Config.pm for compilation on startup.
On major changes a $OTRS_HOME/bin/otrs.DeleteCache.pl usually does the job.

Please fill your forums signature for us to see what kind of systems you are working on and need help for. Have a look at mine or others in this forum.