[otrs] Authenticate ldap and local, possible?
iga...@yahoo.com
After otrs has been setup with ldap backend, reading from the manual, now it's time for authenticate them.. I have added this lines to Config.pm but it's not working...
################ LDAP AUTH #####################
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'domain.net';
$Self->{'AuthModule::LDAP::BaseDN'} = 'OU=domain,DC=domain,DC=net';
$Self->{'AuthModule::LDAP::UID'} = 'uid';
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=Israel Garcia Alvarez,OU=Sistemes,OU=Usuaris Roureda,OU=BIBM,DC=bibm,DC=net';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'Password-:)';
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
$Self->{'AuthModule::LDAP::AlwaysFilter'} = 'uid';
# in case you want to add a suffix to each login name, then
# you can use this option. e. g. user just want to use user but
# in your ldap directory exists user@domain.
# $Self->{'AuthModule::LDAP::UserSuffix'} = '@domain.com';
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
############################################
Otrs are not able to authenticate any user... Am I missing something in the setup to allow users (customers and agents) to login to our Otrs?
Also, is possible to authenticate ldap and local-database users?
Thanks much!!!!!!!!!!
regards,
Israel.
Gerald Young
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
iga...@yahoo.com
OK, then sorry for my question.. I'll read your links.. thanks and sorry again!
Israel.
Daniel Litzbach
Hi Israel,
this is what my LDAP config looks like:
$Self->{'AuthModule1'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host1'} = x.x.x.x';
$Self->{'AuthModule::LDAP::BaseDN1'} = 'dc=xxx,dc=xxx,dc=xxx';
$Self->{'AuthModule::LDAP::UID1'} = 'samaccountname';
$Self->{'AuthModule::LDAP::GroupDN1'} = 'CN=OTRS-Users,OU=Groups,DC=xxx,DC=xxx,DC=xxx'; # users that are allowed to login
$Self->{'AuthModule::LDAP::AccessAttr1'} = 'member';
$Self->{'AuthModule::LDAP::UserAttr1'} = 'DN';
$Self->{'AuthModule::LDAP::SearchUserDN1'} = 'CN=otrs,OU=xxx,OU=xxx,DC=xxx,DC=xxx,DC=xxx'; # user to query LDAP
$Self->{'AuthModule::LDAP::SearchUserPw1'} = 'xxxxxxxxxxxxxx';
$Self->{'UserSyncLDAPMap1'} = {
'UserEmail' => 'mail',
'UserFirstname' => 'givenName',
'UserLastname' => 'sn',
'UserLogin' => 'sAMAccountName'
};
$Self->{UserSyncLDAPMap};
$Self->{UserSyncLDAPGroups};
$Self->{'UserSyncLDAPGroupsDefination'};
$Self->{'UserSyncLDAPRolesDefination'};
$Self->{'UserSyncLDAPAttibuteGroupsDefination'};
$Self->{'UserSyncLDAPAttibuteRolesDefination'};
$Self->{'UserSyncLDAPGroupsDefination'};
With this setup, I’m able to authenticate local users and, if they don’t have a valid password in the local database, LDAP users as well.
Hope this helps, if you need more information let me know.
Regards
Daniel
iga...@yahoo.com
I'll checka and compare with us...
Darshak Modi
My ldap config is as below
#Enable LDAP authentication for Customers / Users
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'xxxxxx';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=xxxxxx,dc=co,dc=xxxx';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=xxxxxxxx,cn=Users,dc=xxxxxx,dc=co,dc=xxxx';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'xxxxx';
$Self->{'Customer::AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
version => 3,
};
Is anything I am missing ?