I've been trawling google trying to resolve this issue and have come to the conclusion that I need to ask for help!
Just started a new job where they have an Ubuntu 10.04 server running OTRS 3.0.9 and none of the IT folks here know Linux in any of its forms. So, as the only person here with Linux knowledge, I've spent the first week of my new job setting up a VM on my local machine to run a test install of OTRS 3.1.14 on Ubuntu 12.04.2 LTS 64 bit so I can trial an upgrade&migration to then upgrade to OTRS 3.2.
End goal is to make the new OTRS server a VM in VSphere so they can use snapshots etc.
The network mount targeted by the backup.pl cron job wasn't even mounting, so, up until now, they haven't even had a backup beyond a SQL dump stored locally on the old PC that the live OTRS is running on. Guy who set it up didn't even apply "-t fullbackup" to the script once a month and the SQL backups they DO have are all different sizes, making me think it's not getting a proper dump every time. BUT - that's another issue for another day!
On my test Ubuntu VM, the main thing I'm having issues with is that I've got LDAP connecting but it won't let me use root@localhost unless I comment out all the LDAP lines in the config.pm and, when LDAP isn't commented out, it won't let me log in using my own account from active directory without throwing up a '500 Internal Server Error' page upon hitting 'login'.
Config - LDAP info:
Code: Select all
# ---------------------------------------------------- #
# insert your own config settings "here" #
# config settings taken from Kernel/Config/Defaults.pm #
# ---------------------------------------------------- #
# $Self->{SessionUseCookie} = 0;
# $Self->{CheckMXRecord} = 0;
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = '1.1.1.1';
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=domain';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::GroupDN'} = 'ou=ca,dc=domain';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
$Self->{'AuthModule::LDAP::SearchUserDN'}='cn=websecurity,ou=webaccess,dc=domain';
$Self->{'AuthModule::LDAP::SearchUserPw'}='password_yarr';
$Self->{'AuthModule::LDAP::AlwaysFilter'} = '';
$Self->{'AuthModule::LDAP::UserSuffix'} = '';
$Self->{'AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = '1.1.1.1';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=domain';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=websecurity,ou=webaccess,dc=domain';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'password_yarr';
$Self->{'AuthModule::UseSyncBackend'} = 'AuthSyncBackend2';
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = 'ldap://1.1.1.1';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=domain';
$Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthSyncModule::LDAP::UserAttr'} = 'DN';
$Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'cn=websecurity,ou=webaccess,dc=domain';
$Self->{'AuthSyncModule::LDAP::SearchUserPW'} = 'password_yarr';
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
# DB -> LDAP
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
#AuthSyncModule::LDAP::UserSyncInitialGroups
# (Sync following group with rw permission after initial create of first agent login)
$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
'users',
];
$Self->{CustomerUser} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => '1.1.1.1',
BaseDN => 'dc=domain',
AlwaysFilter => '(&(objectCategory=person)(objectclass=user)(mail=*))',
SSCOPE => 'sub',
UserDN => 'cn=websecurity,ou=ca,dc=domain',
UserPw => 'password_yarr',
},
CustomerKey => 'sAMAccountName',
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchListLimit => 1000,
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
ReadOnly => 1,
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type, http-link, readonly, http-link-target
[ 'UserFirstname' , 'Firstname' , 'givenname' , 1, 1, 'var', '', 0 ],
[ 'UserLastname' , 'Lastname' , 'sn' , 1, 1, 'var', '', 0 ],
[ 'UserDepartment' , 'Department' , 'Department' , 1, 0, 'var', '', 0 ],
[ 'UserJobTitle' , 'Job Title' , 'title' , 1, 0, 'var', '', 0 ],
[ 'UserLogin' , 'Login' , 'sAMAccountName' , 0, 1, 'var', '', 0 ],
[ 'UserEmail' , 'Email' , 'mail' , 1, 1, 'var', '', 0 ],
[ 'UserCustomerID' , 'CustomerID' , 'mail' , 0, 1, 'var', '', 0 ],
[ 'UserPhone' , 'Phone' , 'telephonenumber' , 1, 0, 'var', '', 0 ],
#[ 'UserAddress' , 'Address' , 'postaladdress' , 1, 0, 'var', '', 0 ],
#[ 'UserComment' , 'Comment' , 'description' , 1, 0, 'var', '', 0 ],
#[ 'UserManager' , 'Manager' , 'manager' , 1, 0, 'var', '', 0 ],
],
};
Code: Select all
o CGI..............................ok (v3.59)
o Crypt::PasswdMD5.................ok (v1.3)
o Crypt::SSLeay....................ok (v0.57)
o CSS::Minifier....................ok (v0.01)
o Date::Format.....................ok (v2.24)
o Date::Pcalc......................ok (v1.2)
o DBI..............................ok (v1.616)
o DBD::mysql.......................ok (v4.020)
o DBD::ODBC........................Not installed! (Optional - Required to connect to a MS-SQL database.)
o DBD::Oracle......................Not installed! (Optional - Required to connect to a Oracle database.)
o DBD::Pg..........................Not installed! (Optional - Required to connect to a PostgreSQL database.)
o Digest::MD5......................ok (v2.51)
o Digest::SHA::PurePerl............ok (v5.70)
o Digest::SHA......................ok (v5.61)
o Encode::HanExtra.................Not installed! (Optional - Required to handle mails with several Chinese character sets.)
o Encode::Locale...................ok (v1.02)
o GD...............................ok (v2.46)
o GD::Text......................ok (v0.86)
o GD::Graph.....................ok (v1.44)
o GD::Graph::lines..............ok (v1.15)
o GD::Text::Align...............ok (v1.18)
o IO::Scalar.......................ok (v2.110)
o IO::Wrap.........................ok (v2.110)
o JavaScript::Minifier.............ok (v1.05)
o JSON.............................ok (v2.53)
o JSON::PP......................ok (v2.27200)
o JSON::XS......................Not installed! (Optional - Recommended for faster AJAX/JavaScript handling.)
o Locale::Codes....................ok (v3.18)
o LWP::UserAgent...................ok (v6.03)
o Mail::Internet...................ok (v2.08)
o Mail::POP3Client.................ok (v1.1 )
o IO::Socket::SSL...............ok (v1.53)
o Mail::IMAPClient.................Not installed! (Optional - Required for IMAP TLS connections.)
o IO::Socket::SSL...............ok (v1.53)
o MIME::Base64.....................ok (v3.13)
o MIME::Tools......................ok (v5.428)
o ModPerl::Util....................ok (v2.000005)
o Apache::DBI...................ok (v1.11)
o Apache2::Reload...............ok (v0.11)
o Net::DNS.........................ok (v0.66)
o Net::POP3........................ok (v2.29)
o Net::IMAP::Simple................ok (v1.2030)
o Net::IMAP::Simple::SSL........ok (v1.1)
o Net::SMTP........................ok (v2.31)
o Authen::SASL..................ok (v2.15)
o Net::SMTP::SSL................ok (v1.01)
o Net::SMTP::TLS::ButMaintained.ok (v0.20)
o Net::LDAP........................ok (v0.43)
o Net::SSL.........................ok (v2.84)
o PDF::API2........................ok (v2.019)
o Compress::Zlib................ok (v2.033)
o SOAP::Lite.......................ok (v0.714)
o version.......................ok (v0.88)
o Class::Inspector..............ok (v1.25)
o Text::CSV........................ok (v1.21)
o Text::CSV_PP..................ok (v1.29)
o Text::CSV_XS..................Not installed! (Optional - Recommended for faster CSV handling.)
o Time::HiRes......................ok (v1.972101)
o XML::Parser......................ok (v2.41)
o HTTP::Message....................ok (v6.02)
o HTTP::Headers.................ok (v6.00)
o URI..............................ok (v1.59)
o URI::Escape...................ok (v3.31)
o Scalar::Util.....................ok (v1.23)
Code: Select all
#use CGI (); CGI->compile(':all');
use CGI ();
CGI->compile(':cgi');
use CGI::Carp ();
use Apache::DBI;
Apache::DBI->connect_on_init('DBI:mysql:otrs','otrs','password');
use DBI ();
# enable this if you use mysql
use DBD::mysql ();
use Kernel::System::DB::mysql;
Code: Select all
[Notice][Kernel::System::Auth::LDAP::Auth] User: myuser (CN=Name Name,OU=Information Technology,OU=Edinburgh,OU=Users,OU=CA,DC=domain) authentication ok (REMOTE_ADDR: 1.1.1.2).
Code: Select all
ERROR: OTRS-CGI-10 Perl: 5.14.2 OS: linux Time: Fri Apr 12 12:33:26 2013
Message: No UserID found for 'myuser'!
Traceback (3409):
Module: Kernel::System::User::UserLookup (v1.121) Line: 797
Module: Kernel::System::Auth::Auth (v1.56) Line: 224
Module: Kernel::System::Web::InterfaceAgent::Run (v1.64) Line: 204
Module: ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_index_2epl::handler (unknown version) Line: 46
Module: (eval) (v1.90) Line: 204
Module: ModPerl::RegistryCooker::run (v1.90) Line: 204
Module: ModPerl::RegistryCooker::default_handler (v1.90) Line: 170
Module: ModPerl::Registry::handler (v1.99) Line: 31
Code: Select all
[Fri Apr 12 12:46:29 2013] [error] Can't call method "Sync" on an undefined value at /opt/otrs//Kernel/System/Auth.pm line 207.\n
[Fri Apr 12 12:47:16 2013] [notice] caught SIGTERM, shutting down
[Fri Apr 12 12:47:46 2013] [notice] Apache/2.2.22 (Ubuntu) PHP/5.3.10-1ubuntu3.6 with Suhosin-Patch mod_perl/2.0.5 Perl/v5.14.2 configured -- resuming normal operations
Code: Select all
.
Kernel/Config.pm
Kernel/Config/GenericAgent.pm
Kernel/Config/Files/ZZZAuto.pm
Ran the following scripts at various points:
otrs.SetPermissions.pl
Code: Select all
bin/otrs.SetPermissions.pl --otrs-user=otrs --otrs-group=www-data --web-user=www-data --web-group=www-data /opt/otrs-3.1.14
Code: Select all
useradd -r -d /opt/otrs/ -c 'OTRS user' otrs
usermod -g www-data otrs
bin/otrs.RebuildConfig.pl
bin/otrs.DeleteCache.pl
Restarted apache2 etc multiple times, whole machine has been turned off and on multiple times.
I manually set up a lot of things because the installer.pl wasn't loading initially but have since run that just to make sure I wasn't missing anything by not doing it. But alas, still stuck at 500 error pages when trying to log in using the LDAP authentication. If I turn LDAP off, so to speak, I can log in as root@localhost and do stuff in OTRS. Also noticed that the otrs and mysql databases aren't saving any user account info using LDAP when it says authentication is successful so fairly certain that I've got something wrong in my Config.pm file as the otrs DB on the live server has agents from AD in it.
Any help would be appreciated! I've used OTRS before in previous jobs but never had to install, configure and migrate it before. Let me know if any more info is needed, I tried to include as much as I could.
Cheers