OTRS + win server 2008 LDAP how to overcome?

C

chopik2012-07-02 10:51:40

Helpdesk

chopik, 2012-07-02 10:51:40

Comrades good time of the day.
Has anyone set up a bunch of OTRS + LDAP? OTRS costs on win server 2008 it is connected to LDAP normally. But when I try to log in, this is what is in the log:

[Mon Jul 2 11:39:03 2012][Notice][Kernel::System::CustomerAuth::LDAP::Auth] CustomerUser: [email protected] (CN=Ð ÑƒÐ¼Ñ Ð½ñ † ÐμÐ Ð Ð Ð Ð Ð Ð Ð Ð Ð Ð Ð Ð Ð Ð Ð Ð Ð Ð Ð Ð Ð Ð Ð Ð Ð Ð Ð Ð Ð Ð Ð Ð Ð Ð Ð Ð Ð Ð Ð Ð Ð Ð Ð Ð ñ Ð Ð Ð Ð Ð Ð Ð Ð Ð Ð Ð Ð ñ Sorry,DC=mydomain,DC=ru) authentication ok (REMOTE_ADDR: 127.0.0.1).
[Mon Jul 2 11:39:03 2012][Error][Kernel::System::CustomerUser::SetPreferences][504] No such user '[email protected]'!

Those. it turns out to log in, but can not find such a user in his database apparently.

I read this article habrahabr.ru/post/125089/.But I have the latest version of otrs and it doesn't work that way. I drove in the LDAP settings through the admin panel.

ps do not pay attention to the encoding, there OU is written in Russian.

Reply

Answer the question

In order to leave comments, you need to log in

5 answer(s)

V

Vladimir Pilipchuk, 2012-11-02
@SLIDERWEB

Finally got around to finishing it. Everything earned with a bang.
I don’t know how much the author’s issue has been resolved, but the issue has not been resolved, so I will publish here a piece of the config responsible for authorizing agents and customers in OTRS through ActiveDirectory 2008 R2. Maybe someone else will have this problem.

# Enable LDAP Authentication Sync for Agent #
    $Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
    $Self->{'AuthSyncModule::LDAP::Host'} = 'srv-dc-01.domaun.com';
    $Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=domain,dc=com';
    $Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
    $Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'member';
    $Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'CN=OTRSAdmin,OU=OTRS,dc=domain,dc=com';
    $Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'Passw0rD';
    
# Enable Agent Mapping from LDAP to DB #
    $Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
    UserFirstname => 'givenName',
    UserLastname => 'sn',
    UserEmail => 'mail',
    };

    $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
        'users',
    ];
    $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
    $Self->{'AuthModule::LDAP::Host'} = 'srv-dc-01.domain.com';
    $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=domain, dc=com';
    $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
    $Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=OTRSAdmin,OU=OTRS,dc=domain,dc=com';
    $Self->{'AuthModule::LDAP::SearchUserPw'} = 'Passw0rD';

# Enable LDAP Authentication Sync for Customer #
    $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
    $Self->{'Customer::AuthModule::LDAP::Host'} ='srv-dc-01.domain.com';
    $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=domain, dc=com';
    $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
    $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'CN=OTRSAdmin,OU=OTRS,dc=domain,dc=com';
    $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'Passw0rD';
    $Self->{CustomerUser} = {
     Name => 'ИМЯ КАТАЛОГА (произвольное) для удобства выбора если доменов больше одного',
     Module => 'Kernel::System::CustomerUser::LDAP',
     Params => {
      Host => 'srv-dc-01.domain.com',
      BaseDN => 'dc=domain, dc=com',
      SSCOPE => 'sub',
      UserDN => 'CN=OTRSAdmin,OU=OTRS,dc=domain,dc=com',
      UserPw => 'Passw0rD',
      AlwaysFilter => '(&(objectcategory=person)(objectclass=user)(mail=*)(!(description=built-In))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))',
      SourceCharset => 'utf-8',
      DestCharset => 'utf-8',
    },
#Сопоставление полей (настраивайте как вам удобно)
    CustomerKey => 'sAMAccountName',
    CustomerID => 'sAMAccountName',
    CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserPostMasterSearchFields => ['mail'],
    CustomerUserNameFields => ['givenname', 'sn'],
    Map => [
      [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
      [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
      [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
      [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
      [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
      [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
      [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
      [ 'UserAddress', 'Address', 'physicalDeliveryOfficeName', 1, 0, 'var' ],
      [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
    ],
  };

Feature - in order for this to work, the OTRS administrative account must have exactly the same parameters as in AD + the E-Mail field of the linked administrative user in AD must be filled in, otherwise there will be just the described problem.

C

cat_crash, 2012-07-02
@cat_crash

I think the problem is in Russian letters - different encodings. For the purity of the experiment, try with English users

N

Nikolai Turnaviotov, 2012-07-02
@foxmuldercp

Our safeq logs in normally and works fine with users in Cyrillic (logins, of course, in English)

C

chopik, 2012-07-02
@chopik

Encoding is irrelevant. Checked.
[Mon Jul 2 12:19:44 2012][Notice][Kernel::System::CustomerAuth::LDAP::Auth] CustomerUser: [email protected] (CN=otrs,DC=mydomain,DC=ru) authentication ok (REMOTE_ADDR: 127.0.0.1).
[Mon Jul 2 12:19:44 2012][Error][Kernel::System::CustomerUser::SetPreferences][504] No such user '[email protected]'!

V

Vladimir Pilipchuk, 2012-07-23
@SLIDERWEB

Same problem. Agents are authorized normally, clients are normally displayed in the Agent interface, but some kind of ahtung with Clients. Authorization pass, can not enter.