Unable to log in as Customer AD/LDAP user
Moderator: crythias
-
- Znuny advanced
- Posts: 148
- Joined: 25 Oct 2010, 10:02
- Znuny Version: 3.2
- Location: Bangalore, India
Unable to log in as Customer AD/LDAP user
Hello All,
I am sorry to start the thread on Active Directory again. I have searched all the threads on AD/LDAP and then initiating one again. I am able to integrate AD/LDAP with OTRS for customers and can search them in Admin module too. However, I am unable to log in customer.pl as AD user and password. It does not throw any OTRS error except that it says that login or password is invalid. It shows the login error in red as "Login failed! Your user name or password was entered incorrectly."
Has anybody faced and resolved it? Your help would be really appreciated.
Thanks.
Best Regards
Chetan
I am sorry to start the thread on Active Directory again. I have searched all the threads on AD/LDAP and then initiating one again. I am able to integrate AD/LDAP with OTRS for customers and can search them in Admin module too. However, I am unable to log in customer.pl as AD user and password. It does not throw any OTRS error except that it says that login or password is invalid. It shows the login error in red as "Login failed! Your user name or password was entered incorrectly."
Has anybody faced and resolved it? Your help would be really appreciated.
Thanks.
Best Regards
Chetan
Best Regards
Chetan
OTRS 3.06
ITSM 3.1
MySQL
Windows 7 Ultimate
Chetan
OTRS 3.06
ITSM 3.1
MySQL
Windows 7 Ultimate
-
- Znuny superhero
- Posts: 723
- Joined: 10 Oct 2007, 14:30
- Znuny Version: 3.0
- Location: Hamburg, Germany
Re: Unable to log in as Customer AD/LDAP user
It would help to see what your log file says.
Do you use the correct search options like
Do you use the correct search options like
Code: Select all
$Self->{'Customer::AuthModule::LDAP::UID'} = 'samaccountname';
$Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
openSuSE on ESX
IT-Helpdesk: OTRS 3.0
Customer Service: OTRS 3.0 (upgraded from 2.3)
Customer Service (subsidiary): OTRS 3.0
+additional test and development systems
IT-Helpdesk: OTRS 3.0
Customer Service: OTRS 3.0 (upgraded from 2.3)
Customer Service (subsidiary): OTRS 3.0
+additional test and development systems
-
- Znuny advanced
- Posts: 148
- Joined: 25 Oct 2010, 10:02
- Znuny Version: 3.2
- Location: Bangalore, India
Re: Unable to log in as Customer AD/LDAP user
Thanks for the reply, ferrosti. Admin log does not show any error. I have tried different settings, but somehow am unable to log in as ldap customer. We'll be going live shortly. Really really appreciate any help to resolve this pls. Below is my config.pm file -
# CustomerUser
# (customer user ldap backend and settings)
$Self->{'Customer::AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'abcd.com';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=abcd,dc=com';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'uid=abcd,ou=users,o=ldap-services,dc=abcd,dc=com';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'xxxx';
$Self->{'AuthModule::LDAP::AlwaysFilter'} = '(&(objectclass=user)(mail=*))';
#this code is added on Jan 25 to sync and allow customers to log in properly
# Sync
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = 'abcd.com';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'DC=abcd,DC=com';
$Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'uid=abcd,ou=users,o=ldap-services,dc=abcd,dc=com';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'xxxx';
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
Username => 'sAMAccountName',
};
$Self->{'AuthModule::LDAP::Die'} = 0;
# ---------------------------------------------------- #
# UserSyncLDAPMap
# ---------------------------------------------------- #
# (map if agent should create/synced from LDAP to DB after login)
$Self->{UserSyncLDAPMap} = {
# DB -> LDAP
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
$Self->{UserSyncLDAPGroups} = ['user',];
# $Self->{UserSyncLDAPMap} = {
# DB -> LDAP
# UserFirstname => 'givenName',
# UserLastname => 'sn',
# UserEmail => 'mail',
# };
$Self->{CustomerUser} = {
Name => 'LDAP Backend',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
# # ldap host
Host => 'abcd.com',
# # ldap base dn
BaseDN => 'dc=abcd,dc=com',
# # search scope (one|sub)
SSCOPE => 'sub',
# # The following is valid but would only be necessary if the
# # anonymous user does NOT have permission to read from the LDAP tree
UserDN => 'abcd',
UserPw => 'xxxx',
# # in case you want to add always one filter to each ldap query, use
# # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
# AlwaysFilter => '',
AlwaysFilter => '(&(objectclass=user)(mail=*))';
# # if both your frontend and your LDAP are unicode, use this:
SourceCharset => 'utf-8',
DestCharset => 'utf-8',
# # if your frontend is e. g. iso-8859-1 and the charset of your
# # ldap server is utf-8, use these options.
# SourceCharset => 'utf-8',
# DestCharset => 'iso-8859-1',
# # die if backend can't work, e. g. can't connect to server
Die => 0,
# # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
Params => {
port => 389,
timeout => 120,
async => 180,
version => 3,
},
},
# # customer uniq id
CustomerKey => 'sAMAccountName',
# # customer #
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
# # show now own tickets in customer panel, CompanyTickets
CustomerUserExcludePrimaryCustomerID => 0,
# # add a ldap filter for valid users (expert setting)
# # CustomerUserValidFilter => '(!(description=gesperrt))',
# # admin can't change customer preferences
AdminSetPreferences => 0,
# # cache time to live in sec. - cache any ldap queries
CacheTTL => 0,
Map => [
# # note: Login, Email and CustomerID needed!
# # var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly
[ 'UserTitle', 'Title', 'title', 1, 0, 'var', '', 0 ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var', '', 0 ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var', '', 0 ],
[ 'UserLogin', 'Username', 'sAMAccountName', 1, 1, 'var', '', 0 ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var', '', 0 ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var', '', 0 ],
# [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1, 0, 'var', '', 0 ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var', '', 0 ],
[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var', '', 0 ],
[ 'UserComment', 'Comment', 'description', 1, 0, 'var', '', 0 ],
],
};
# CustomerUser
# (customer user ldap backend and settings)
$Self->{'Customer::AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'abcd.com';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=abcd,dc=com';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'uid=abcd,ou=users,o=ldap-services,dc=abcd,dc=com';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'xxxx';
$Self->{'AuthModule::LDAP::AlwaysFilter'} = '(&(objectclass=user)(mail=*))';
#this code is added on Jan 25 to sync and allow customers to log in properly
# Sync
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = 'abcd.com';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'DC=abcd,DC=com';
$Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'uid=abcd,ou=users,o=ldap-services,dc=abcd,dc=com';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'xxxx';
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
Username => 'sAMAccountName',
};
$Self->{'AuthModule::LDAP::Die'} = 0;
# ---------------------------------------------------- #
# UserSyncLDAPMap
# ---------------------------------------------------- #
# (map if agent should create/synced from LDAP to DB after login)
$Self->{UserSyncLDAPMap} = {
# DB -> LDAP
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
$Self->{UserSyncLDAPGroups} = ['user',];
# $Self->{UserSyncLDAPMap} = {
# DB -> LDAP
# UserFirstname => 'givenName',
# UserLastname => 'sn',
# UserEmail => 'mail',
# };
$Self->{CustomerUser} = {
Name => 'LDAP Backend',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
# # ldap host
Host => 'abcd.com',
# # ldap base dn
BaseDN => 'dc=abcd,dc=com',
# # search scope (one|sub)
SSCOPE => 'sub',
# # The following is valid but would only be necessary if the
# # anonymous user does NOT have permission to read from the LDAP tree
UserDN => 'abcd',
UserPw => 'xxxx',
# # in case you want to add always one filter to each ldap query, use
# # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
# AlwaysFilter => '',
AlwaysFilter => '(&(objectclass=user)(mail=*))';
# # if both your frontend and your LDAP are unicode, use this:
SourceCharset => 'utf-8',
DestCharset => 'utf-8',
# # if your frontend is e. g. iso-8859-1 and the charset of your
# # ldap server is utf-8, use these options.
# SourceCharset => 'utf-8',
# DestCharset => 'iso-8859-1',
# # die if backend can't work, e. g. can't connect to server
Die => 0,
# # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
Params => {
port => 389,
timeout => 120,
async => 180,
version => 3,
},
},
# # customer uniq id
CustomerKey => 'sAMAccountName',
# # customer #
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
# # show now own tickets in customer panel, CompanyTickets
CustomerUserExcludePrimaryCustomerID => 0,
# # add a ldap filter for valid users (expert setting)
# # CustomerUserValidFilter => '(!(description=gesperrt))',
# # admin can't change customer preferences
AdminSetPreferences => 0,
# # cache time to live in sec. - cache any ldap queries
CacheTTL => 0,
Map => [
# # note: Login, Email and CustomerID needed!
# # var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly
[ 'UserTitle', 'Title', 'title', 1, 0, 'var', '', 0 ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var', '', 0 ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var', '', 0 ],
[ 'UserLogin', 'Username', 'sAMAccountName', 1, 1, 'var', '', 0 ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var', '', 0 ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var', '', 0 ],
# [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1, 0, 'var', '', 0 ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var', '', 0 ],
[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var', '', 0 ],
[ 'UserComment', 'Comment', 'description', 1, 0, 'var', '', 0 ],
],
};
Best Regards
Chetan
OTRS 3.06
ITSM 3.1
MySQL
Windows 7 Ultimate
Chetan
OTRS 3.06
ITSM 3.1
MySQL
Windows 7 Ultimate
-
- Moderator
- Posts: 10169
- Joined: 04 May 2010, 18:38
- Znuny Version: 5.0.x
- Location: SouthWest Florida, USA
- Contact:
Re: Unable to log in as Customer AD/LDAP user
http://doc.otrs.org/3.0/en/html/auth-backends.html
The following is for authentication. You should be receiving System Log messages why your customers aren't authenticating. but logging in Windows is different from Logging in linux, which is why you (might) not see error messages.
# This is an example configuration for an LDAP auth. backend.
# (Make sure Net::LDAP is installed!)
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'ldap.example.com';
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=example,dc=com';
$Self->{'AuthModule::LDAP::UID'} = 'uid';
# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group xyz to use otrs)
$Self->{'AuthModule::LDAP::GroupDN'} = 'cn=otrsallow,ou=posixGroups,dc=example,dc=com';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'memberUid';
# for ldap posixGroups objectclass (just uid)
# $Self->{'AuthModule::LDAP::UserAttr'} = 'UID';
# for non ldap posixGroups objectclass (with full user dn)
# $Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
# The following is valid but would only be necessary if the
# anonymous user do NOT have permission to read from the LDAP tree
$Self->{'AuthModule::LDAP::SearchUserDN'} = '';
$Self->{'AuthModule::LDAP::SearchUserPw'} = '';
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
$Self->{'AuthModule::LDAP::AlwaysFilter'} = '';
# in case you want to add a suffix to each login name, then
# you can use this option. e. g. user just want to use user but
# in your ldap directory exists user@domain.
# $Self->{'AuthModule::LDAP::UserSuffix'} = '@domain.com';
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
The following is for authentication. You should be receiving System Log messages why your customers aren't authenticating. but logging in Windows is different from Logging in linux, which is why you (might) not see error messages.
# This is an example configuration for an LDAP auth. backend.
# (Make sure Net::LDAP is installed!)
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'ldap.example.com';
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=example,dc=com';
$Self->{'AuthModule::LDAP::UID'} = 'uid';
# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group xyz to use otrs)
$Self->{'AuthModule::LDAP::GroupDN'} = 'cn=otrsallow,ou=posixGroups,dc=example,dc=com';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'memberUid';
# for ldap posixGroups objectclass (just uid)
# $Self->{'AuthModule::LDAP::UserAttr'} = 'UID';
# for non ldap posixGroups objectclass (with full user dn)
# $Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
# The following is valid but would only be necessary if the
# anonymous user do NOT have permission to read from the LDAP tree
$Self->{'AuthModule::LDAP::SearchUserDN'} = '';
$Self->{'AuthModule::LDAP::SearchUserPw'} = '';
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
$Self->{'AuthModule::LDAP::AlwaysFilter'} = '';
# in case you want to add a suffix to each login name, then
# you can use this option. e. g. user just want to use user but
# in your ldap directory exists user@domain.
# $Self->{'AuthModule::LDAP::UserSuffix'} = '@domain.com';
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
OTRS 6.0.x (private/testing/public) on Linux with MySQL database.
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
-
- Znuny advanced
- Posts: 148
- Joined: 25 Oct 2010, 10:02
- Znuny Version: 3.2
- Location: Bangalore, India
Re: Unable to log in as Customer AD/LDAP user
Thanks, Crythias. But it still doesn't help:-)
What I think I am unclear is we use many parameters while configuring it with AD/ldap. I don't know what does OTRS use to login as AD user. Is it user id, customerkey, customerid, username, USER DN? Then perhaps it may be clear if it is using passwords correctly to log in the first place.
Best Regards
Chetan
What I think I am unclear is we use many parameters while configuring it with AD/ldap. I don't know what does OTRS use to login as AD user. Is it user id, customerkey, customerid, username, USER DN? Then perhaps it may be clear if it is using passwords correctly to log in the first place.
Best Regards
Chetan
Best Regards
Chetan
OTRS 3.06
ITSM 3.1
MySQL
Windows 7 Ultimate
Chetan
OTRS 3.06
ITSM 3.1
MySQL
Windows 7 Ultimate
-
- Znuny superhero
- Posts: 723
- Joined: 10 Oct 2007, 14:30
- Znuny Version: 3.0
- Location: Hamburg, Germany
Re: Unable to log in as Customer AD/LDAP user
Seems like you did some C&P and forgot to change it to your needs.
is missing.
Watch the first block of your config that you have posted! Customer and Agent Auth are different modules!
Another advice would be to try it without filter first.
Code: Select all
$Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
Watch the first block of your config that you have posted! Customer and Agent Auth are different modules!
Another advice would be to try it without filter first.
openSuSE on ESX
IT-Helpdesk: OTRS 3.0
Customer Service: OTRS 3.0 (upgraded from 2.3)
Customer Service (subsidiary): OTRS 3.0
+additional test and development systems
IT-Helpdesk: OTRS 3.0
Customer Service: OTRS 3.0 (upgraded from 2.3)
Customer Service (subsidiary): OTRS 3.0
+additional test and development systems
-
- Znuny advanced
- Posts: 148
- Joined: 25 Oct 2010, 10:02
- Znuny Version: 3.2
- Location: Bangalore, India
Re: Unable to log in as Customer AD/LDAP user
That's a good catch, ferrosti. Lemme try and see if that works.
Best Regards
Chetan
Best Regards
Chetan
Best Regards
Chetan
OTRS 3.06
ITSM 3.1
MySQL
Windows 7 Ultimate
Chetan
OTRS 3.06
ITSM 3.1
MySQL
Windows 7 Ultimate
-
- Znuny advanced
- Posts: 148
- Joined: 25 Oct 2010, 10:02
- Znuny Version: 3.2
- Location: Bangalore, India
Re: Unable to log in as Customer AD/LDAP user
Hello ferrosti,
I made the necessary change and then tested it. I was not able to log in though. I noticed the below error in admin sys log. Not sure when is that caused. Any idea?
First bind failed! 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
I made the necessary change and then tested it. I was not able to log in though. I noticed the below error in admin sys log. Not sure when is that caused. Any idea?
First bind failed! 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
Best Regards
Chetan
OTRS 3.06
ITSM 3.1
MySQL
Windows 7 Ultimate
Chetan
OTRS 3.06
ITSM 3.1
MySQL
Windows 7 Ultimate
-
- Znuny superhero
- Posts: 723
- Joined: 10 Oct 2007, 14:30
- Znuny Version: 3.0
- Location: Hamburg, Germany
Re: Unable to log in as Customer AD/LDAP user
openSuSE on ESX
IT-Helpdesk: OTRS 3.0
Customer Service: OTRS 3.0 (upgraded from 2.3)
Customer Service (subsidiary): OTRS 3.0
+additional test and development systems
IT-Helpdesk: OTRS 3.0
Customer Service: OTRS 3.0 (upgraded from 2.3)
Customer Service (subsidiary): OTRS 3.0
+additional test and development systems
-
- Znuny advanced
- Posts: 148
- Joined: 25 Oct 2010, 10:02
- Znuny Version: 3.2
- Location: Bangalore, India
Re: Unable to log in as Customer AD/LDAP user
Thanks for the reply, ferrosti. At least after going thru the link, I was able to identify that the issue is with username, DN. I'll try out different combinations and that should work. Thanks again.
Best Regards
Chetan
Best Regards
Chetan
Best Regards
Chetan
OTRS 3.06
ITSM 3.1
MySQL
Windows 7 Ultimate
Chetan
OTRS 3.06
ITSM 3.1
MySQL
Windows 7 Ultimate
-
- Znuny newbie
- Posts: 85
- Joined: 25 Jan 2011, 06:54
- Znuny Version: OTRS 3
- Company: eStomi Technologies Pvt Ltd
- Contact:
Re: Unable to log in as Customer AD/LDAP user
I am getting the error as OTRS-CGI-10 Sizelimit exceeded .
and nothing is getting populated when i click on Customers in the admin area.
Below is my Config.pm
# CustomerUser
# (customer user ldap backend and settings)
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'somedomain.com';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=somedomain,dc=com';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'uid';
#$Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'cn=abcd,ou=users,dc=somedomain,dc=com';
#$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID';
$Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=abcd,dc=somedomain';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'xxxxxx';
$Self->{'Customer::AuthModule::LDAP::Params'} = {
port => 3268,
timeout => 120,
async => 0,
version => 3,
};
$Self->{CustomerUser} = {
Name => 'LDAP Datasource',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'somedomain.com',
BaseDN => 'dc=somedomain,dc=com',
SSCOPE => 'sub',
UserDN => 'cn=abcd,dc=somedomain',
UserPW => 'xxxxxx',
Params => {
port => 3268,
timeout => 120,
async => 0,
version => 3,
},
},
CustomerKey => 'uid',
CustomerID => 'mail',
CustomerUserListFields => ['sn', 'cn', 'mail'],
CustomerUserSearchFields => ['uid', 'cn', 'sn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
CustomerUserExcludePrimaryCustomerID => 0,
AdminSetPreferences => 0,
Map => [
[ 'UserSalutation', 'Title', 'title', 1, 0, 'var', '', 0 ],
[ 'UserFirstname', 'Firstname', 'cn', 1, 1, 'var', '', 0 ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var', '', 0 ],
[ 'UserLogin', 'Username', 'uid', 1, 1, 'var', '', 0 ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var', '', 0 ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var', '', 0 ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var', '', 0 ],
[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var', '', 0 ],
[ 'UserComment', 'Comment', 'description', 1, 0, 'var', '', 0 ],
],
};
and nothing is getting populated when i click on Customers in the admin area.
Below is my Config.pm
# CustomerUser
# (customer user ldap backend and settings)
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'somedomain.com';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=somedomain,dc=com';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'uid';
#$Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'cn=abcd,ou=users,dc=somedomain,dc=com';
#$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID';
$Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=abcd,dc=somedomain';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'xxxxxx';
$Self->{'Customer::AuthModule::LDAP::Params'} = {
port => 3268,
timeout => 120,
async => 0,
version => 3,
};
$Self->{CustomerUser} = {
Name => 'LDAP Datasource',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'somedomain.com',
BaseDN => 'dc=somedomain,dc=com',
SSCOPE => 'sub',
UserDN => 'cn=abcd,dc=somedomain',
UserPW => 'xxxxxx',
Params => {
port => 3268,
timeout => 120,
async => 0,
version => 3,
},
},
CustomerKey => 'uid',
CustomerID => 'mail',
CustomerUserListFields => ['sn', 'cn', 'mail'],
CustomerUserSearchFields => ['uid', 'cn', 'sn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
CustomerUserExcludePrimaryCustomerID => 0,
AdminSetPreferences => 0,
Map => [
[ 'UserSalutation', 'Title', 'title', 1, 0, 'var', '', 0 ],
[ 'UserFirstname', 'Firstname', 'cn', 1, 1, 'var', '', 0 ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var', '', 0 ],
[ 'UserLogin', 'Username', 'uid', 1, 1, 'var', '', 0 ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var', '', 0 ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var', '', 0 ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var', '', 0 ],
[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var', '', 0 ],
[ 'UserComment', 'Comment', 'description', 1, 0, 'var', '', 0 ],
],
};
OTRS 3.2.x, Linux Ubuntu, Mysql 5.1.
-
- Znuny newbie
- Posts: 85
- Joined: 25 Jan 2011, 06:54
- Znuny Version: OTRS 3
- Company: eStomi Technologies Pvt Ltd
- Contact:
Re: Unable to log in as Customer AD/LDAP user
I could fix it, the problem was in 'uid'
$Self->{'Customer::AuthModule::LDAP::UID'} = 'uid';
Changed to
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
and in all occurrence of 'uid'
But now i am unable to login through customer portal
i get this error in adminlog
First bind failed! 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
but if search that customer, that customer exists
Any help would be much appreciated.
Thanks
Srivatsa
$Self->{'Customer::AuthModule::LDAP::UID'} = 'uid';
Changed to
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
and in all occurrence of 'uid'
But now i am unable to login through customer portal
i get this error in adminlog
First bind failed! 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
but if search that customer, that customer exists
Any help would be much appreciated.
Thanks
Srivatsa
OTRS 3.2.x, Linux Ubuntu, Mysql 5.1.
-
- Znuny superhero
- Posts: 723
- Joined: 10 Oct 2007, 14:30
- Znuny Version: 3.0
- Location: Hamburg, Germany
Re: Unable to log in as Customer AD/LDAP user
This error has already been discussed here. A search could help.
First bind is about the search user not being able to login.
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=abcd,dc=somedomain';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'xxxxxx';
First bind is about the search user not being able to login.
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=abcd,dc=somedomain';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'xxxxxx';
openSuSE on ESX
IT-Helpdesk: OTRS 3.0
Customer Service: OTRS 3.0 (upgraded from 2.3)
Customer Service (subsidiary): OTRS 3.0
+additional test and development systems
IT-Helpdesk: OTRS 3.0
Customer Service: OTRS 3.0 (upgraded from 2.3)
Customer Service (subsidiary): OTRS 3.0
+additional test and development systems