Hi,
Sorry for my previous email about LDAP.
I loose many time to understand, that the login URL for the
Customers is not the same that the URL for the Agents ;-)
With this URL
https://<mysite>/otrs/customer.pl
it is OK.
My advice would be finally to copy the necessary blocks from
Kernel/Config/Defaults.pm
and paste & edit them into
Kernel/Config.pm
to adapt at your local configuration.
Useful pages :
http://forums.otterhub.org/viewtopic.php?t=18340
http://wiki.otterhub.org/index.php?title=LDAP_mit_TLS_bzw._SSL
http://trinityhome.org/Home/index.php?content=CONFIGURING_OTRS_TO_MAKE_CUSTOMERS___USERS_AUTHENT&front_id=18&lang=en&locale=en
http://forums.otterhub.org/viewtopic.php?t=16543
http://itsm-demo.otrs.com/otrs/public.pl?Action=PublicFAQZoom;ItemID=243
Lectures :
Best regards,
Joel Marchand
Le Fri, Nov 04, 2016 at 02:47:40PM +0100, Joel Marchand disait :
>
> Hi
>
> Thanks for your email.
>
> I understand that the two parts
>
> $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
> $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = $SearchUserDN;
> $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = $SearchUserPw;
> $Self->{'Customer::AuthModule::LDAP::Host'} = $Host;
> $Self->{'Customer::AuthModule::LDAP::BaseDN'} = $Base;
> $Self->{'Customer::AuthModule::LDAP::UID'} = 'uid';
> $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'uid';
> $Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} =
> '(objectclass=posixAccount)';
> $Self->{'Customer::AuthModule::LDAP::Params'} = $Params;
>
> and
>
> $Self->{CustomerUser} = {
> Name => 'LDAP Backend',
> Module => 'Kernel::System::CustomerUser::LDAP',
> Params => {
> ...
> [ 'UserComment', 'Comment', 'description', 1, 0,
> 'var', '', 0 ],
> ],
> }
>
> are necessary. Sorry for this mistake.
>
> So I put these two parts in my configuration
> - the first : very similar to the "$Self->{'AuthModule'}" part
> - the second : very carefully edited from Config/Defaults.pm
>
> But I get the same messages when I try to connect
>
> - Web interface : Panic, user authenticated but no user data can be
> found in OTRS DB!! Perhaps the user is invalid.
>
> - error_log : Message: No UserID found for 'jma'!
>
> It is the same with the line
> $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'uid';
> or with the line
> $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID';
>
> Regards,
>
> Joel Marchand
>
> PS : one LDIF entry
>
> # jma, people, huma-num.fr
> dn: uid=jma,ou=people,dc=huma-num,dc=fr
> uid: jma
> loginShell: /bin/bash
> uidNumber: 30001
> gidNumber: 30001
> mail: [email protected]
> gosaMailDeliveryMode: []
> o: CNRS
> supannListeRouge: FALSE
> dateOfBirth: 1963-08-15
> gender: M
> co: France
> fdPrivateMail: [email protected]
> homeDirectory: /home/jma
> cn: jma jma
> sn: jma
> givenName: jma
> gecos: jma jma
> description: TGIR
> sambaSID: S-1-5-21-134782382-3786202306-2389167217-60003
> sambaDomainName: DEFAULT
> sambaMungedDial: IAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgA
> CAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAUAAEABoACA
> ABAEMAdAB4AEMAZgBnAFAAcgBlAHMAZQBuAHQANTUxZTBiYjAYAAgAAQBDAHQAeABDAGYAZwBGAGw
> AYQBnAHMAMQAwMGUwMDAxMBIACAABAEMAdAB4AFMAaABhAGQAbwB3ADAxMDAwMDAwKgACAAEAQwB0
> AHgATQBpAG4ARQBuAGMAcgB5AHAAdABpAG8AbgBMAGUAdgBlAGwAMDA=
> sambaAcctFlags: [U ]
> objectClass: inetOrgPerson
> objectClass: organizationalPerson
> objectClass: person
> objectClass: posixAccount
> objectClass: shadowAccount
> objectClass: gosaMailAccount
> objectClass: eduPerson
> objectClass: supannPerson
> objectClass: fdPersonalInfo
> objectClass: sambaSamAccount
> sambaBadPasswordTime: 0
> sambaBadPasswordCount: 0
> sambaNTPassword: xxxxxxxxxxxxxxxxxxxxxxxxx
> sambaPwdLastSet: 1478193536
>
>
> Le Fri, Nov 04, 2016 at 08:38:46AM -0400, Gerald Young disait :
> > Just for reference, I wrote this old post: http://forums.otterhub.org/
> > viewtopic.php?t=16543
> >
> > The following are important:
> > $Self->{'Customer::AuthModule::LDAP::UID'} = 'uid';
> > $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID';
> >
> > You can change these to mail if you want to try differently.
> >
> > On Fri, Nov 4, 2016 at 5:52 AM, Joel Marchand <[email protected]>
> > wrote:
> >
> >
> > Hello,
> >
> > My config : Linux CentOS 7 - otrs-5.0.13-01 (from rpm) - OpenLDAP 2.4
> >
> > I have configured OTRS to use LDAP for the Agents authentification. It
> > is
> > OK.
> >
> > I want to do the same for the Consumers. I read many examples, but
> > without
> > success.
> >
> > 1/ in the Administration/Consumers panel, I see all my LDAP users like :
> >
> > jjma2 jma2 jma2 [email protected] [email protected]
> >
> > 2/ when I try to login with an LDAP id, I get these message
> >
> > Panic, user authenticated but no user data can be found in OTRS
> > DB!! Perhaps the user is invalid.
> >
> > 3/ and in /var/log/httpd/error.log, I get
> >
> > ERROR: OTRS-CGI-38 Perl: 5.16.3 OS: linux Time: Fri Nov 4 10:40:31 2016
> >
> > Message: No UserID found for 'jjma2'!
> >
> > RemoteAddress: 109.190.22.197
> > RequestURI: /otrs/index.pl
> >
> > Traceback (19414):
> > Module: Kernel::System::User::UserLookup Line: 935
> > Module: Kernel::System::Auth::Auth Line: 206
> > Module: Kernel::System::Web::InterfaceAgent::Run Line: 228
> > Module: ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_
> > 2dbin_index_2epl::handler Line: 40
> > Module: (eval) (v1.99) Line: 207
> > Module: ModPerl::RegistryCooker::run (v1.99) Line: 207
> > Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 173
> > Module: ModPerl::Registry::handler (v1.99) Line: 32
> >
> > ERROR: OTRS-CGI-38 Perl: 5.16.3 OS: linux Time: Fri Nov 4 10:40:31 2016
> >
> > Message: No UserID found for 'jjma2'!
> >
> > RemoteAddress: 109.190.22.197
> > RequestURI: /otrs/index.pl
> >
> > Traceback (19414):
> > Module: Kernel::System::User::UserLookup Line: 935
> > Module: Kernel::System::Auth::Auth Line: 305
> > Module: Kernel::System::Web::InterfaceAgent::Run Line: 228
> > Module: ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_
> > 2dbin_index_2epl::handler Line: 40
> > Module: (eval) (v1.99) Line: 207
> > Module: ModPerl::RegistryCooker::run (v1.99) Line: 207
> > Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 173
> > Module: ModPerl::Registry::handler (v1.99) Line: 32
> >
> > My config is below.
> >
> > Where is my mistake ?
> >
> > Thanks a lot for any suggestion.
> >
> > Joel Marchand
> >
> > $Self->{CustomerUser} = {
> > Name => 'LDAP Backend',
> > Module => 'Kernel::System::CustomerUser::LDAP',
> > Params => {
> > # ldap host
> > Host => 'ldaps://ldapr1.huma-num.fr:636/',
> > # ldap base dn
> > BaseDN => 'dc=huma-num,dc=fr',
> > # search scope (one|sub)
> > SSCOPE => 'sub',
> > # The following is valid but would only be necessary if the
> > # anonymous user does NOT have permission to read from the
> > LDAP
> > tree
> > UserDN => 'cn=otrs,ou=dsa,dc=huma-num,dc=fr',
> > UserPw => 'xxxx',
> > # in case you want to add always one filter to each ldap
> > query,
> > use
> > # this option. e. g. AlwaysFilter => '(mail=*)' or
> > AlwaysFilter
> > => '(objectclass=user)'
> > AlwaysFilter => '(objectclass=posixAccount)',
> > # if the charset of your ldap server is iso-8859-1, use this:
> > # SourceCharset => 'iso-8859-1',
> > # die if backend can't work, e. g. can't connect to server
> > Die => 1,
> > # Net::LDAP new params (if needed - for more info see perldoc
> > Net::LDAP)
> > Params => {
> > port => 636,
> > timeout => 120,
> > async => 0,
> > version => 3,
> > cafile => '/etc/ssl/certs/star_huma-num_
> > fr-intermediate.pem',
> > clientcert => '/etc/ssl/certs/star_huma-num_fr.pem',
> > clientkey => '/etc/ssl/private/star_huma-num_fr.key',
> > },
> > },
> > # customer unique id
> > CustomerKey => 'uid',
> > # customer #
> > CustomerID => 'mail',
> > CustomerUserListFields => ['cn', 'mail'],
> > CustomerUserSearchFields => ['uid', 'cn', 'mail'],
> > CustomerUserSearchPrefix => '',
> > CustomerUserSearchSuffix => '*',
> > CustomerUserSearchListLimit => 250,
> > CustomerUserPostMasterSearchFields => ['mail'],
> > CustomerUserNameFields => ['givenname', 'sn'],
> > # show now own tickets in customer panel, CompanyTickets
> > CustomerUserExcludePrimaryCustomerID => 0,
> > # add a ldap filter for valid users (expert setting)
> > # CustomerUserValidFilter => '(!(description=gesperrt))',
> > # admin can't change customer preferences
> > AdminSetPreferences => 0,
> > # cache time to live in sec. - cache any ldap queries
> > CacheTTL => 0,
> > Map => [
> > # note: Login, Email and CustomerID needed!
> > # var, frontend, storage, shown (1=always,2=lite), required,
> > storage-type, http-link, readonly
> > [ 'UserTitle', 'Title', 'title', 1, 0,
> > 'var', '', 0 ],
> > [ 'UserFirstname', 'Firstname', 'givenname', 1, 1,
> > 'var', '', 0 ],
> > [ 'UserLastname', 'Lastname', 'sn', 1, 1,
> > 'var', '', 0 ],
> > [ 'UserLogin', 'Username', 'uid', 1, 1,
> > 'var', '', 0 ],
> > [ 'UserEmail', 'Email', 'mail', 1, 1,
> > 'var', '', 0 ],
> > [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1,
> > 'var', '', 0 ],
> > # [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids',
> > 1,
> > 0, 'var', '', 0 ],
> > [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0,
> > 'var', '', 0 ],
> > [ 'UserAddress', 'Address', 'postaladdress', 1, 0,
> > 'var', '', 0 ],
> > [ 'UserComment', 'Comment', 'description', 1, 0,
> > 'var', '', 0 ],
> > ],
> > };
> >
> >
> > PS : I try also
> >
> > $Self->{'Customer::AuthModule'} =
> > 'Kernel::System::CustomerAuth::LDAP';
> > $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=otrs,ou=
> > dsa,dc=huma-num,dc=fr';
> > $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'xxx';
> > $Self->{'Customer::AuthModule::LDAP::Host'} = ['ldaps://
> > ldapr1.huma-num.fr:636/','ldaps://ldapr2.huma-num.fr:636/'];
> > $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=huma-num,dc=fr';
> > $Self->{'Customer::AuthModule::LDAP::UID'} = 'uid';
> > $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID';
> > $Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '(objectclass=
> > posixAccount)';
> > $Self->{'Customer::AuthModule::LDAP::Params'} = {
> > port => 636,
> > timeout => 120,
> > async => 0,
> > version => 3,
> > cafile => '/etc/ssl/certs/star_huma-num_fr-intermediate.pem',
> > clientcert => '/etc/ssl/certs/star_huma-num_fr.pem',
> > clientkey => '/etc/ssl/private/star_huma-num_fr.key',
> > };
> >
> > -> with this configuration, I don't see the LDAP accounts in the
> > Administration/Customers panel.
> >
> >
> > --
> > Très Grande Infrastructure de Recherche Huma-Num - CNRS UMS 3598
> > 3ème étage - bureau 303 - CS n°71345
> > 196 avenue de France - 75648 PARIS CEDEX 13
> > Tél : 01 49 54 83 09 - http://www.huma-num.fr/personne/joel-marchand
> > ---------------------------------------------------------------------
> > OTRS mailing list: otrs - Webpage: http://otrs.org/
> > Archive: http://lists.otrs.org/pipermail/otrs
> > To unsubscribe: http://lists.otrs.org/mailman/listinfo/otrs
> >
> >
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/mailman/listinfo/otrs
