[otrs] LDAP - Windows Server 2008 R2 - AD Object 2003

Stefano Ricci Fri, 06 Jul 2012 09:15:42 -0700

hi, and thanks fot the second help of the day

i have to integrate otrs 3.1 (windows version) with the domain active
directory, based on 2003 object, but installed on a windows 2008 r2
server...


but i have always the same error:

[Fri Jul  6 14:41:39 2012][Error][Kernel::System::Auth::LDAP::Auth][187]
First bind failed! 80090308: LdapErr: DSID-0C0903A9, comment:
AcceptSecurityContext error, data 52e, v1db0
[Fri Jul  6 14:41:39 2012][Error][Kernel::System::User::UserLookup][797] No
UserID found for 'adone\agente1'!

the network configuration is that:

domain controller: dcad101
domain name: adone.lan


ad configuration is that:

Groups:

   - OTRSAgents
   - OTRSCustomers

Agent Users:

   - agente1
   - agente2
   - otrs (i use to sync otrs with ldap)


Customer Users:

   - cliente1
   - cliente2


all objects are in the root of active directory


in the login form i use as name: domain\username (adone\agente1)


this is the part of load function related to login:

# Enable LDAP lookups for Agent logins. User must be a member of OTRS
Agents group.
    $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
    $Self->{'AuthModule::LDAP::Host'} = 'dcad101.adone.lan';
    $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=adone,dc=lan';
    $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
    $Self->{'AuthModule::LDAP::SearchUserDN'} =
'cn=otrs,cn=Users,dc=adone,dc=lan';
    $Self->{'AuthModule::LDAP::SearchUserPw'} = 'a12345++';
$Self->{'AuthModule::LDAP::AlwaysFilter'} = '';
    $Self->{'AuthModule::LDAP::GroupDN'} =
'cn=OTRSAgents,cn=Users,dc=adone,dc=lan';
    $Self->{'AuthModule::LDAP::AccessAttr'} = 'memberUid';
    $Self->{'AuthModule::LDAP::UserAttr'} = 'UID';

    # Enable LDAP lookups of Agent account informations and default roles.
    $Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
    $Self->{'AuthSyncModule::LDAP::Host'} = 'dcad101.adone.lan';
    $Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=adone,dc=lan';
    $Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} =
'cn=otrs,cn=OTRSAgents,dc=adone,dc=lan';
    $Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'a12345++';
$Self->{'AuthSyncModule::LDAP::AlwaysFilter'} = '';
    $Self->{'AuthSyncModule::LDAP::GroupDN'} =
'cn=OTRSAgents,cn=Users,dc=adone,dc=lan';
    $Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'memberUid';
    $Self->{'AuthSyncModule::LDAP::UserAttr'} = 'UID';
    $Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
        UserFirstname => 'givenName',
        UserLastname  => 'sn',
        UserEmail     => 'mail',
    };
    $Self->{'AuthSyncModule::LDAP::UserSyncRolesDefinition'} = {
        'cn=OTRSAgents,cn=Users,dc=adone,dc=lan' => {
            'Company Agents' => 1,
        },
        'cn=Domain Admins,cn=Users,dc=adone,dc=lan' => {
            'Tech Support Agents' => 1,
        }
    };


    # Enable LDAP lookups for Customer logins.
    $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
    $Self->{'Customer::AuthModule::LDAP::Host'} = 'dcad101.adone.lan';
    $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=adone,dc=lan';
    $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} =
'cn=otrs,cn=OTRSCustomers,dc=adone,dc=lan';
    $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'a12345++';
$Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '';
    $Self->{'Customer::AuthModule::LDAP::GroupDN'} =
'cn=OTRSCustomers,dc=adone,dc=lan';
    $Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'memberUid';
    $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID';

    # Enable LDAP lookups for Customer account information.
    $Self->{CustomerUser} = {
      Module => 'Kernel::System::CustomerUser::LDAP',
      Params => {
        Host => 'dcad101.adone.lan',
        BaseDN => 'dc=adone,dc=lan',
        SSCOPE => 'sub',
        UserDN => 'cn=otrs,cn=Users,dc=adone,dc=lan',
        UserPw => 'a12345++',
        #AlwaysFilter => '(objectclass=user)',
AlwaysFilter => '',
        GroupDN => 'cn=OTRSCustomers,dc=adone,dc=lan',
        AccessAttr => 'memberUid',
        UserAttr => 'UID',
      },
      CustomerKey => 'sAMAccountName',
      CustomerID => '[customer_id]',
      CustomerUserListFields => ['sAMAccountName', 'sn', 'givenname',
'company',  'mail'],
      CustomerUserSearchFields => ['sAMAccountName', 'sn', 'givenname',
'company', 'mail'],
      CustomerUserPostMasterSearchFields => ['mail'],
      CustomerUserNameFields => ['givenname', 'sn'],
      CustomerUserValidFilter => '(company=*)',
      Map => [
        [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
        [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
        [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
        [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
        [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
        [ 'UserCustomerID', 'CustomerID', 'company', 0, 1, 'var' ],
        [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
        [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
        [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
      ],
    };

---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

[otrs] LDAP - Windows Server 2008 R2 - AD Object 2003

Reply via email to