Trouble configuring LDAP, first bind fails, unexpected EOF
Moderator: crythias
-
- Znuny newbie
- Posts: 5
- Joined: 08 Sep 2011, 07:14
- Znuny Version: 3.0.10
- Real Name: Tony Boucher
- Company: Hewlett Packard
Trouble configuring LDAP, first bind fails, unexpected EOF
Evaluating OTRS for use at HP. Need it to be able to authenticate logins via our enterprise directory which requires secure access to perform authentication. Can manually do this via a perl script outside of OTRS, but having no luck in OTRS, at all.
Here is the config code from OTRS:
$Self->{'Customer::AuthModule::LDAP::Params'} = {
'cafile' => 'c:\\certs\\hp-ca2.pem',
'port' => '636',
'sslversion' => 'sslv3',
'verify' => 'required'
};
$Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '(objectclass=person)';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'REMOVEDPW';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'REMOVEDUSERID';
$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID';
$Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'memberUid';
$Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'cn=REMOVEDGROUPNAME,ou=Groups,o=hp.com';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'uid';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'o=hp.com';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'REMOVED LDAP SERVER NAME';
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
OTRS logs the following error:
[Wed Sep 7 21:06:23 2011][Error][Kernel::System::CustomerAuth::LDAP::Auth][193] First bind failed! Unexpected EOF
Apache/Perl logs the following error:
ERROR: OTRS-CGI-10 Perl: 5.12.3 OS: MSWin32 Time: Wed Sep 7 21:06:23 2011
Message: First bind failed! Unexpected EOF
Traceback (6304):
Module: Kernel::System::CustomerAuth::LDAP::Auth (v1.37) Line: 193
Module: Kernel::System::CustomerAuth::Auth (v1.34.2.2) Line: 151
Module: Kernel::System::Web::InterfaceCustomer::Run (v1.56.2.5) Line: 203
Module: ModPerl::ROOT::ModPerl::Registry::C_3a_Program_20Files_20_28x86_29_OTRS_OTRS_bin_cgi_2dbin_customer_2epl::handler (unknown version) Line: 49
Module: (eval) (v1.43.2.1) Line: 204
Module: ModPerl::RegistryCooker::run (v1.43.2.1) Line: 204
Module: ModPerl::RegistryCooker::default_handler (v1.43.2.1) Line: 170
Module: ModPerl::Registry::handler (v1.99) Line: 31
Here is the config code from OTRS:
$Self->{'Customer::AuthModule::LDAP::Params'} = {
'cafile' => 'c:\\certs\\hp-ca2.pem',
'port' => '636',
'sslversion' => 'sslv3',
'verify' => 'required'
};
$Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '(objectclass=person)';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'REMOVEDPW';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'REMOVEDUSERID';
$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID';
$Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'memberUid';
$Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'cn=REMOVEDGROUPNAME,ou=Groups,o=hp.com';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'uid';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'o=hp.com';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'REMOVED LDAP SERVER NAME';
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
OTRS logs the following error:
[Wed Sep 7 21:06:23 2011][Error][Kernel::System::CustomerAuth::LDAP::Auth][193] First bind failed! Unexpected EOF
Apache/Perl logs the following error:
ERROR: OTRS-CGI-10 Perl: 5.12.3 OS: MSWin32 Time: Wed Sep 7 21:06:23 2011
Message: First bind failed! Unexpected EOF
Traceback (6304):
Module: Kernel::System::CustomerAuth::LDAP::Auth (v1.37) Line: 193
Module: Kernel::System::CustomerAuth::Auth (v1.34.2.2) Line: 151
Module: Kernel::System::Web::InterfaceCustomer::Run (v1.56.2.5) Line: 203
Module: ModPerl::ROOT::ModPerl::Registry::C_3a_Program_20Files_20_28x86_29_OTRS_OTRS_bin_cgi_2dbin_customer_2epl::handler (unknown version) Line: 49
Module: (eval) (v1.43.2.1) Line: 204
Module: ModPerl::RegistryCooker::run (v1.43.2.1) Line: 204
Module: ModPerl::RegistryCooker::default_handler (v1.43.2.1) Line: 170
Module: ModPerl::Registry::handler (v1.99) Line: 31
-
- Znuny superhero
- Posts: 723
- Joined: 10 Oct 2007, 14:30
- Znuny Version: 3.0
- Location: Hamburg, Germany
Re: Trouble configuring LDAP, first bind fails, unexpected E
In case this is a Microsoft Windows AD, make sure that
is a full DN, not only an ID
there are no problems with some special chars in PWD
is of class 'person', not 'user'
needs to be 'samaccountname' in MS AD
First Bind and EOF rather makes me believe that your login for your search user fails and it does not even come to the first handshake. There are different error messages when search user is not able to login. In your case I believe this error comes up BEFORE it comes to search user authentication. Please also make sure you have the latest active state perl (or whichever perl installation suites you) running, as well as the latest NET::LDAP package.
Code: Select all
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'REMOVEDUSERID';
Code: Select all
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'REMOVEDPW';
Code: Select all
$Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '(objectclass=person)';
Code: Select all
$Self->{'Customer::AuthModule::LDAP::UID'} = 'uid';
First Bind and EOF rather makes me believe that your login for your search user fails and it does not even come to the first handshake. There are different error messages when search user is not able to login. In your case I believe this error comes up BEFORE it comes to search user authentication. Please also make sure you have the latest active state perl (or whichever perl installation suites you) running, as well as the latest NET::LDAP package.
openSuSE on ESX
IT-Helpdesk: OTRS 3.0
Customer Service: OTRS 3.0 (upgraded from 2.3)
Customer Service (subsidiary): OTRS 3.0
+additional test and development systems
IT-Helpdesk: OTRS 3.0
Customer Service: OTRS 3.0 (upgraded from 2.3)
Customer Service (subsidiary): OTRS 3.0
+additional test and development systems
-
- Znuny newbie
- Posts: 5
- Joined: 08 Sep 2011, 07:14
- Znuny Version: 3.0.10
- Real Name: Tony Boucher
- Company: Hewlett Packard
Re: Trouble configuring LDAP, first bind fails, unexpected E
Sorry, this is running on Windows 7 with Apache, MySQL, Perl... It is talking to a non-AD LDAP, so no Microsoft AD syntax is allowed.
-
- Znuny superhero
- Posts: 723
- Joined: 10 Oct 2007, 14:30
- Znuny Version: 3.0
- Location: Hamburg, Germany
Re: Trouble configuring LDAP, first bind fails, unexpected E
Please fill your signature with your setup. This eases troubleshooting.
openSuSE on ESX
IT-Helpdesk: OTRS 3.0
Customer Service: OTRS 3.0 (upgraded from 2.3)
Customer Service (subsidiary): OTRS 3.0
+additional test and development systems
IT-Helpdesk: OTRS 3.0
Customer Service: OTRS 3.0 (upgraded from 2.3)
Customer Service (subsidiary): OTRS 3.0
+additional test and development systems
-
- Znuny newbie
- Posts: 5
- Joined: 08 Sep 2011, 07:14
- Znuny Version: 3.0.10
- Real Name: Tony Boucher
- Company: Hewlett Packard
Re: Trouble configuring LDAP, first bind fails, unexpected E
So did I supply enough info last time? Any ideas on the problems folks?
-
- Znuny superhero
- Posts: 723
- Joined: 10 Oct 2007, 14:30
- Znuny Version: 3.0
- Location: Hamburg, Germany
Re: Trouble configuring LDAP, first bind fails, unexpected E
Which of the tricks have you tried already?
A description of your AD could be somewhat helpful.
Please fill your signature!
A description of your AD could be somewhat helpful.
Please fill your signature!
openSuSE on ESX
IT-Helpdesk: OTRS 3.0
Customer Service: OTRS 3.0 (upgraded from 2.3)
Customer Service (subsidiary): OTRS 3.0
+additional test and development systems
IT-Helpdesk: OTRS 3.0
Customer Service: OTRS 3.0 (upgraded from 2.3)
Customer Service (subsidiary): OTRS 3.0
+additional test and development systems
-
- Znuny newbie
- Posts: 5
- Joined: 08 Sep 2011, 07:14
- Znuny Version: 3.0.10
- Real Name: Tony Boucher
- Company: Hewlett Packard
Re: Trouble configuring LDAP, first bind fails, unexpected E
Not sure what you mean by: Please fill your signature!
But I was able to get LDAP working for CustomerAuth. LDAPS instead of LDAP.
Now working on Agents and synching the data.
But I was able to get LDAP working for CustomerAuth. LDAPS instead of LDAP.
Now working on Agents and synching the data.
-
- Znuny newbie
- Posts: 5
- Joined: 08 Sep 2011, 07:14
- Znuny Version: 3.0.10
- Real Name: Tony Boucher
- Company: Hewlett Packard
Re: Trouble configuring LDAP, first bind fails, unexpected E
BTW, I had to stop and restart all OTRS related services in order for my LDAP changes to go into effect... no one seemed to mention that in any of the documentation or forum posts.
-
- Znuny superhero
- Posts: 723
- Joined: 10 Oct 2007, 14:30
- Znuny Version: 3.0
- Location: Hamburg, Germany
Re: Trouble configuring LDAP, first bind fails, unexpected E
This might be due to cacheing effects. Changes in Config.pm go active right away. Except one played around with apache mod_perl config and entered Config.pm for compilation on startup.
On major changes a $OTRS_HOME/bin/otrs.DeleteCache.pl usually does the job.
Please fill your forums signature for us to see what kind of systems you are working on and need help for. Have a look at mine or others in this forum.
On major changes a $OTRS_HOME/bin/otrs.DeleteCache.pl usually does the job.
Please fill your forums signature for us to see what kind of systems you are working on and need help for. Have a look at mine or others in this forum.
openSuSE on ESX
IT-Helpdesk: OTRS 3.0
Customer Service: OTRS 3.0 (upgraded from 2.3)
Customer Service (subsidiary): OTRS 3.0
+additional test and development systems
IT-Helpdesk: OTRS 3.0
Customer Service: OTRS 3.0 (upgraded from 2.3)
Customer Service (subsidiary): OTRS 3.0
+additional test and development systems