Three ldap backends

spiderpig · Post by **spiderpig** » 11 Mar 2016, 13:23

Hi guys,

I'm using a two ldap and one mysql backend and I want to add another ldap backend.
But I cant get the third ldap one to work, are there any limitation on how many backends I can use?

reneeb · Post by **reneeb** » 12 Mar 2016, 10:33

Currently OTRS supports 11 backends, but that can be extended as well... Did you check the LDAP settings, are there any messages in the log files?

spiderpig · Post by **spiderpig** » 13 Mar 2016, 14:28

[Sun Mar 13 11:55:58 2016][Error][Kernel::System::CustomerUser::LDAP::_Connect][197] First bind failed! 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1
[Sun Mar 13 11:55:58 2016][Error][Kernel::System::CustomerUser::LDAP::CustomerName][251] Search failed! No such file or directory

spiderpig · Post by **spiderpig** » 13 Mar 2016, 15:59

Here is my code for the three ldap auth and lookup backends, only the first one works.
am I doing it wrong?

Code: Select all

#Customer domain 1.
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = '10.0.0.1';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=domain1, dc=local';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'CN=OTRSUSER,OU=Service Accounts,OU=Servers,DC=domain1,DC=local';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'password';
$Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '(mail=*)';
$Self->{'Customer::AuthModule::LDAP::Params'} = { async => 0, port => 389, timeout => 120, version =>3, };
	## The above is the LDAP Customer Authentication module.

$Self->{CustomerUser} = {
		Name => 'Active Directory - Domain 1',
        Module => 'Kernel::System::CustomerUser::LDAP',
        Params => {
                Host => '10.0.0.1',
                BaseDN => 'dc=domain1, dc=local',
                SSCOPE => 'sub',
                UserDN => 'CN=OTRSSEARCH,OU=Service Accounts,OU=Servers,DC=domain1,DC=local',
                UserPw => 'password',
                AlwaysFilter => '(mail=*)',				
				SourceCharset => 'utf-8',
				DestCharset   => 'utf-8',
		},
			
    CustomerKey => 'sAMAccountName',
    CustomerID => 'mail',
    CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserSearchFields => ['sAMAccountName', 'uid', 'cn', 'mail'],
    CustomerUserSearchPrefix => '',
    CustomerUserSearchSuffix => '*',
    CustomerUserSearchListLimit => 900,
    CustomerUserPostMasterSearchFields => ['mail'],
    CustomerUserNameFields => ['givenname', 'sn'],
        CacheTTL => 120,
        Map => [
 [ 'UserSalutation', 'Title',      'title',           1, 0, 'var', '', 0 ],
            [ 'UserFirstname',  'Firstname',  'givenname',       1, 1, 'var', '', 0 ],
            [ 'UserLastname',   'Lastname',   'sn',              1, 1, 'var', '', 0 ],
            [ 'UserLogin',      'Username',   'sAMAccountName',             1, 1, 'var', '', 0 ],
            [ 'UserEmail',      'Email',      'mail',            1, 1, 'var', '', 0 ],
            [ 'UserCustomerID', 'CustomerID', 'mail',            0, 1, 'var', '', 0 ],
            [ 'UserPhone',      'Phone',      'telephonenumber', 1, 1, 'var', '', 1 ],
            [ 'UserAddress',    'Address',    'postaladdress',   1, 0, 'var', '', 0 ],
            [ 'UserComment',    'Comment',    'description',     1, 0, 'var', '', 0 ],
        ],
    };
  

#Customer Domain 2
$Self->{'Customer::AuthModule2'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host2'} = '10.1.0.1';
$Self->{'Customer::AuthModule::LDAP::BaseDN2'} = 'dc=domain2, dc=local';
$Self->{'Customer::AuthModule::LDAP::UID2'} = 'sAMAccountName';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN2'} = 'CN=OTRSUSER,OU=Service Accounts,DC=domain2,DC=local';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw2'} = 'password';
$Self->{'Customer::AuthModule::LDAP::AlwaysFilter2'} = '(mail=*)';
$Self->{'Customer::AuthModule::LDAP::Params2'} = { async => 0, port => 389, timeout => 120, version =>3, };
	## The above is the LDAP Customer Authentication module.

$Self->{CustomerUser1} = {
		Name => 'Active Directory - Domain2',
        Module => 'Kernel::System::CustomerUser::LDAP',
        Params => {
                Host => '10.1.0.1',
                BaseDN => 'dc=domain2, dc=local',
                SSCOPE => 'sub',
                UserDN => 'CN=LDAP OTRS,OU=Service Accounts,DC=domain2,DC=local',
                UserPw => 'password',
                AlwaysFilter => '(mail=*)',				
				SourceCharset => 'utf-8',
				DestCharset   => 'utf-8',
		},
			
    CustomerKey => 'sAMAccountName',
    CustomerID => 'mail',
    CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserSearchFields => ['sAMAccountName', 'uid', 'cn', 'mail'],
    CustomerUserSearchPrefix => '',
    CustomerUserSearchSuffix => '*',
    CustomerUserSearchListLimit => 900,
    CustomerUserPostMasterSearchFields => ['mail'],
    CustomerUserNameFields => ['givenname', 'sn'],
        CacheTTL => 120,
        Map => [
 [ 'UserSalutation', 'Title',      'title',           1, 0, 'var', '', 0 ],
            [ 'UserFirstname',  'Firstname',  'givenname',       1, 1, 'var', '', 0 ],
            [ 'UserLastname',   'Lastname',   'sn',              1, 1, 'var', '', 0 ],
            [ 'UserLogin',      'Username',   'sAMAccountName',             1, 1, 'var', '', 0 ],
            [ 'UserEmail',      'Email',      'mail',            1, 1, 'var', '', 0 ],
            [ 'UserCustomerID', 'CustomerID', 'mail',            0, 1, 'var', '', 0 ],
            [ 'UserPhone',      'Phone',      'telephonenumber', 1, 1, 'var', '', 1 ],
            [ 'UserAddress',    'Address',    'postaladdress',   1, 0, 'var', '', 0 ],
            [ 'UserComment',    'Comment',    'description',     1, 0, 'var', '', 0 ],
        ],
    };
  

	
#Customer domain 3.
$Self->{'Customer::AuthModule3'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host3'} = '10.3.0.1';
$Self->{'Customer::AuthModule::LDAP::BaseDN3'} = 'dc=domain3, dc=local';
$Self->{'Customer::AuthModule::LDAP::UID3'} = 'sAMAccountName';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN3'} = 'CN=OTRSUSER,OU=Service Accounts,OU=Servers,DC=domain3,DC=local';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw3'} = 'password';
$Self->{'Customer::AuthModule::LDAP::AlwaysFilter3'} = '(mail=*)';
$Self->{'Customer::AuthModule::LDAP::Params3'} = { async => 0, port => 389, timeout => 120, version =>3, };
	## The above is the LDAP Customer Authentication module.

$Self->{CustomerUser3} = {
		Name => 'Active Directory - Domain 3',
        Module => 'Kernel::System::CustomerUser::LDAP',
        Params => {
                Host => '10.3.0.1',
                BaseDN => 'dc=domain3, dc=local',
                SSCOPE => 'sub',
                UserDN => 'CN=OTRSUSER,OU=Service Accounts,OU=Servers,DC=domain3,DC=local',
                UserPw => 'password',
                AlwaysFilter => '(mail=*)',				
				SourceCharset => 'utf-8',
				DestCharset   => 'utf-8',
		},
			
    CustomerKey => 'sAMAccountName',
    CustomerID => 'mail',
    CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserSearchFields => ['sAMAccountName', 'uid', 'cn', 'mail'],
    CustomerUserSearchPrefix => '',
    CustomerUserSearchSuffix => '*',
    CustomerUserSearchListLimit => 900,
    CustomerUserPostMasterSearchFields => ['mail'],
    CustomerUserNameFields => ['givenname', 'sn'],
        CacheTTL => 120,
        Map => [
 [ 'UserSalutation', 'Title',      'title',           1, 0, 'var', '', 0 ],
            [ 'UserFirstname',  'Firstname',  'givenname',       1, 1, 'var', '', 0 ],
            [ 'UserLastname',   'Lastname',   'sn',              1, 1, 'var', '', 0 ],
            [ 'UserLogin',      'Username',   'sAMAccountName',             1, 1, 'var', '', 0 ],
            [ 'UserEmail',      'Email',      'mail',            1, 1, 'var', '', 0 ],
            [ 'UserCustomerID', 'CustomerID', 'mail',            0, 1, 'var', '', 0 ],
            [ 'UserPhone',      'Phone',      'telephonenumber', 1, 1, 'var', '', 1 ],
            [ 'UserAddress',    'Address',    'postaladdress',   1, 0, 'var', '', 0 ],
            [ 'UserComment',    'Comment',    'description',     1, 0, 'var', '', 0 ],
        ],
    };

reneeb · Post by **reneeb** » 14 Mar 2016, 11:49

spiderpig wrote:[Sun Mar 13 11:55:58 2016][Error][Kernel::System::CustomerUser::LDAP::_Connect][197] First bind failed! 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1

Check your credentials...

spiderpig · Post by **spiderpig** » 14 Mar 2016, 13:12

I already double checked that

I restarted the password couple of time just to be sure.
that doesn't be the case here.

reneeb · Post by **reneeb** » 14 Mar 2016, 14:18

Did you check that the basedn is correct, too? Error code 52e is "invalid credentials". Did you check that the user isn't locked?

spiderpig · Post by **spiderpig** » 15 Mar 2016, 00:35

yes i double check that also, is it possible I have enter "domainname\" somewhere in the config?

spiderpig · Post by **spiderpig** » 31 Mar 2016, 13:47

Now I'm testing with only one Ldap backend, and I'm randomly getting this error.
"First bind failed! 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1"

even everything seems to work. Any ideas whats going on?

Znuny and ((OTRS)) Community Edition

Three ldap backends

Three ldap backends

Re: Three ldap backends

Re: Three ldap backends

Re: Three ldap backends

Re: Three ldap backends

Re: Three ldap backends

Re: Three ldap backends

Re: Three ldap backends

Re: Three ldap backends