DB will not sync with AD
Moderator: crythias
-
- Znuny newbie
- Posts: 4
- Joined: 06 Feb 2012, 22:59
- Znuny Version: 3.1
- Real Name: Ingmar Oost
- Company: Host Ventura
DB will not sync with AD
Hello all,
Since I am relatively new to OTRS, I hope you can forgive me for opening a topic for which the full internet is swarmed with already.
We are considering of replacing our current service management tool and one of the promising replacements would be OTRS.
The installation was relatively easy but whatever I try I am unable to sync the MySQL database with our AD. I have scoured the internet endlessly but to no avail.
OTRS is able to authenticate the user against the AD so I am fairly certain that the issues lies within the syncing part of the Config.pm. An ldap.search with the provided credentials also works flawlessly.
I was hoping that some of you would like to have an expert look at a part of the Config.pm coding and tell me what I have done wrong. As far as I can tell it is the same as working examples found on the internet.
It would be much appreciated.
Config.pm:
# ---------------------------------------- #
# LDAP authentication and synchronization #
# ---------------------------------------- #
# Connection to LDAP
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'DC1.hvmgnt.local';
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=hvmgnt,dc=local';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
# Check if the user is allowed to auth in the OTRS group
$Self->{'AuthModule::LDAP::GroupDN'} = 'CN=Agents,OU=OTRS,OU=Groups,OU=HostVentura,DC=hvmgnt,DC=local';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
# Bind credentials to log into AD
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=OTRS SEARCH,OU=Users,ou=HostVentura,dc=hvmgnt,dc=local';
$Self->{'AuthModule::LDAP::SearchUserPw'} = '********';
# Net::LDAP new parameters
$Self->{'AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
sscope => 'sub',
};
# Connection to LDAP
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = 'DC1.hvmgnt.local';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=hvmgnt,dc=local';
$Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthSyncModule::LDAP::UserAttr'} = 'UID';
$Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'memberUid';
# Bind credentials to log into AD
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'CN=OTRS SEARCH,OU=Users,ou=HostVentura,dc=hvmgnt,dc=local';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = '********';
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
# DB -> LDAP
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
# Net::LDAP new parameters
$Self->{'AuthSyncModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
sscope => 'sub',
};
Now I did finally notice that in our AD no 'UID' or 'MemberUid' have been created. So I thought I had the solution, however when I manually created these it still did not work.
As a test I have given on of the users as UID 'test' and the group that user is a member of as memberUid also 'test'.
Kind regards,
HostVentura
Since I am relatively new to OTRS, I hope you can forgive me for opening a topic for which the full internet is swarmed with already.
We are considering of replacing our current service management tool and one of the promising replacements would be OTRS.
The installation was relatively easy but whatever I try I am unable to sync the MySQL database with our AD. I have scoured the internet endlessly but to no avail.
OTRS is able to authenticate the user against the AD so I am fairly certain that the issues lies within the syncing part of the Config.pm. An ldap.search with the provided credentials also works flawlessly.
I was hoping that some of you would like to have an expert look at a part of the Config.pm coding and tell me what I have done wrong. As far as I can tell it is the same as working examples found on the internet.
It would be much appreciated.
Config.pm:
# ---------------------------------------- #
# LDAP authentication and synchronization #
# ---------------------------------------- #
# Connection to LDAP
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'DC1.hvmgnt.local';
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=hvmgnt,dc=local';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
# Check if the user is allowed to auth in the OTRS group
$Self->{'AuthModule::LDAP::GroupDN'} = 'CN=Agents,OU=OTRS,OU=Groups,OU=HostVentura,DC=hvmgnt,DC=local';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
# Bind credentials to log into AD
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=OTRS SEARCH,OU=Users,ou=HostVentura,dc=hvmgnt,dc=local';
$Self->{'AuthModule::LDAP::SearchUserPw'} = '********';
# Net::LDAP new parameters
$Self->{'AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
sscope => 'sub',
};
# Connection to LDAP
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = 'DC1.hvmgnt.local';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=hvmgnt,dc=local';
$Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthSyncModule::LDAP::UserAttr'} = 'UID';
$Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'memberUid';
# Bind credentials to log into AD
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'CN=OTRS SEARCH,OU=Users,ou=HostVentura,dc=hvmgnt,dc=local';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = '********';
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
# DB -> LDAP
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
# Net::LDAP new parameters
$Self->{'AuthSyncModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
sscope => 'sub',
};
Now I did finally notice that in our AD no 'UID' or 'MemberUid' have been created. So I thought I had the solution, however when I manually created these it still did not work.
As a test I have given on of the users as UID 'test' and the group that user is a member of as memberUid also 'test'.
Kind regards,
HostVentura
Testing: OTRS: 3.1.ITSM
OS: Centos
Apache2/MySQL 5
OS: Centos
Apache2/MySQL 5
Re: DB will not sync with AD
what is the log telling? what OTRS version?
"Production": OTRS™ 8, OTRS™ 7, STORM powered by OTRS
"Testing": ((OTRS Community Edition)) and git Master
Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
"Testing": ((OTRS Community Edition)) and git Master
Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
-
- Znuny newbie
- Posts: 4
- Joined: 06 Feb 2012, 22:59
- Znuny Version: 3.1
- Real Name: Ingmar Oost
- Company: Host Ventura
Re: DB will not sync with AD
Apologies, my brain was sluggish from working long nights.
We have OTRS version ITSM 3.1 Beta 3. The logs state the following
last entry var/log/https/error_log:
***********************************************************************************************************************************************************************************
[Tue Feb 7 12:41:10 2012] -e: Use of uninitialized value in concatenation (.) or string at /opt/otrs//Kernel/System/Log.pm line 161, <DATA> line 558.
ERROR: OTRS-CGI-10 Perl: 5.8.8 OS: linux Time: Tue Feb 7 12:41:10 2012
Message: No UserID found for 'otrs.test'!
Traceback (15832):
Module: Kernel::System::User::UserLookup (v1.116) Line: 746
Module: Kernel::System::Auth::Auth (v1.52) Line: 274
Module: Kernel::System::Web::InterfaceAgent::Run (v1.62) Line: 204
Module: ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_index_2epl::handler (unknown version) Line: 46
Module: (eval) (v1.90) Line: 204
Module: ModPerl::RegistryCooker::run (v1.90) Line: 204
Module: ModPerl::RegistryCooker::default_handler (v1.90) Line: 170
Module: ModPerl::Registry::handler (v1.99) Line: 31
***********************************************************************************************************************************************************************************
The OTRS system log:
***********************************************************************************************************************************************************************************
Tue Feb 7 12:41:10 2012
notice
OTRS-CGI-10
Panic! No UserData for user: 'otrs.test'!!!
Tue Feb 7 12:41:10 2012
error
OTRS-CGI-10
No UserID found for 'otrs.test'!
Tue Feb 7 12:41:10 2012
error
OTRS-CGI-10
No UserID found for 'otrs.test'!
Tue Feb 7 12:41:10 2012
notice
OTRS-CGI-10
User: otrs.test (CN=otrs test,CN=Users,DC=hvmgnt,DC=local) authentication ok (REMOTE_ADDR: 10.10.5.100).
***********************************************************************************************************************************************************************************
Is there any more logs you would like to see? If so than please let me know which ones and where I can find them.
Some additional information after fiddling some more. I found the suggestion somewhere on this forum to try and import an admin using the commandline AddUser.pl, however it returns that the command is not found.
I am far from knowledgeable when it comes to Linux OS (in fact this is my first real encounter with Linux), am I doing something obviously wrong?
The AddUser.pl file is present at the location I executed the command from.
Executed commands:
cd opt/otrs/bin
AddUser.pl -f otrs -l test -p ******* -g admin -e otrs.test@hvmgnt.local otrs.test
Output:
-bash: AddUser.pl: command not found
Many thanks in advance.
We have OTRS version ITSM 3.1 Beta 3. The logs state the following
last entry var/log/https/error_log:
***********************************************************************************************************************************************************************************
[Tue Feb 7 12:41:10 2012] -e: Use of uninitialized value in concatenation (.) or string at /opt/otrs//Kernel/System/Log.pm line 161, <DATA> line 558.
ERROR: OTRS-CGI-10 Perl: 5.8.8 OS: linux Time: Tue Feb 7 12:41:10 2012
Message: No UserID found for 'otrs.test'!
Traceback (15832):
Module: Kernel::System::User::UserLookup (v1.116) Line: 746
Module: Kernel::System::Auth::Auth (v1.52) Line: 274
Module: Kernel::System::Web::InterfaceAgent::Run (v1.62) Line: 204
Module: ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_index_2epl::handler (unknown version) Line: 46
Module: (eval) (v1.90) Line: 204
Module: ModPerl::RegistryCooker::run (v1.90) Line: 204
Module: ModPerl::RegistryCooker::default_handler (v1.90) Line: 170
Module: ModPerl::Registry::handler (v1.99) Line: 31
***********************************************************************************************************************************************************************************
The OTRS system log:
***********************************************************************************************************************************************************************************
Tue Feb 7 12:41:10 2012
notice
OTRS-CGI-10
Panic! No UserData for user: 'otrs.test'!!!
Tue Feb 7 12:41:10 2012
error
OTRS-CGI-10
No UserID found for 'otrs.test'!
Tue Feb 7 12:41:10 2012
error
OTRS-CGI-10
No UserID found for 'otrs.test'!
Tue Feb 7 12:41:10 2012
notice
OTRS-CGI-10
User: otrs.test (CN=otrs test,CN=Users,DC=hvmgnt,DC=local) authentication ok (REMOTE_ADDR: 10.10.5.100).
***********************************************************************************************************************************************************************************
Is there any more logs you would like to see? If so than please let me know which ones and where I can find them.
Some additional information after fiddling some more. I found the suggestion somewhere on this forum to try and import an admin using the commandline AddUser.pl, however it returns that the command is not found.
I am far from knowledgeable when it comes to Linux OS (in fact this is my first real encounter with Linux), am I doing something obviously wrong?
The AddUser.pl file is present at the location I executed the command from.
Executed commands:
cd opt/otrs/bin
AddUser.pl -f otrs -l test -p ******* -g admin -e otrs.test@hvmgnt.local otrs.test
Output:
-bash: AddUser.pl: command not found
Many thanks in advance.
Testing: OTRS: 3.1.ITSM
OS: Centos
Apache2/MySQL 5
OS: Centos
Apache2/MySQL 5
-
- Znuny superhero
- Posts: 723
- Joined: 10 Oct 2007, 14:30
- Znuny Version: 3.0
- Location: Hamburg, Germany
Re: DB will not sync with AD
At least
should be corrected to
otrs.AddUser.pl !
Code: Select all
-bash: AddUser.pl: command not found
otrs.AddUser.pl !
Last edited by ferrosti on 07 Feb 2012, 16:19, edited 2 times in total.
openSuSE on ESX
IT-Helpdesk: OTRS 3.0
Customer Service: OTRS 3.0 (upgraded from 2.3)
Customer Service (subsidiary): OTRS 3.0
+additional test and development systems
IT-Helpdesk: OTRS 3.0
Customer Service: OTRS 3.0 (upgraded from 2.3)
Customer Service (subsidiary): OTRS 3.0
+additional test and development systems
Re: DB will not sync with AD
please show the OTRS log
"Production": OTRS™ 8, OTRS™ 7, STORM powered by OTRS
"Testing": ((OTRS Community Edition)) and git Master
Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
"Testing": ((OTRS Community Edition)) and git Master
Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
-
- Znuny newbie
- Posts: 4
- Joined: 06 Feb 2012, 22:59
- Znuny Version: 3.1
- Real Name: Ingmar Oost
- Company: Host Ventura
Re: DB will not sync with AD
Can you point me to the location of that log? I have been searching but was unable to find it.
Testing: OTRS: 3.1.ITSM
OS: Centos
Apache2/MySQL 5
OS: Centos
Apache2/MySQL 5
-
- Znuny superhero
- Posts: 723
- Joined: 10 Oct 2007, 14:30
- Znuny Version: 3.0
- Location: Hamburg, Germany
Re: DB will not sync with AD
The otrs log should be somewhere in
$OTRS_HOME/var/log/
and named as configured (e.g. otrs2012-2.log)
$OTRS_HOME/var/log/
and named as configured (e.g. otrs2012-2.log)
openSuSE on ESX
IT-Helpdesk: OTRS 3.0
Customer Service: OTRS 3.0 (upgraded from 2.3)
Customer Service (subsidiary): OTRS 3.0
+additional test and development systems
IT-Helpdesk: OTRS 3.0
Customer Service: OTRS 3.0 (upgraded from 2.3)
Customer Service (subsidiary): OTRS 3.0
+additional test and development systems
-
- Znuny newbie
- Posts: 4
- Joined: 06 Feb 2012, 22:59
- Znuny Version: 3.1
- Real Name: Ingmar Oost
- Company: Host Ventura
Re: DB will not sync with AD
I am afraid that there is nothing there except a ticketcounter.log. Is it something that should be manually enabled?
The installation has not been done by myself.
The installation has not been done by myself.
Testing: OTRS: 3.1.ITSM
OS: Centos
Apache2/MySQL 5
OS: Centos
Apache2/MySQL 5
Re: DB will not sync with AD
Please fill your signature with OTRS Version, OS and installed modules
On Linux systems the log should be part of the system log
On Linux systems the log should be part of the system log
"Production": OTRS™ 8, OTRS™ 7, STORM powered by OTRS
"Testing": ((OTRS Community Edition)) and git Master
Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
"Testing": ((OTRS Community Edition)) and git Master
Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
-
- Znuny newbie
- Posts: 30
- Joined: 26 Aug 2011, 17:06
- Znuny Version: 3.0.10
- Real Name: Martyn Collis
- Company: Monmouthshire Building Society
Re: DB will not sync with AD
Having recently had troubles such as this myself, i've pasted a copy of my config for you to see below.
Hopefully that will help you along the way.
Although the users dont get created in my DB they are simply pulled directly from AD and can be seen in the customer view:
As you can see, i'm also using the Apache sspi auth for my customers (not agents).
I've configured the sspi auth to ignore the domain part of the username when parsing it to the customer login screens.
If you want a copy of my apache auth settings let me know.
Hopefully that will help you along the way.
Although the users dont get created in my DB they are simply pulled directly from AD and can be seen in the customer view:
Code: Select all
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::HTTPBasicAuth';
$Self->{LogModule} = 'Kernel::System::Log::File';
$Self->{LogModule::LogFile} = 'C:/OTRS/OTRS/var/log/otrs.log';
# $DIBI$
$Self->{'DefaultCharset'} = 'utf-8';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'DOMAIN\user.name';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'Password';
#CustomerUser LDAP1
#(customer user database backend and settings)
$Self->{CustomerUser1} = {
Name => 'Domain1',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'server.domain.com',
BaseDN => 'DC=domain,DC=com',
SSCOPE => 'sub',
UserDN => 'DOMAIN\user.name',
UserPw => 'Password',
AlwaysFilter => '(&(&(objectCategory=person)(|(objectClass=contact)(objectClass=user))(memberOf=cn=itsupport_web,ou=Groups,dc=domain,dc=COM)))',
},
#AlwaysFilter => '(&(!(objectClass=Computer))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))',
# customer unique id
CustomerKey => 'sAMAccountName',
# customer #
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
#[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
#[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
#[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
I've configured the sspi auth to ignore the domain part of the username when parsing it to the customer login screens.
If you want a copy of my apache auth settings let me know.
Running: OTRS 3.0.10 (Live) OTRS 3.2.3 (Test)
OS: Windows Server 2003
DB: MySQL
HTTP: Apache
OS: Windows Server 2003
DB: MySQL
HTTP: Apache