Apache starting failed, after configure OTRS with AD

[gopalakrishnan]

Hi friends, i installed OTRS 4.0.6 successfully. While Login into the local OTRS system its working fine. After Configure with AD and restarted apache,

Code: Select all

Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain for ServerName
                                                           [FAILED]

my Config.pm code is below

Code: Select all

# This is an example configuration for using an MS AD backend
    $Self->{'AuthModule1'} = 'Kernel::System::Auth::LDAP';
    #$Self->{'AuthModule::LDAP::Host1'} = 'CHE-SVL-ADS-01.SIVAGROUP.ITL';
    $Self->{'AuthModule::LDAP::Host1'} = 'xx.xx.xx.xx';
    $self->{'AuthModule::LDAP::BaseDN1'}='CN=CHE-SVL-ADS-01,DC=SIVAGROUP,DC=ITL';
    #$Self->{'AuthModule::LDAP::BaseDN1'} = 'CN=Users,dc=shatest,dc=com';
    $Self->{'AuthModule::LDAP::UID1'} = 'sAMAccountName';
 
    # Check if the user is allowed to auth in a posixGroup
    # (e. g. user needs to be in a group OTRS_Agents to use otrs)
    $Self->{'AuthModule::LDAP::GroupDN1'} = 'CN=otrs,OU=SIH,OU=Domestic,DC=SIVAGROUP,DC=ITL';
    $Self->{'AuthModule::LDAP::AccessAttr1'} = 'member';
    $Self->{'AuthModule::LDAP::UserAttr1'} = 'DN';
 
    # Bind credentials to log into AD
    $Self->{'AuthModule::LDAP::SearchUserDN1'} = 'CN=900191,OU=SIH,OU=Domestic,DC=SIVAGROUP,DC=ITL';
    $Self->{'AuthModule::LDAP::SearchUserPw1'} = 'xxxxxxxxx';
 
    # in case you want to add always one filter to each ldap query, use
    # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
    $Self->{'AuthModule::LDAP::AlwaysFilter1'} = '';
 
    # in case you want to add a suffix to each login name,  then
    # you can use this option. e. g. user just want to use user but
    # in your ldap directory exists user@domain.
    #$Self->{'AuthModule::LDAP::UserSuffix'} = '';
 
    # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
    $Self->{'AuthModule::LDAP::Params1'} = {
        port => 389,
        timeout => 120,
        async => 0,
        version => 3,
 	sscope => 'sub'
    };
  
    # Now sync data with OTRS DB
    $Self->{'AuthSyncModule1'} = 'Kernel::System::Auth::Sync::LDAP';
    $Self->{'AuthSyncModule::LDAP::Host1'} = 'xx.xx.xx.xx';
    $Self->{'AuthSyncModule::LDAP::BaseDN1'} = 'OU=Domestic,CN=CHE-SVL-ADS-01,DC=SIVAGROUP,DC=ITL';
    $Self->{'AuthSyncModule::LDAP::UID1'} = 'sAMAccountName';
    $Self->{'AuthSyncModule::LDAP::SearchUserDN1'} = 'CN=900191,OU=SIH,OU=Domestic,DC=SIVAGROUP,DC=ITL';
    $Self->{'AuthSyncModule::LDAP::SearchUserPw1'} = 'xxxxxxxx';
 
    $Self->{'AuthSyncModule::LDAP::UserSyncMap1'} = {
        # DB -> LDAP
        UserFirstname => 'givenName',
        UserLastname  => 'sn',
        UserEmail     => 'mail',
    };
    # UserSyncLDAPGroups
    # (If "LDAP" was selected for AuthModule, you can specify
    # initial user groups for first login.)
    #$Self->{UserSyncLDAPGroups} = [
     #   'users',
    #];
 
    # AuthSyncModule::LDAP::UserSyncInitialGroups
    # (sync following group with rw permission after initial create of first agent
    # login)
    $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups1'} = [
        'customer_user',
    ];
	
    #-------------------Enable LDAP authentication for Customers / Users------------------
    $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
    $Self->{'Customer::AuthModule::LDAP::Host'} = 'xx.xx.xx.xx';
    $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'OU=Domestic,CN=CHE-SVL-ADS-01,DC=SIVAGROUP,DC=ITL';
    $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
    #$Self->{'Customer::AuthModule::LDAP::SSCOPE'} = 'sub';
 
    # The following is valid but would only be necessary if the
    # anonymous user do NOT have permission to read from the LDAP tree
    $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'CN=900191,OU=SIH,OU=Domestic,DC=SIVAGROUP,DC=ITL';
    $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'xxxxxxxxxx';
 
    # CustomerUser
    # (customer user database backend and settings)
    $Self->{CustomerUser} = {
       Module => 'Kernel::System::CustomerUser::LDAP',
       Params => {
	#port	=> 389,
	#timeout => 120,
	#async   => 0,
	#version =>3,
        Host => 'xx.xx.xx.xx',
        BaseDN => 'DC=SIVAGROUP,DC=ITL',
        SSCOPE => 'sub',
        UserDN =>'CCN=900191,OU=SIH,OU=Domestic,DC=SIVAGROUP,DC=ITL',
	#UserDN => ''
        UserPw => 'xxxxxxxxxx', 
	#UserPw => '',
       },
 
	   # customer unique id
       CustomerKey => 'sAMAccountName',
       # customer #
       CustomerID => 'mail',
       CustomerUserListFields => ['cn', 'mail'],
       CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
       CustomerUserSearchPrefix => '',
       CustomerUserSearchSuffix => '*',
       CustomerUserSearchListLimit => 250,
       CustomerUserPostMasterSearchFields => ['mail'],
       CustomerUserNameFields => ['givenname', 'sn'],
       Map => [
          # note: Login, Email and CustomerID needed!
          # var, frontend, storage, shown, required, storage-type
          #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
          [ 'UserFirstname', 	'Firstname', 	'givenname',		 1, 1, 'var','',0 ],
          [ 'UserLastname', 	'Lastname', 	'sn', 			 1, 1, 'var','',0 ],
          [ 'UserLogin', 	'Login', 	'sAMAccountName',	 1, 1, 'var','',0 ],
          [ 'UserEmail', 	'Email', 	'mail',			 1, 1, 'var','',0 ],
          [ 'UserCustomerID', 	'CustomerID', 	'sAMAccountName',  	 0, 1, 'var','',0 ],
          [ 'UserPhone', 	'Phone', 	'telephonenumber',	 1, 0, 'var','',0 ],
          #[ 'UserAddress', 	'Address', 	'postaladdress',	 1, 0, 'var','',0 ],
          #[ 'UserComment', 	'Comment', 	'description', 		 1, 0, 'var','',0 ],
       ],
    };
        #Add the following lines when only users are allowed to login if they reside in the spicified security group
	#Remove these lines if you want to provide login to all users specified in the User Base DN
	$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'CN=CHE-SVL-ADS-01,dc=SIVAGROUP, dc=ITL';
  	#$Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'CN=otrs_allow_C,OU=Users,DC=shatest,DC=com';
  	$Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
  	$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN'

In Error log it shows

Code: Select all

[Tue Apr 28 11:56:34 2015] [error] Global symbol "$self" requires explicit package name at /opt/otrs//Kernel/Config.pm line 88.
 \nBEGIN not safe after errors--compilation aborted at /opt/otrs//Kernel/Config.pm line 227.
 \nCompilation failed in require at /opt/otrs/scripts/apache2-perl-startup.pl line 69.
 \nBEGIN failed--compilation aborted at /opt/otrs/scripts/apache2-perl-startup.pl line 69.
 \nCompilation failed in require at (eval 2) line 1.\n
[Tue Apr 28 11:56:34 2015] [error] Can't load Perl file: /opt/otrs/scripts/apache2-perl-startup.pl for server localhost.localdomain:0, exiting...

Kindly help me out.

thanks in advance

regards
GK

[tto]

Code: Select all

[Tue Apr 28 11:56:34 2015] [error] Global symbol "$self" requires explicit package name at /opt/otrs//Kernel/Config.pm line 88.

...this says everything: $self

Issue moved - nothing to do with development.

regards, T.

[gopalakrishnan]

Thanks for the reply @Torsten and also kindly check the source code and correct it if where ever need. please.

thanks
GK

[RStraub]

5th line:

Code: Select all

    $self->{'AuthModule::LDAP::BaseDN1'}='CN=CHE-SVL-ADS-01,DC=SIVAGROUP,DC=ITL';

Lowercase "S" does not resolve.

[gopalakrishnan]

Thanks @Rolf Straub now the apache started and running successfully but it gives

Fatal Error- Frontend-OTRS 4

my Error Log is

Code: Select all

Can't write '/opt/otrs/var/tmp/CacheFileStorable/TemplateProvider/3/9/39285138ef78930f9c3f9d967fbdd6bb': Permission denied
Can't connect to MySQL server on '127.0.0.1' (13)
Can't write '/opt/otrs/var/tmp/CacheFileStorable/TemplateProvider/e/7/e73a715153f074752e829500e76f765b': Permission denied
mkdir /opt/otrs/var/tmp/CacheFileStorable/TemplateProvider/3/d: Permission denied at /opt/otrs//Kernel/System/Cache/FileStorable.pm line 88

[RStraub]

That's file permission / SQL connection issues.

run the otrs.SetPermission.pl properly and make sure that the DB-Connection is correct in your Config.pm

[gopalakrishnan]

Thanks @RS but i'm configure with AD, if i execute

/opt/otrs/bin/otrs.SetPermissions.pl --otrs-user=otrs
it gives Error

ERROR: --web-group is missing or invalid.

[RStraub]

Then you should add the --web-group parameter

[gopalakrishnan]

I'm very sorry to say that, i dont know the syntax of the perl language and for source code i googled it and pasted in config.pm file

here my full config.pm file kindly please check and clear the error

Kindly help me please.

Code: Select all

# --
# Kernel/Config.pm - Config file for OTRS kernel
# Copyright (C) 2001-2015 xxx, http://otrs.com/
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (AGPL). If you
# did not receive this file, see http://www.gnu.org/licenses/agpl.txt.
# --
#  Note:
#
#  -->> Most OTRS configuration should be done via the OTRS web interface
#       and the SysConfig. Only for some configuration, such as database
#       credentials and customer data source changes, you should edit this
#       file. For changes do customer data sources you can copy the definitions
#       from Kernel/Config/Defaults.pm and paste them in this file.
#       Config.pm will not be overwritten when updating OTRS.
# --

package Kernel::Config;

use strict;
use warnings;
use utf8;

sub Load {
    my $Self = shift;

    # ---------------------------------------------------- #
    # database settings                                    #
    # ---------------------------------------------------- #

    # The database host
    $Self->{'DatabaseHost'} = '127.0.0.1';

    # The database name
    $Self->{'Database'} = "otrs";

    # The database user
    $Self->{'DatabaseUser'} = "otrs";

    # The password of database user. You also can use bin/otrs.CryptPassword.pl
    # for crypted passwords
    $Self->{'DatabasePw'} = 'DNIOXhXiy8mvNaLG';

    # The database DSN for MySQL ==> more: "perldoc DBD::mysql"
    $Self->{'DatabaseDSN'} = "DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost}";

    # The database DSN for PostgreSQL ==> more: "perldoc DBD::Pg"
    # if you want to use a local socket connection
    #$Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};";
    # if you want to use a TCP/IP connection
    #$Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};host=$Self->{DatabaseHost};";

    # The database DSN for Microsoft SQL Server - only supported if OTRS is
    # installed on Windows as well
    #$Self->{DatabaseDSN} = "DBI:ODBC:driver={SQL Server};Database=$Self->{Database};Server=$Self->{DatabaseHost},1433";

    # The database DSN for Oracle ==> more: "perldoc DBD::oracle"
#  $Self->{DatabaseDSN} = "DBI:Oracle://$Self->{DatabaseHost}:1521/$Self->{Database}";
#
#    $ENV{ORACLE_HOME}     = '/path/to/your/oracle';
#    $ENV{NLS_DATE_FORMAT} = 'YYYY-MM-DD HH24:MI:SS';
#    $ENV{NLS_LANG}        = 'AMERICAN_AMERICA.AL32UTF8';

    # ---------------------------------------------------- #
    # fs root directory
    # ---------------------------------------------------- #
    $Self->{Home} = '/opt/otrs';

    # ---------------------------------------------------- #
    # insert your own config settings "here"               #
    # config settings taken from Kernel/Config/Defaults.pm #
    # ---------------------------------------------------- #
    # $Self->{SessionUseCookie} = 0;
    # $Self->{CheckMXRecord} = 0;

    # ---------------------------------------------------- #

    # ---------------------------------------------------- #
    # data inserted by installer                           #
    # ---------------------------------------------------- #
    # $DIBI$

    # This is an example configuration for using an MS AD backend
    $Self->{'AuthModule1'} = 'Kernel::System::Auth::LDAP';
    #$Self->{'AuthModule::LDAP::Host1'} = 'CHE-SVL-ADS-01.SIVAGROUP.ITL';
    $Self->{'AuthModule::LDAP::Host1'} = '10.99.32.11';
    $Self->{'AuthModule::LDAP::BaseDN1'}='OU=Domestic,DC=SIVAGROUP,DC=ITL';
    #$Self->{'AuthModule::LDAP::BaseDN1'} = 'CN=Users,dc=shatest,dc=com';
    $Self->{'AuthModule::LDAP::UID1'} = 'sAMAccountName';
 
    # Check if the user is allowed to auth in a posixGroup
    # (e. g. user needs to be in a group OTRS_Agents to use otrs)
    $Self->{'AuthModule::LDAP::GroupDN1'} = 'CN=otrs,OU=SIH,OU=Domestic,DC=SIVAGROUP,DC=ITL';
    $Self->{'AuthModule::LDAP::AccessAttr1'} = 'member';
    $Self->{'AuthModule::LDAP::UserAttr1'} = 'DN';
 
    # Bind credentials to log into AD
    $Self->{'AuthModule::LDAP::SearchUserDN1'} = 'CN=900191,OU=SIH,OU=Domestic,DC=SIVAGROUP,DC=ITL';
    $Self->{'AuthModule::LDAP::SearchUserPw1'} = 'Password@1';
 
    # in case you want to add always one filter to each ldap query, use
    # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
    $Self->{'AuthModule::LDAP::AlwaysFilter1'} = '';
 
    # in case you want to add a suffix to each login name,  then
    # you can use this option. e. g. user just want to use user but
    # in your ldap directory exists user@domain.
    #$Self->{'AuthModule::LDAP::UserSuffix'} = '';
 
    # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
    $Self->{'AuthModule::LDAP::Params1'} = {
        port => 389,
        timeout => 120,
        async => 0,
        version => 3,
 	sscope => 'sub'
    };
  
    # Now sync data with OTRS DB
    $Self->{'AuthSyncModule1'} = 'Kernel::System::Auth::Sync::LDAP';
    $Self->{'AuthSyncModule::LDAP::Host1'} = '10.99.32.11';
    $Self->{'AuthSyncModule::LDAP::BaseDN1'} = 'DC=SIVAGROUP,DC=ITL';
    $Self->{'AuthSyncModule::LDAP::UID1'} = 'sAMAccountName';
    $Self->{'AuthSyncModule::LDAP::SearchUserDN1'} = 'CN=900191,OU=SIH,OU=Domestic,DC=SIVAGROUP,DC=ITL';
    $Self->{'AuthSyncModule::LDAP::SearchUserPw1'} = 'Password@1';
 
    $Self->{'AuthSyncModule::LDAP::UserSyncMap1'} = {
        # DB -> LDAP
        UserFirstname => 'givenName',
        UserLastname  => 'sn',
        UserEmail     => 'mail',
    };
    # UserSyncLDAPGroups
    # (If "LDAP" was selected for AuthModule, you can specify
    # initial user groups for first login.)
    #$Self->{UserSyncLDAPGroups} = [
     #   'users',
    #];
 
    # AuthSyncModule::LDAP::UserSyncInitialGroups
    # (sync following group with rw permission after initial create of first agent
    # login)
    $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups1'} = [
        'customer_user',
    ];
	
    #-------------------Enable LDAP authentication for Customers / Users------------------
    $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
    $Self->{'Customer::AuthModule::LDAP::Host'} = '10.99.32.11';
    $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'CN=CHE-SVL-ADS-01,DC=SIVAGROUP,DC=ITL';
    $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
    #$Self->{'Customer::AuthModule::LDAP::SSCOPE'} = 'sub';
 
    # The following is valid but would only be necessary if the
    # anonymous user do NOT have permission to read from the LDAP tree
    $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'CN=900191,OU=SIH,OU=Domestic,DC=SIVAGROUP,DC=ITL';
    $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'Password@1';
 
    # CustomerUser
    # (customer user database backend and settings)
    $Self->{CustomerUser} = {
       Module => 'Kernel::System::CustomerUser::LDAP',
       Params => {
	#port	=> 389,
	#timeout => 120,
	#async   => 0,
	#version =>3,
        Host => '10.99.32.11',
        BaseDN => 'DC=SIVAGROUP,DC=ITL',
        SSCOPE => 'sub',
        UserDN =>'CCN=900191,OU=SIH,OU=Domestic,DC=SIVAGROUP,DC=ITL',
	#UserDN => ''
        UserPw => 'Password@1', 
	#UserPw => '',
       },
 
	   # customer unique id
       CustomerKey => 'sAMAccountName',
       # customer #
       CustomerID => 'mail',
       CustomerUserListFields => ['cn', 'mail'],
       CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
       CustomerUserSearchPrefix => '',
       CustomerUserSearchSuffix => '*',
       CustomerUserSearchListLimit => 250,
       CustomerUserPostMasterSearchFields => ['mail'],
       CustomerUserNameFields => ['givenname', 'sn'],
       Map => [
          # note: Login, Email and CustomerID needed!
          # var, frontend, storage, shown, required, storage-type
          #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
          [ 'UserFirstname', 	'Firstname', 	'givenname',		 1, 1, 'var','',0 ],
          [ 'UserLastname', 	'Lastname', 	'sn', 			 1, 1, 'var','',0 ],
          [ 'UserLogin', 	'Login', 	'sAMAccountName',	 1, 1, 'var','',0 ],
          [ 'UserEmail', 	'Email', 	'mail',			 1, 1, 'var','',0 ],
          [ 'UserCustomerID', 	'CustomerID', 	'sAMAccountName',  	 0, 1, 'var','',0 ],
          [ 'UserPhone', 	'Phone', 	'telephonenumber',	 1, 0, 'var','',0 ],
          #[ 'UserAddress', 	'Address', 	'postaladdress',	 1, 0, 'var','',0 ],
          #[ 'UserComment', 	'Comment', 	'description', 		 1, 0, 'var','',0 ],
       ],
    };
        #Add the following lines when only users are allowed to login if they reside in the spicified security group
	#Remove these lines if you want to provide login to all users specified in the User Base DN
	$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=SIVAGROUP, dc=ITL';
  	#$Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'CN=otrs_allow_C,OU=Users,DC=shatest,DC=com';
  	$Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
  	$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN'
	




    # ---------------------------------------------------- #
    # ---------------------------------------------------- #
    #                                                      #
    # end of your own config options!!!                    #
    #                                                      #
    # ---------------------------------------------------- #
    # ---------------------------------------------------- #
}

# ---------------------------------------------------- #
# needed system stuff (don't edit this)                #
# ---------------------------------------------------- #

use base qw(Kernel::Config::Defaults);

# -----------------------------------------------------#

1;

[RStraub]

Well for your mysql, does this connect you to the mysql-console?

Code: Select all

mysql -h '127.0.0.1' -u otrs -p'DNIOXhXiy8mvNaLG' -D otrs

And for the file permissions, the user under which apache runs is different for some operating systems. Try executing this:

Code: Select all

ps -elf | grep 'apache'

Then look into the 3rd column what user is specified (for us it's "www-data").

[gopalakrishnan]

The command you are provided for mysql is login successfully and one more gives bellow result

Code: Select all

[root@localhost ~]# ps -elf | grep 'apache'
5 S apache    3684  3680  0  80   0 - 144377 poll_s 12:51 ?       00:00:00 /usr/sbin/httpd
5 S apache    3685  3680  0  80   0 - 162351 semtim 12:51 ?       00:00:00 /usr/sbin/httpd
5 S apache    3686  3680  0  80   0 - 162230 semtim 12:51 ?       00:00:00 /usr/sbin/httpd
5 S apache    3687  3680  0  80   0 - 162357 semtim 12:51 ?       00:00:00 /usr/sbin/httpd
5 S apache    3688  3680  0  80   0 - 162353 semtim 12:51 ?       00:00:00 /usr/sbin/httpd
5 S apache    3689  3680  0  80   0 - 162391 semtim 12:51 ?       00:00:00 /usr/sbin/httpd
5 S apache    3690  3680  0  80   0 - 162196 semtim 12:51 ?       00:00:00 /usr/sbin/httpd
5 S apache    3691  3680  0  80   0 - 162391 semtim 12:51 ?       00:00:00 /usr/sbin/httpd
5 S apache    3692  3680  0  80   0 - 162351 semtim 12:51 ?       00:00:00 /usr/sbin/httpd
5 S apache    3695  3680  0  80   0 - 162347 epoll_ 12:51 ?       00:00:00 /usr/sbin/httpd
0 S root      5338  2798  0  80   0 - 25809 pipe_w 14:57 pts/1    00:00:00 grep apache

[Giulio Soleni]

... for the permissions, if you are using CentOS or Red Hat distribution try:

Code: Select all

bin/otrs.SetPermissions.pl --otrs-user=otrs --web-user=apache --otrs-group=apache --web-group=apache /opt/otrs

if you are running SuSE (or OpenSuSE) try:

Code: Select all

bin/otrs.SetPermissions.pl --otrs-user=otrs --web-user=wwwrun --otrs-group=www --web-group=www /opt/otrs

if you are using Debian or Ubuntu try:

Code: Select all

bin/otrs.SetPermissions.pl --otrs-user=otrs --web-user=www-data --otrs-group=www-data --web-group=www-data /opt/otrs

On OTRS 4 some parameters are ignored but providing them does not harm the system.

[gopalakrishnan]

Thanks @RS Sorry for not mentioning OS, it's RED hat 6. The command which you mention gives this Unknown option

is it okay or i have to do some more steps to execute that command.

Code: Select all

[root@localhost ~]# /opt/otrs/bin/otrs.SetPermissions.pl --otrs-user=otrs --web-user=apache --otrs-group=apache --web-group=apache /opt/otrs
Unknown option: web-user
Unknown option: otrs-group
Setting permissions on /opt/otrs

[RStraub]

That's allright, those params (as mentioned by Giulio Soleni) are valid and required in OTRS 3.x, but not anymore in 4.x.

Now that you got your permissions and DB-Connection check, try restarting apache and access your webfrontend.

[gopalakrishnan]

After restarting apache again shows

Fatal Error-Frontend-OTRS-4

Error log is bellow

Code: Select all

[Tue Apr 28 15:23:56 2015] -e: DBI connect('database=otrs;host=127.0.0.1','otrs',...) failed: Can't connect to MySQL server on '127.0.0.1' (13) at /opt/otrs//Kernel/System/DB.pm line 184
ERROR: OTRS-CGI-72 Perl: 5.10.1 OS: linux Time: Tue Apr 28 15:23:56 2015

 Message: Can't connect to MySQL server on '127.0.0.1' (13)
 
 Can't write '/opt/otrs/var/tmp/CacheFileStorable/TemplateProvider/4/f/4fd2983f3605888b9d72424fb64ba2a1': Permission denied
 
 Can't write '/opt/otrs/var/tmp/CacheFileStorable/TemplateProvider/3/9/39285138ef78930f9c3f9d967fbdd6bb': Permission denied
 
 Can't write '/opt/otrs/var/tmp/CacheFileStorable/TemplateProvider/e/7/e73a715153f074752e829500e76f765b': Permission denied
 
 mkdir /opt/otrs/var/tmp/CacheFileStorable/TemplateProvider/3/d: Permission denied at /opt/otrs//Kernel/System/Cache/FileStorable.pm line 88
 Can't write '/opt/otrs/var/tmp/CacheFileStorable/TemplateProvider/e/6/e6f4f8c1130924d59deb478d08f08e5e': Permission denied
 
 

[gopalakrishnan]

Thanks @Giulio Soleni Please help me out. This problem occurs third time when changing system.

Please help me guys.

Thanks in advance
GK

[RStraub]

Okay, seems this didn't resolve anything.

Please run:

Code: Select all

~otrs/bin/otrs.CheckDB.pl

and let us know what the output is.

Still no write permissions on the cache folder. Let's try to fix it with the sledgehammer, please run (as root):

Code: Select all

cd /opt/otrs
chown -R otrs:apache *

[Giulio Soleni]

After the suggestions of RStraub I think you should go through a full stop and start of the main services, cleaning up all caches...

as root run the following:

Code: Select all

service otrs stop
/opt/otrs/bin/otrs.Scheduler.pl -a stop --force
service crond stop
service httpd stop

Then switch to otrs user... you may need to provisionally edit /etc/passwd to allow otrs user to login

Code: Select all

su - otrs

as otrs user run the following:

Code: Select all

/opt/otrs/bin/otrs.RebuildConfig.pl
/opt/otrs/bin/otrs.LoaderCache.pl -o delete
/opt/otrs/bin/otrs.DeleteCache.pl
/opt/otrs/bin/otrs.DeleteSessionIDs.pl --all

...back to root

Code: Select all

exit

reset permissions...

Code: Select all

/opt/otrs/bin/otrs.SetPermissions.pl --otrs-user=otrs --web-group=apache /opt/otrs

restart the services...

Code: Select all

service httpd start
service crond start
service otrs start

[gopalakrishnan]

Still it gives same error after restart the apache,

Command :

Code: Select all

~otrs/bin/otrs.CheckDB.pl

Output is

Code: Select all

[root@localhost ~]# /opt/otrs/bin/otrs.CheckDB.pl
Trying to connect to database
DSN         : DBI:mysql:database=otrs;host=127.0.0.1
DatabaseUser: otrs

Connection successful!

[gopalakrishnan]

Thanks @GS after Stop all the service i executed the steps which all are you mention then restarted apache,mysql,otrs.

but, while refreshing the URL http://localhost/otrs/index.pl the index.pl file is downloading the page is not opening.

[gopalakrishnan]

The Error log give me an error message as

Code: Select all

Error during minification of file /opt/otrs/var/httpd/htdocs/js/Core.UI.Dialog.js:
 mkdir /opt/otrs/var/tmp/CacheFileStorable/Loader: Permission denied at /opt/otrs//Kernel/System/Cache/FileStorable.pm line 88
 

[Giulio Soleni]

I am looking at the very first issue reported:

Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain for ServerName

Is the hostname and FQDN of the system correctly specified??
You should set it within /etc/sysconfig/network and also on /etc/hosts file
Your /etc/sysconfig/network should look like:

Code: Select all

NETWORKING=yes
HOSTNAME="myservername.mydomainname.com"
GATEWAY="192.168.0.1"
GATEWAYDEV="eth0"
FORWARD_IPV4="yes"

(of course with the correct HOSTNAME and GATEWAY set)
And /etc/hosts should have a line like:
192.168.0.111 myservername.mydomainname.com myservername
(again ... with the correct HOSTNAME and IP address)

Also post the httpd.conf file ... there could be some sections (like ServerName and Listen) that are misconfigured

[gopalakrishnan]

In /etc/hosts file has lot of localhost with localhost4 and localhost6 what i have to change, if these changes will affect the server.

for your reference

Code: Select all

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

[gopalakrishnan]

The changes are made in /etc/sysconfig/network and /etc/hosts
are done now the apache doesn't give any error after restarting.
for your reference

Code: Select all

[root@service ~]# service httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]

After restarting apache,mysql,otrs the index.pl(http://localhost/otrs/index.pl) gives 500 internal server error

my error log shows

Code: Select all

[Tue Apr 28 16:59:27 2015] Config.pm: Subroutine Load redefined at /opt/otrs//Kernel/Config.pm line 25.
[Tue Apr 28 16:59:27 2015] -e: Use of uninitialized value in shmctl at /opt/otrs//Kernel/System/Log.pm line 289.
ERROR: OTRS-CGI-72 Perl: 5.10.1 OS: linux Time: Tue Apr 28 16:59:27 2015

 Message: Can't remove shm for log: Identifier removed
 
 [Tue Apr 28 16:59:27 2015] -e: Use of uninitialized value in shmread at /opt/otrs//Kernel/System/Log.pm line 266.
[Tue Apr 28 16:59:27 2015] [error] [Tue Apr 28 16:59:27 2015] -e: Identifier removed at /opt/otrs//Kernel/System/Log.pm line 265.\n

[Giulio Soleni]

Problems like that sometimes depend on SELinux condition...
Please check if SELinux is disabled and, if it is not, disable it.
To do so, edit /etc/selinux/config and check the SELINUX parameter settings ... you should set it as:

Code: Select all

SELINUX=disabled

Also, I would disable the Linux firewall as well, with the following commands:

Code: Select all

service iptables save
service iptables stop
chkconfig iptables off
service ip6tables save
service ip6tables stop
chkconfig ip6tables off

Then it is recommended to reboot your system.

As for the "localhost" lines within /etc/hosts, leave them as they are... you should only add a new line with the IP address, followed by the fully qualified domain name and the hostname of your system.

[gopalakrishnan]

Thanks @GS now it rendering the page index.pl/customer.pl. but it will not sink with AD, i also attaching the source code.

Code: Select all

# This is an example configuration for using an MS AD backend
    $Self->{'AuthModule1'} = 'Kernel::System::Auth::LDAP';
    $Self->{'AuthModule::LDAP::Host1'} = '10.99.32.11';
    $Self->{'AuthModule::LDAP::BaseDN1'}='DC=SIVAGROUP,DC=ITL';
    $Self->{'AuthModule::LDAP::UID1'} = 'sAMAccountName';
 
    # Check if the user is allowed to auth in a posixGroup
    # (e. g. user needs to be in a group OTRS_Agents to use otrs)
    $Self->{'AuthModule::LDAP::GroupDN1'} = 'CN=otrs,OU=SIH,OU=Domestic,DC=SIVAGROUP,DC=ITL';
    $Self->{'AuthModule::LDAP::AccessAttr1'} = 'member';
    $Self->{'AuthModule::LDAP::UserAttr1'} = 'DN';
 
    # Bind credentials to log into AD
    $Self->{'AuthModule::LDAP::SearchUserDN1'} = 'CN=900191,OU=SIH,OU=Domestic,DC=SIVAGROUP,DC=ITL';
    $Self->{'AuthModule::LDAP::SearchUserPw1'} = 'Password@1';
 
    # in case you want to add always one filter to each ldap query, use
    # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
    $Self->{'AuthModule::LDAP::AlwaysFilter1'} = '';
 
    # in case you want to add a suffix to each login name,  then
    # you can use this option. e. g. user just want to use user but
    # in your ldap directory exists user@domain.
    #$Self->{'AuthModule::LDAP::UserSuffix'} = '';
 
    # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
    $Self->{'AuthModule::LDAP::Params1'} = {
        port => 389,
        timeout => 120,
        async => 0,
        version => 3,
 	sscope => 'sub'
    };
  
    # Now sync data with OTRS DB
    $Self->{'AuthSyncModule1'} = 'Kernel::System::Auth::Sync::LDAP';
    $Self->{'AuthSyncModule::LDAP::Host1'} = '10.99.32.11';
    $Self->{'AuthSyncModule::LDAP::BaseDN1'} = 'DC=SIVAGROUP,DC=ITL';
    $Self->{'AuthSyncModule::LDAP::UID1'} = 'sAMAccountName';
    $Self->{'AuthSyncModule::LDAP::SearchUserDN1'} = 'CN=900191,OU=SIH,OU=Domestic,DC=SIVAGROUP,DC=ITL';
    $Self->{'AuthSyncModule::LDAP::SearchUserPw1'} = 'Password@1';
 
    $Self->{'AuthSyncModule::LDAP::UserSyncMap1'} = {
        # DB -> LDAP
        UserFirstname => 'givenName',
        UserLastname  => 'sn',
        UserEmail     => 'mail',
    };
    # UserSyncLDAPGroups
    # (If "LDAP" was selected for AuthModule, you can specify
    # initial user groups for first login.)
    #$Self->{UserSyncLDAPGroups} = [
     #   'users',
    #];
 
    # AuthSyncModule::LDAP::UserSyncInitialGroups
    # (sync following group with rw permission after initial create of first agent
    # login)
    $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups1'} = [
        'customer_user',
    ];
	
    #-------------------Enable LDAP authentication for Customers / Users------------------
    $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
    $Self->{'Customer::AuthModule::LDAP::Host'} = '10.99.32.11';
    $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'CN=CHE-SVL-ADS-01,DC=SIVAGROUP,DC=ITL';
    $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
    #$Self->{'Customer::AuthModule::LDAP::SSCOPE'} = 'sub';
 
    # The following is valid but would only be necessary if the
    # anonymous user do NOT have permission to read from the LDAP tree
    $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'CN=900191,OU=SIH,OU=Domestic,DC=SIVAGROUP,DC=ITL';
    $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'Password@1';
 
    # CustomerUser
    # (customer user database backend and settings)
    $Self->{CustomerUser} = {
       Module => 'Kernel::System::CustomerUser::LDAP',
       Params => {
	#port	=> 389,
	#timeout => 120,
	#async   => 0,
	#version =>3,
        Host => '10.99.32.11',
        BaseDN => 'DC=SIVAGROUP,DC=ITL',
        SSCOPE => 'sub',
        UserDN =>'CCN=900191,OU=SIH,OU=Domestic,DC=SIVAGROUP,DC=ITL',
	#UserDN => ''
        UserPw => 'Password@1', 
	#UserPw => '',
       },
 
	   # customer unique id
       CustomerKey => 'sAMAccountName',
       # customer #
       CustomerID => 'mail',
       CustomerUserListFields => ['cn', 'mail'],
       CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
       CustomerUserSearchPrefix => '',
       CustomerUserSearchSuffix => '*',
       CustomerUserSearchListLimit => 250,
       CustomerUserPostMasterSearchFields => ['mail'],
       CustomerUserNameFields => ['givenname', 'sn'],
       Map => [
          # note: Login, Email and CustomerID needed!
          # var, frontend, storage, shown, required, storage-type
          #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
          [ 'UserFirstname', 	'Firstname', 	'givenname',		 1, 1, 'var','',0 ],
          [ 'UserLastname', 	'Lastname', 	'sn', 			 1, 1, 'var','',0 ],
          [ 'UserLogin', 	'Login', 	'sAMAccountName',	 1, 1, 'var','',0 ],
          [ 'UserEmail', 	'Email', 	'mail',			 1, 1, 'var','',0 ],
          [ 'UserCustomerID', 	'CustomerID', 	'sAMAccountName',  	 0, 1, 'var','',0 ],
          [ 'UserPhone', 	'Phone', 	'telephonenumber',	 1, 0, 'var','',0 ],
          #[ 'UserAddress', 	'Address', 	'postaladdress',	 1, 0, 'var','',0 ],
          #[ 'UserComment', 	'Comment', 	'description', 		 1, 0, 'var','',0 ],
       ],
    };
        #Add the following lines when only users are allowed to login if they reside in the spicified security group
	#Remove these lines if you want to provide login to all users specified in the User Base DN
	$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=SIVAGROUP, dc=ITL';
  	#$Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'CN=otrs_allow_C,OU=Users,DC=shatest,DC=com';
  	$Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
  	$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN'
	

Error log shows

Code: Select all

First bind failed! 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db0 

Kindly suggest me where are all i have to change to connect with AD. few changes are made till not connecting with AD

Please help me

once again Thanks.

[Giulio Soleni]

from the code you posted I see some possible troubles... probably the most "messed-up" part of the file is that related to customer users.
My suggestion:
- check with telnet if the connection to your 10.99.32.11 ActiveDirectory server is opened from OTRS;
- check that you can bind CN=900191,OU=SIH,OU=Domestic,DC=SIVAGROUP,DC=ITL to login to your AD as well, possibly with another tool (not OTRS).
- replace the original Config.pm file (remember to set your actual password set for otrs db-user) and start reconfiguring only the "Agents" part of LDAP/AD (that seems to be the most reliable).
... on that part I would only remove the line sscope => 'sub' from the following part...

Code: Select all

    $Self->{'AuthModule::LDAP::Params1'} = {
        port => 389,
        timeout => 120,
        async => 0,
        version => 3,
        sscope => 'sub'      # <<<<<<< REMOVE THIS
    };

...let us know

[crythias]

> First bind failed! 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db0

Means you haven't authenticated to the domain to allow the search.
Specifically, 52e = invalid credentials.

or, more to the point:

Code: Select all

    $Self->{'AuthModule::LDAP::SearchUserDN1'} = 'CN=900191,OU=SIH,OU=Domestic,DC=SIVAGROUP,DC=ITL';
    $Self->{'AuthModule::LDAP::SearchUserPw1'} = 'Password@1';

is invalid for binding.

[gopalakrishnan]

Hi guys, Thanks Thanks for your helps. OTRS is now connecting with AD for all users to access customer.pl but in Agents, i created one group called otrs_agents. i want only those users who all are in the group can access this agent.pl. after refersh, enter username and password is gives

"Login failed! Your user name or password was entered incorrectly."

my error log shows

Code: Select all

 	Search failed! 0000208D: NameErr: DSID-0310020A, problem 2001 (NO_OBJECT), data 0, best match of:
	'DC=SIVAGROUP,DC=ITL'
	
	No UserID found for '900191'! --->employee code
	

And one more, in AD more 1000 records are there in error log

Code: Select all

Message: Sizelimit exceeded

 RemoteAddress: 10.100.0.158
 RequestURI: /otrs/index.pl?Action=AdminCustomerUser
 

my Agent code is below. i think almost near to the end of the configuration.

Code: Select all

# This is an example configuration for using an MS AD backend
    $Self->{'AuthModule1'} = 'Kernel::System::Auth::LDAP';
    $Self->{'AuthModule::LDAP::Host1'} = '10.99.32.11';
    $Self->{'AuthModule::LDAP::BaseDN1'}='CN=CHE-SVL-ADS-01,DC=SIVAGROUP,DC=ITL';
    $Self->{'AuthModule::LDAP::UID1'} = 'sAMAccountName';
 
    # Check if the user is allowed to auth in a posixGroup
    # (e. g. user needs to be in a group OTRS_Agents to use otrs)
    $Self->{'AuthModule::LDAP::GroupDN1'} = 'CN=otrs_agents,OU=SIH,OU=Domestic,DC=SIVAGROUP,DC=ITL';
    $Self->{'AuthModule::LDAP::AccessAttr1'} = 'member';
    $Self->{'AuthModule::LDAP::UserAttr1'} = 'DN';
 
    # Bind credentials to log into AD
    $Self->{'AuthModule::LDAP::SearchUserDN1'} = 'CN=otrs_search,OU=SIH,OU=Domestic,DC=SIVAGROUP,DC=ITL';
    $Self->{'AuthModule::LDAP::SearchUserPw1'} = 'apr@123';
 
    # in case you want to add always one filter to each ldap query, use
    # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
    $Self->{'AuthModule::LDAP::AlwaysFilter1'} = '';
 
    # in case you want to add a suffix to each login name,  then
    # you can use this option. e. g. user just want to use user but
    # in your ldap directory exists user@domain.
    #$Self->{'AuthModule::LDAP::UserSuffix'} = '';
 
    # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
    $Self->{'AuthModule::LDAP::Params1'} = {
        port => 389,
        timeout => 120,
        async => 0,
        version => 3,
 	sscope => 'sub'
    };
  
    # Now sync data with OTRS DB
    $Self->{'AuthSyncModule1'} = 'Kernel::System::Auth::Sync::LDAP';
    $Self->{'AuthSyncModule::LDAP::Host1'} = '10.99.32.11';
    $Self->{'AuthSyncModule::LDAP::BaseDN1'} = 'DC=SIVAGROUP,DC=ITL';
    $Self->{'AuthSyncModule::LDAP::UID1'} = 'sAMAccountName';
    $Self->{'AuthSyncModule::LDAP::SearchUserDN1'} = 'CN=otrs_search,OU=SIH,OU=Domestic,DC=SIVAGROUP,DC=ITL';
    $Self->{'AuthSyncModule::LDAP::SearchUserPw1'} = 'apr@123';
 
    $Self->{'AuthSyncModule::LDAP::UserSyncMap1'} = {
        # DB -> LDAP
        UserFirstname => 'givenName',
        UserLastname  => 'sn',
        UserEmail     => 'mail',
    };
    # UserSyncLDAPGroups
    # (If "LDAP" was selected for AuthModule, you can specify
    # initial user groups for first login.)
    #$Self->{UserSyncLDAPGroups} = [
     #   'users',
    #];
 
    # AuthSyncModule::LDAP::UserSyncInitialGroups
    # (sync following group with rw permission after initial create of first agent
    # login)
    $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups1'} = [
        'customer_user',
    ];
    

Few steps ahead to solve this. Please help me.

once again Thanks @ Giulio Soleni and @crythias

[gopalakrishnan]

Guys one more helps, i want an alias url for index.pl and customer.pl as bellow

http://10.99.38.79/otrs/index.pl ======>>>> http://service.response.in/

http://10.99.38.79/otrs/customer.pl =====>>> http://service.resquest.in/

that is in private network.

I think it will be solved by virtual host. but how i dont know??

Please give me some solution to solve this problem also today is last day for configuration.

Thanks in advance.

[gopalakrishnan]

Guys, its working fine agents also login success fully, but new ticket notification of agent is not visible in agent dashboard is there any configure should be change to get notification and agents should get the email notification when a new ticket is created. Also the alias name for the customer.pl and agent.pl.

Please guys help me..

i'm in last line to finish it

thanks in advance

[crythias]

but new ticket notification of agent is not visible in agent dashboard

Please create new topics for new questions. Imagine if this were a ticket. The scope has changed...

On topic: What does this mean? There are no notifications of new tickets, just a dashlet. The agent will see tickets in the dashlets for the queues that belong to the groups to which the agent belongs. Even within the dashlet, there are three tabs which may or may not be relevant to the agent, including "My tickets" (Tickets locked to the agent), "My Queues" (Tickets in the Queues highlighted in the Agent Preferences), and "All Tickets" (Tickets in the groups of the agent).

Also the alias name for the customer.pl and agent.pl.

Again, new topic, new question, and whatever this means.

[gopalakrishnan]

Thanks @ crythias i got clear the error and successfully configured with AD and also thanks for @Giulio Soleni and @ RStraub without your help i cant configure this in a short periods of time.