Looking at
http://doc.otrs.org/2.2/en/html/x1572.html#customer-backend-ldap
They have a sample config section as shown below in part, the
part of this that I would look at is the map array : ",
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown (1=always,2=lite),
required, storage-type, http-link, readonly
[ 'UserSalutation', 'Title', 'title',
1, 0, 'var', '', 0 ],
[ 'UserFirstname', 'Firstname', 'givenname',
1, 1, 'var', '', 0 ],
[ 'UserLastname', 'Lastname', 'sn',
1, 1, 'var', '', 0 ],
[ 'UserLogin', 'Username', 'uid',
1, 1, 'var', '', 0 ],
[ 'UserEmail', 'Email', 'mail',
1, 1, 'var', '', 0 ],
[ 'UserCustomerID', 'CustomerID', 'mail',
0, 1, 'var', '', 0 ],
# [ 'UserCustomerIDs', 'CustomerIDs',
'second_customer_ids', 1, 0, 'var', '', 0 ],
[ 'UserPhone', 'Phone', 'telephonenumber',
1, 0, 'var', '', 0 ],
[ 'UserAddress', 'Address', 'postaladdress',
1, 0, 'var', '', 0 ],
[ 'UserComment', 'Comment', 'description',
1, 0, 'var', '', 0 ],
],
};
" ##### End of Map Array
Have Fun
Greg Horne
geh
gehorne
################# Full cut and paste of the sample code from
http://doc.otrs.org/2.2/en/html/x1572.html#customer-backend-ldap
# CustomerUser
# (customer user ldap backend and settings)
$Self->{CustomerUser} = {
Name => 'LDAP Datenquelle',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
# ldap host
Host => 'bay.csuhayward.edu',
# ldap base dn
BaseDN => 'ou=seas,o=csuh',
# search scope (one|sub)
SSCOPE => 'sub',
# # The following is valid but would only be necessary
if the
# # anonymous user does NOT have permission to read
from the LDAP tree
UserDN => '',
UserPw => '',
# in case you want to add always one filter to each
ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or
AlwaysFilter => '(objectclass=user)'
AlwaysFilter => '',
# if your frontend is e. g. iso-8859-1 and the
charset of your
# ldap server is utf-8, use this options (if not,
ignore it)
# SourceCharset => 'utf-8',
# DestCharset => 'iso-8859-1',
# Net::LDAP new params (if needed - for more info see
perldoc Net::LDAP)
Params => {
port => 389,
timeout => 120,
async => 0,
version => 3,
},
},
# customer uniq id
CustomerKey => 'uid',
# customer #
CustomerID => 'mail',
CustomerUserListFields => ['cn', 'mail'],
CustomerUserSearchFields => ['uid', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
# show now own tickets in customer panel, CompanyTickets
CustomerUserExcludePrimaryCustomerID => 0,
# add a ldap filter for valid users (expert setting)
# CustomerUserValidFilter => '(!(description=gesperrt))',
# admin can't change customer preferences
AdminSetPreferences => 0,
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown (1=always,2=lite),
required, storage-type, http-link, readonly
[ 'UserSalutation', 'Title', 'title',
1, 0, 'var', '', 0 ],
[ 'UserFirstname', 'Firstname', 'givenname',
1, 1, 'var', '', 0 ],
[ 'UserLastname', 'Lastname', 'sn',
1, 1, 'var', '', 0 ],
[ 'UserLogin', 'Username', 'uid',
1, 1, 'var', '', 0 ],
[ 'UserEmail', 'Email', 'mail',
1, 1, 'var', '', 0 ],
[ 'UserCustomerID', 'CustomerID', 'mail',
0, 1, 'var', '', 0 ],
# [ 'UserCustomerIDs', 'CustomerIDs',
'second_customer_ids', 1, 0, 'var', '', 0 ],
[ 'UserPhone', 'Phone', 'telephonenumber',
1, 0, 'var', '', 0 ],
[ 'UserAddress', 'Address', 'postaladdress',
1, 0, 'var', '', 0 ],
[ 'UserComment', 'Comment', 'description',
1, 0, 'var', '', 0 ],
],
};
-----Original Message-----
*From:* [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of *Sándor Fehér
*Sent:* Thursday, July 12, 2007 8:36 AM
*To:* User questions and discussions about OTRS.org
*Subject:* Re: [otrs] LDAP auth problem - Changed
Greg Horne írta:
Greg,
Thank you for the response. I double checked everything but I
can't figure out what's the problem.
I reinstalled a new 2.2.1 with the default settings (mysql,
utf8 and so one).
I followed the 2.2 documentation and pasted the required
section into my Config.pm
Changed it as needed but the result is the same. Here is the
relevant part.
# This is an example configuration for an LDAP auth. backend.
# (take care that Net::LDAP is installed!)
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'localhost';
$Self->{'AuthModule::LDAP::BaseDN'} =
'ou=Staff,dc=office,dc=bluesystem,dc=hu';
$Self->{'AuthModule::LDAP::UID'} = 'uid';
$Self->{'AuthModule::LDAP::SearchUserDN'} = '';
$Self->{'AuthModule::LDAP::SearchUserPw'} = '';
$Self->{'AuthModule::LDAP::AlwaysFilter'} = '';
$Self->{'AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
$Self->{UserSyncLDAPMap} = {
# DB -> LDAP
Firstname => 'givenName',
Lastname => 'sn',
Email => 'mail',
};
$Self->{UserSyncLDAPGroups} = [
'users',
];
# UserTable
$Self->{DatabaseUserTable} = 'system_user';
$Self->{DatabaseUserTableUserID} = 'id';
$Self->{DatabaseUserTableUserPW} = 'pw';
$Self->{DatabaseUserTableUser} = 'login';
And the log.
[Thu Jul 12 14:10:42
2007][Notice][Kernel::System::Auth::LDAP::Auth] User: sfeher
(uid=sfeher,ou=Staff,dc=office,dc=bluesystem,dc=hu)
authentication ok (REMOTE_ADDR: 192.168.1.11).
[Thu Jul 12 14:10:42
2007][Notice][Kernel::System::User::GetUserData] Panic! No
UserData for user: 'sfeher'!!!
[Thu Jul 12 14:10:42
2007][Error][Kernel::System::User::UserAdd][229] Need
UserFirstname!
[Thu Jul 12 14:10:42
2007][Error][Kernel::System::Auth::LDAP::Auth][385] Can't
create user 'sfeher'
(uid=sfeher,ou=Staff,dc=office,dc=bluesystem,dc=hu) in RDBMS!
[Thu Jul 12 14:10:42
2007][Notice][Kernel::System::User::GetUserData] Panic! No
UserData for user: 'sfeher'!!!
And the LDAP entry:
dn: uid=sfeher,ou=Staff,dc=office,dc=bluesystem,dc=hu
objectClass: posixAccount
objectClass: top
objectClass: inetOrgPerson
objectClass: shadowAccount
gidNumber: 65534
givenName: Sandor
sn: Feher
displayName: Sandor Feher
uid: sfeher
homeDirectory: /home/sfeher
loginShell: /bin/bash
shadowFlag: 0
shadowMin: 0
shadowMax: 99999
shadowWarning: 0
shadowInactive: 99999
shadowLastChange: 12011
shadowExpire: 99999
mail: [EMAIL PROTECTED]
cn: Sandor Feher
uidNumber: 17261
structuralObjectClass: inetOrgPerson
entryUUID: 2f008b44-c3da-102b-93cc-b53af2a69bad
creatorsName: cn=admin,dc=office,dc=bluesystem,dc=hu
createTimestamp: 20070711090933Z
userPassword:: e1NIQX03MnErRUswSUxBSVZsSUdjVVdKcmsxVEtQL2M9
entryCSN: 20070711091036Z#000000#00#000000
modifiersName: cn=admin,dc=office,dc=bluesystem,dc=hu
modifyTimestamp: 20070711091036Z
Regards., Sandor
Sándor,
Sorry its still early here (US), searched the web for UserSyncLDAPMap
and
found that The DB line is normally commented out. So would not think
that
is you issue. I searched my 2.2 config and found that I do not have a
UserSyncLDAPMap in it. When I did my 2.2 LDAP, I started from the
default
Config.pm and worked my way through using the 2.2 HTML manual from the
website.
Again, in the past when I have seen the Panic statement I have found the
problem to be in the Map command. Following is a cut and paste from
mine.
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown (1=always,2=lite), required,
storage-type, http-link, readonly
[ 'UserSalutation', 'Title', 'title', 1, 0,
'var', '', 0 ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1,
'var', '', 0 ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1,
'var', '', 0 ],
[ 'UserLogin', 'Username', 'uid', 1, 1,
'var', '', 0 ],
[ 'UserEmail', 'Email', 'mail', 1, 1,
'var', '', 0 ],
[ 'UserCustomerID', 'CustomerID', 'confirm', 0,
1,
'var', '', 0 ],
# [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids',
1,
0, 'var', '', 0 ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0,
'var', '', 0 ],
[ 'UserAddress', 'Address', 'postaladdress', 1, 0,
'var', '', 0 ],
[ 'UserComment', 'Comment', 'description', 1, 0,
'var', '', 0 ],
],
};
If I recieved the message I would verify that in my example, givenname
was
actually in LDAP and contained the first name of the user. You may
want to
post the entire LDAP section from your Config.pm with any
usernames/password
changed.
Sorry everyone for the poor prior post, again its early here :)
Have Fun.
Greg Horne
geh
gehorne
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Sándor Fehér
Sent: Thursday, July 12, 2007 2:00 AM
To: User questions and discussions about OTRS.org
Subject: Re: [otrs] LDAP auth problem
Sándor Fehér írta:
Some additional info. I downgraded to 2.1.6 and it works fine with that.
Here is the relevant part of my Config.pm
# $DIBI$
$Self->{'SystemID'} = 10;
$Self->{'SecureMode'} = 1;
$Self->{'Organization'} = 'Blue System ';
$Self->{'LogModule::LogFile'} = '/opt/otrs/var/otrs.log';
$Self->{'LogModule'} = 'Kernel::System::Log::SysLog';
$Self->{'FQDN'} = 'mail.office.bluesystem.hu';
$Self->{'DefaultLanguage'} = 'hu';
$Self->{'DefaultCharset'} = 'iso-8859-2';
$Self->{'AdminEmail'} = '[EMAIL PROTECTED]';
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = '192.168.1.9';
$Self->{'AuthModule::LDAP::BaseDN'} =
'ou=Staff,dc=office,dc=bluesystem,dc=hu';
$Self->{'AuthModule::LDAP::UID'} = 'uid';
$Self->{'AuthModule::LDAP::UserAttr'} = 'uid';
$Self->{'AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
$Self->{UserSyncLDAPMap} = {
# DB -> LDAP
Firstname => 'givenName',
Lastname => 'sn',
Email => 'mail',
};
$Self->{UserSyncLDAPGroups} = [
'users',
];
$Self->{DatabaseUserTable} = 'system_user';
$Self->{DatabaseUserTableUserID} = 'id';
$Self->{DatabaseUserTableUserPW} = 'pw';
$Self->{DatabaseUserTableUser} = 'login';
And the log I get.
[Thu Jul 12 07:55:28 2007][Notice][Kernel::System::Auth::LDAP::Auth]
User: sfeher (uid=sfeher,ou=St
[Thu Jul 12 07:55:28 2007][Notice][Kernel::System::User::GetUserData]
Panic! No UserData for user:
[Thu Jul 12 07:55:28 2007][Error][Kernel::System::User::UserAdd][229]
Need UserFirstname!
[Thu Jul 12 07:55:28 2007][Error][Kernel::System::Auth::LDAP::Auth][385]
Can't create user 'sfeher'
[Thu Jul 12 07:55:28 2007][Notice][Kernel::System::User::GetUserData]
Panic! No UserData for user:
Regards., Sandor
Hi,
I had a well working otrs config so far with the following parts:
- Apache 2.2.3 with mod_perl
- OTRS 2.1.6
- Oracle 10.2.0.1
- Openldap 2.3.35
The authetication worked perfectly from LDAP. Today I decided to build
a new config with otrs 2.2.1.
I backed up my Config.pm and installed a new otrs 2.2.1. Ran the
oracle database scripts as well.
Everything is fine except the authentication (I can log in with
[EMAIL PROTECTED]).
The result is the same either I use mysql backend.
Thank you in advance.
Regards., Sandor
ERROR: OTRS-CGI-10 Perl: 5.8.8 OS: linux Time: Wed Jul 11 11:10:39 2007
Message: Can't create user 'sfeher'
(uid=sfeher,ou=Staff,dc=office,dc=bluesystem,dc=hu) in RDBMS!
Traceback (8276):
Module: Kernel::System::Auth::LDAP::Auth (v1.37) Line: 385
Module: Kernel::System::Auth::Auth (v1.23) Line: 120
Module: Kernel::System::Web::InterfaceAgent::Run (v1.22) Line: 192
Module:
ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_index_2epl::handler
(v) Line: 4
Module: (eval) (v1.81) Line: 203
Module: ModPerl::RegistryCooker::run (v1.81) Line: 203
Module: ModPerl::RegistryCooker::default_handler (v1.81) Line: 169
Module: ModPerl::Registry::handler (v1.99) Line: 30
--
Üdvözlettel, Fehér Sándor
...Fehér Sándor... --- ....Sandor Feher....
fejlesztési vezető --- development manager
Blue System Kft. --- Blue System Ltd.
mailto:[EMAIL PROTECTED] http://www.bluesystem.hu
[ - real men don't click - ]
_______________________________________________
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support or consulting for your OTRS system?
=> http://www.otrs.com/
_______________________________________________
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support or consulting for your OTRS system?
=> http://www.otrs.com/
_______________________________________________
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support or consulting for your OTRS system?
=> http://www.otrs.com/
--
Üdvözlettel, Fehér Sándor
...Fehér Sándor... --- ....Sandor Feher....
fejlesztési vezető --- development manager
Blue System Kft. --- Blue System Ltd.
mailto:[EMAIL PROTECTED] http://www.bluesystem.hu
[ - real men don't click - ]
------------------------------------------------------------------------
_______________________________________________
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support or consulting for your OTRS system?
=> http://www.otrs.com/
