[Solved] OTRS 6 and Windows AD 2019

Moderator: crythias

Post Reply
cmadiam82
Znuny newbie
Posts: 2
Joined: 26 Apr 2020, 21:12
Znuny Version: 6.0.x
Real Name: Chester Madiam

[Solved] OTRS 6 and Windows AD 2019

Post by cmadiam82 »

Hi All!

I managed to successfully instal OTRS 6 on my Centos 8 Server and using NGINX as the web server. root@localhost can login without any issue.

But my main goal is to integrate it with our Windows Active Directory 2019 to authenticate/automate the agent creations. Later part of integration will be the Customer creations.

I followed many guides from the internet and also stumbled upon this Forum, thats why I will try my luck and seek for any help that I can find here. I know that a lot of guys in this forum are quite familiar with OTRS.

I keep on hitting this error, Message: No UserID found for 'agent'!

I already tried to remove/change the password of the account that used to bind with the AD and I hit this error, Message: First bind failed! 80090308: LdapErr: DSID-0C090434, comment: AcceptSecurityContext error, data 52e, v4563 so I know that OTRS is communication with the AD.

Been trying to figure it out for almost 2days now. Any help will be much appreciated.

Below is my configuration.

Code: Select all

      $Self->{'AuthModule1'} = 'Kernel::System::Auth::LDAP';
      $Self->{'AuthModule::LDAP::Host1'} = 'AD-01.xx.xx.xx';
      $Self->{'AuthModule::LDAP::BaseDN1'} = 'DC=xxx,DC=xx,DC=xx';
      $Self->{'AuthModule::LDAP::UID1'} = 'sAMAccountName';
      $Self->{'AuthModule::LDAP::GroupDN1'} = 'CN=Agents,OU=xx,DC=xx,DC=xx,DC=xx';
      $Self->{'AuthModule::LDAP::AccessAttr1'} = 'member';
      $Self->{'AuthModule::LDAP::UserAttr1'} = 'UID';
      $Self->{'AuthModule::LDAP::SearchUserDN1'} = 'CN=Administrator,CN=Users,DC=xx,DC=xx,DC=xx';
      $Self->{'AuthModule::LDAP::SearchUserPw1'} = 'admin_password';
      $Self->{'AuthModule::LDAP::AlwaysFilter1'} = '';
      $Self->{'AuthModule::LDAP::UserSuffix1'} = '@xx.xx.xx';
      $Self->{'AuthModule::LDAP::Params1'} = {
          port => 389,
          timeout => 120,
          async => 0,
          version => 3,
      };
Many thanks and more power. Stay safe!
Last edited by cmadiam82 on 11 May 2020, 05:47, edited 1 time in total.
Top
wurzel
Znuny guru
Posts: 3232
Joined: 08 Jul 2010, 22:25
Znuny Version: x.x.x
Real Name: Florian

Re: OTRS 6 and Windows AD 2019

Post by wurzel »

Hi

add the agent (same username as windows username) manually in otrs db
or better use the AuthSynch module.

agents must be present in the local DB or synched into DB.

Flo
OTRS 8 SILVER (Prod)
OTRS 8 auf Debian 11 (Test)
Znuny 7.x latest version testing auf Debian 11

-- Ich beantworte keine Forums-Fragen PN - No PN please

I won't answer to unfriendly users any more. A greeting and regards are just polite.
Top
jojo
Znuny guru
Posts: 15019
Joined: 26 Jan 2007, 14:50
Znuny Version: Git Master
Contact:
Contact jojo

Re: OTRS 6 and Windows AD 2019

Post by jojo »

your config is totally wrong

so you mix up parts with a suffix 1 at the end and some without. Also you use UID instead of samaccount or UPN
"Production": OTRS™ 8, OTRS™ 7, STORM powered by OTRS
"Testing": ((OTRS Community Edition)) and git Master

Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
Top
cmadiam82
Znuny newbie
Posts: 2
Joined: 26 Apr 2020, 21:12
Znuny Version: 6.0.x
Real Name: Chester Madiam

Re: OTRS 6 and Windows AD 2019

Post by cmadiam82 »

I also try to use below configuration but still error.

Code: Select all

    $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
    $Self->{'AuthModule::LDAP::Host'} = 'ldaps://192.168.82.1';
    $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=xx,dc=xx,dc=xx';
    $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
    $Self->{'AuthModule::LDAP::GroupDN'} = 'cn=Users,dc=xx,dc=xx,dc=xx';
    $Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
    $Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
 
    # Bind credentials to log into AD
    $Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=Administrator,CN=Users,dc=xx,dc=xx,dc=xx';
    $Self->{'AuthModule::LDAP::SearchUserPw'} = 'password';
 
    # in case you want to add always one filter to each ldap query, use
    # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
    $Self->{'AuthModule::LDAP::AlwaysFilter'} = '';	# No filter until you get it to work
 
    # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
    $Self->{'AuthModule::LDAP::Params'} = {
        port => 636,
        timeout => 120,
        async => 0,
        version => 3,
    };
 
   # Now sync data with OTRS DB
    $Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
    $Self->{'AuthSyncModule::LDAP::Host'} = 'ldaps://192.168.82.1';
    $Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=xx,dc=xx,dc=xx';
    $Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
    $Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'CN=Administrator,CN=Users,dc=xx,dc=xx,dc=xx';
    $Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'password';
 
    $Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
        # DB -> LDAP
        UserFirstname => 'givenName',
        UserLastname  => 'sn',
        UserEmail     => 'mail',
    };
 
    # AuthSyncModule::LDAP::UserSyncInitialGroups
    # (sync following group with rw permission after initial create of first agent
    # login)
    $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
        'users',
    ];
Thanks again.
Top
crythias
Moderator
Posts: 10169
Joined: 04 May 2010, 18:38
Znuny Version: 5.0.x
Location: SouthWest Florida, USA
Contact:
Contact crythias

Re: OTRS 6 and Windows AD 2019

Post by crythias »

viewtopic.php?t=16543
OTRS 6.0.x (private/testing/public) on Linux with MySQL database.
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
Top
Post Reply

Return to “Help”