I have a linux server (opensuse 12.1) running OTRS 3.0.10.
And a primary domain controller running Windows Server 2008R2.
I've followed the howto page here and here.
Obviously the Net::LDAP
perl module is installed.
However I cannot actually connect to AD.
Here's an excerpt from my configuration file in OTRS:
/srv/otrs/Kernel/Config.pm
#Enable LDAP authentication for Customers / Users
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = '10.0.1.26';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=D1OU,ou=D1Users,dc=domain,dc=org,dc=za';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrs';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'Password';
#CustomerUser
#(customer user database backend and settings)
$Self->{CustomerUser} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => '10.0.1.26',
BaseDN => 'OU=D1OU,OU=D1Users,DC=domain,DC=org,DC=za',
SSCOPE => 'sub',
UserDN =>'otrs',
UserPw => 'Password',
},
# customer unique id
CustomerKey => 'sAMAccountName',
# customer #
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
#[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
#[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
#[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
And here's the error I'm getting:
ERROR: OTRS-CGI-10 Perl: 5.14.2 OS: linux Time: Mon Apr 30 10:50:52
2012Message: 0000208D: NameErr: DSID-0310020A, problem 2001 (NO_OBJECT),
data 0, best match of:
'DC=domain,DC=org,DC=za' ^@Traceback (13338): Module:
Kernel::System::CustomerUser::LDAP::CustomerUserDataGet (v1.62) Line:
614 Module: Kernel::System::CustomerUser::CustomerUserDataGet
(v1.61.2.1) Line: 283 Module: Kernel::System::CustomerAuth::Auth
(v1.34.2.2) Line: 166 Module:
Kernel::System::Web::InterfaceCustomer::Run (v1.56.2.5) Line: 203
Module:
ModPerl::ROOT::ModPerl::Registry::srv_otrs_bin_cgi_2dbin_customer_2epl::handler
(unknown version) Line: 46 Module: (eval) (v1.43.2.1) Line: 204
Module: ModPerl::RegistryCooker::run (v1.43.2.1) Line: 204 Module:
ModPerl::RegistryCooker::default_handler (v1.43.2.1) Line: 170
Module: ModPerl::Registry::handler (v1.99) Line: 31
I have a primary domain controller at 10.0.1.26
which is called: servername.domain.org.za
.
The pre-windows2000 domain name is MYSERVER
which is also the pre-Windows2000 server name.
I created a user otrs
which resides in the OU (organizational unit) D1OU/D1Users
and is a member of the group Domain users
and which has a non-expiring password (not 'password' of course, but something stronger).
What I tried
I've tried to get Winbind
to talk to active directory, but it refuses unless I use the pre-Windows2000 credentials (MYSERVER
works, domain.org.za
does not work).
Other than that Winbind gets the data out of Active Directory with no problems.
How do I fix this?
I don't have a problem with supplying pre-windows2000 domain specs in the Config.pm
file, but I don't know the format.
I would love to put proper LDAP params in, but perhaps I'm missing something.
So the question is, what do I need to change in Config.pm
to get OTRS to authenticate against my AD?
Best Answer
You may have better luck using Centrify or PowerBroker Open to handle the windows authentication. It should work if OTRS uses PAM.