Keine Customer Anmeldung möglich

[mayster]

Hallo,
ich habe folgendes Problem und hoffe mir kann hier geholfen werden.

Ich habe OTRS 5.0.18 in einer Testumgebung aufgesetzt (Linux) und habe ein Problem mit der LDAP Einbindung. Agenten Anmeldung funktioniert einwandfrei - nur auf der Customerseite kann ich mich (obwohl richtige Anmeldedaten) nicht anmelden. Hier die config.pm

Code: Select all

#------------------------------------------------------------------#
#                 Agents Authentifizirung via LDAP                 #
#------------------------------------------------------------------#

   #Anmelden an der DB
      $Self->{'AuthModule1'} = 'Kernel::System::Auth::DB';
      #$Self->{'AuthModule::DB::CryptType'} = 'crypt';

   # This is an example configuration for an LDAP auth. backend.
   # (Make sure Net::LDAP is installed!)
      $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
      $Self->{'AuthModule::LDAP::Host'} = 'XXX.XXX.XXX.XXX';
      $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=Domäne,dc=int';
      $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';

   # Check if the user is allowed to auth in a posixGroup
   # (e. g. user needs to be in a group xyz to use otrs)
      $Self->{'AuthModule::LDAP::GroupDN'} = 'CN=OTRS_Admin,DC=Domäne,DC=int';
      $Self->{'AuthModule::LDAP::AccessAttr'} = 'member';

   # The following is valid but would only be necessary if the
   # anonymous user do NOT have permission to read from the LDAP tree
      $Self->{'AuthModule::LDAP::SearchUserDN'} = 'cn=LDAP,dc=Domäne,dc=int';
      $Self->{'AuthModule::LDAP::SearchUserPw'} = 'Passwort';

   # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
      $Self->{'AuthModule::LDAP::Params'} = {
         port => 389,
         timeout => 120,
         async => 0,
         version => 3,
      };

      
   # defines AuthSyncBackend (AuthSyncModule) for AuthModule
   # if this key exists and is empty, there won't be a sync.
   # example values: AuthSyncBackend, AuthSyncBackend2
      $Self->{'AuthModule::UseSyncBackend'} = 'AuthSyncBackend';

   # agent data sync against ldap
      $Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
      $Self->{'AuthSyncModule::LDAP::Host'} = 'XXX.XXX.XXX.XXX';
      $Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=Domäne, dc=int';
      $Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
      $Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'cn=LDAP,dc=Domäne,dc=int';
      $Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'Passwort';
      $Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
         # DB -> LDAP
         UserFirstname => 'givenName',
         UserLastname  => 'sn',
         UserEmail     => 'mail',
      };

   # AuthSyncModule::LDAP::UserSyncInitialGroups
   # (sync following group with rw permission after initial create of first agent
   # login)
      $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
         'users',
      ];

   
   
#------------------------------------------------------------------#
#                     Customer Backend DB                          #
#------------------------------------------------------------------#

   # 1. Customer user backend: DB
   # (customer database backend and settings)
      $Self->{CustomerUser} = {
      Name => 'Customer Database',
      Module => 'Kernel::System::CustomerUser::DB',
      Params => {

   # if you want to use an external database, add the
   # required settings
   # DSN => 'DBI:odbc:yourdsn',
   # Type => 'mssql', # only for ODBC connections
   # DSN => 'DBI:mysql:database=customerdb;host=customerdbhost',
   # User => '',
   # Password => '',
      Table => 'customer_user',
      },

   # customer unique id
      CustomerKey => 'login',
   # customer #
      CustomerID => 'customer_id',
      CustomerValid => 'valid_id',
      CustomerUserListFields => ['first_name', 'last_name', 'email'],
      CustomerUserSearchFields => ['login', 'last_name', 'customer_id'],
      CustomerUserSearchPrefix => '',
      CustomerUserSearchSuffix => '*',
      CustomerUserSearchListLimit => 50,
      CustomerUserPostMasterSearchFields => ['email'],
      CustomerUserNameFields => ['title','first_name','last_name'],
      CustomerUserEmailUniqCheck => 1,
   # # show not own tickets in customer panel, CompanyTickets
   # CustomerUserExcludePrimaryCustomerID => 0,
   # # generate auto logins
   # AutoLoginCreation => 0,
   # AutoLoginCreationPrefix => 'auto',
   # # admin can change customer preferences
   # AdminSetPreferences => 1,
   # # cache time to live in sec. - cache any database queries
   # CacheTTL => 0,
   # # just a read only source
   # ReadOnly => 1,
      Map => [

   # note: Login, Email and CustomerID needed!
   # var, frontend, storage, shown (1=always,2=lite), required, storage-type, httplink,readonly, http-link-target
      [ 'UserTitle', 'Title', 'title', 1, 0, 'var', '', 0 ],
      [ 'UserFirstname', 'Firstname', 'first_name', 1, 1, 'var', '', 0 ],
      [ 'UserLastname', 'Lastname', 'last_name', 1, 1, 'var', '', 0 ],
      [ 'UserLogin', 'Username', 'login', 1, 1, 'var', '', 0 ],
      [ 'UserPassword', 'Password', 'pw', 0, 0, 'var', '', 0 ],
      [ 'UserEmail', 'Email', 'email', 1, 1, 'var', '', 0 ],
      [ 'UserCustomerID', 'CustomerID', 'customer_id', 0, 1, 'var', '', 0 ],
      [ 'UserPhone', 'Phone', 'phone', 1, 0, 'var', '', 0 ],
      [ 'UserFax', 'Fax', 'fax', 1, 0, 'var', '', 0 ],
      [ 'UserMobile', 'Mobile', 'mobile', 1, 0, 'var', '', 0 ],
      [ 'UserStreet', 'Street', 'street', 1, 0, 'var', '', 0 ],
      [ 'UserZip', 'Zip', 'zip', 1, 0, 'var', '', 0 ],
      [ 'UserCity', 'City', 'city', 1, 0, 'var', '', 0 ],
      [ 'UserCountry', 'Country', 'country', 1, 0, 'var', '', 0 ],
      [ 'UserComment', 'Comment', 'comments', 1, 0, 'var', '', 0 ],
      [ 'ValidID', 'Valid', 'valid_id', 0, 1, 'int', '', 0 ],
      ],
      # default selections
      Selections => {
      UserTitle => {
      'Mr.' => 'Mr.',
      'Mrs.' => 'Mrs.',
      },
      },
      };

#------------------------------------------------------------------#
#               Ende Customer Backend DB                           #
#------------------------------------------------------------------#
   
#------------------------------------------------------------------#
#             Customer Backend LDAP                                #
#------------------------------------------------------------------#

   # 2. Customer user backend: LDAP
   # (customer ldap backend and settings)
      $Self->{CustomerUser2} = {
      Name => 'LDAP Datasource',
      Module => 'Kernel::System::CustomerUser::LDAP',
      Params => {
   # ldap host
      Host => 'XXX.XXX.XXX.XXX',
   # ldap base dn
      BaseDN => 'dc=Domäne, dc=int',
   # search scope (one|sub)
      SSCOPE => 'sub',
   # The following is valid but would only be necessary if the
   # anonymous user does NOT have permission to read from the LDAP tree
      UserDN => 'cn=LDAP,dc=Domäne,dc=int',
        UserPw => 'Passwort',
   # in case you want to add always one filter to each ldap query, use
   # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter =>
      AlwaysFilter =>  '(&(objectclass=user)(mail=*)(sn=*))',
   # if the charset of your ldap server is iso-8859-1, use this:
      SourceCharset => 'utf-8',
      DestCharset => 'utf-8',
   # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
      Params => {
      port => 389,
      timeout => 120,
      async => 0,
      version => 3,
      },
      },
   # customer unique id
      CustomerKey => 'sAMAccountName',
   # customer #
      CustomerID => 'extensionAttribute2',
      CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
      CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
   # CustomerUserSearchPrefix => '',
   # CustomerUserSearchSuffix => '*',
      CustomerUserSearchListLimit => 50,
      CustomerUserPostMasterSearchFields => ['mail'],
      CustomerUserNameFields => ['givenname', 'sn'],
   # show not own tickets in customer panel, CompanyTickets
      CustomerUserExcludePrimaryCustomerID => 0,
   # add a ldap filter for valid users (expert setting)
   # CustomerUserValidFilter => '(!(description=locked))',
   # admin can't change customer preferences
      AdminSetPreferences => 0,
      CacheTTL => 60 * 60 * 24,
      
      Map => [
   # note: Login, Email and CustomerID needed!
   # var, frontend, storage, shown (1=always,2=lite), required, storage-type, httplink, readonly
      [ 'UserSalutation', 'Title', 'title', 1, 0, 'var', '', 0 ],
          [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var', '', 0 ],
          [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var', '', 0 ],
          [ 'UserLogin', 'Username', 'sAMAccountName', 1, 1, 'var', '', 0 ],
          [ 'UserEmail', 'Email', 'mail', 1, 1, 'var', '', 0 ],
          [ 'UserCustomerID', 'CustomerID', 'extensionAttribute2', 1, 0, 'var', '', 0 ],
   #      [ 'UserDepartment', 'Amt', 'department', 1, 0, 'var', '', 0 ],
          [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var', '', 0 ],
   #      [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
   #      [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
      ],
      };

#------------------------------------------------------------------#
#                Ende Customer Backend LDAP                        #
#------------------------------------------------------------------#
   
#------------------------------------------------------------------#
#           Authentifizierung Customer gegen LDAP                  #
#------------------------------------------------------------------#

   # This is the auth. module against the LDAP
      $Self->{'AuthModule2'} = 'Kernel::System::Auth::LDAP';
      $Self->{'AuthModule::LDAP::Host2'} = 'XXX.XXX.XXX.XXX';
      $Self->{'AuthModule::LDAP::BaseDN2'} = 'dc=Domäne, dc=int';
      $Self->{'AuthModule::LDAP::UID2'} = 'sAMAccountName';
      $Self->{'AuthModule::LDAP::SearchUserDN2'} = 'cn=LDAP,dc=Domäne,dc=int';
      $Self->{'AuthModule::LDAP::SearchUserPw2'} = 'Passwort';
   #  $Self->{'AuthModule::LDAP::AlwaysFilter2'} = '';
   #  $Self->{'AuthModule::LDAP::UserSuffix2'} = '@domain.de';
      $Self->{'AuthModule::LDAP::UserLowerCase2'} = 0;
      $Self->{'AuthModule::LDAP::Params2'} = {
         port => 389,
         timeout => 120,
         async => 0,
         version => 3,
      };
      $Self->{'AuthModule::LDAP::Die2'} = 1;

#------------------------------------------------------------------#
#           Ende Authentifizierung Customer gegen LDAP             #
#------------------------------------------------------------------#
   
#------------------------------------------------------------------#
#              Authentifizierung Customer gegen DB                 #
#------------------------------------------------------------------#

   # This is the auth. module against the otrs db
      $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::DB';
      $Self->{'Customer::AuthModule::DB::Table'} = 'customer_user';
      $Self->{'Customer::AuthModule::DB::CustomerKey'} = 'login';
      $Self->{'Customer::AuthModule::DB::CustomerPassword'} = 'pw';

#------------------------------------------------------------------#
#           Ende Authentifizierung Customer gegen DB               #
#------------------------------------------------------------------#      

Vorab - Vielen Dank!
Mayster

[jojo]

Es gibt kein Customer LDAP Auth Modul in Deiner Config

[mayster]

Danke für die schnelle Antwort.

Tut mir leid - ich bin Neuling - wo muss ich was einfügen damit das mit der Customeranmeldung funktioniert?

Danke

Gruß
Mayster

[Lorsay]

Benutzt du auch die Kundenlogin seite?

Agenten melden sich bei:
http://xxx.xxx.xxx.xxx/otrs/index.pl

und Kunden bei

http://xxx.xxx.xxx.xxx/otrs/customer.pl

an.

Gruß

[RoH1]

Was jojo vermutlich meinte, ist dass bei deinem Kundenlogin folgendes fehlt (natürlich mit deinen Parametern):

Code: Select all

        $Self->{'Customer::AuthModule2'} = 'Kernel::System::CustomerAuth::LDAP';
        $Self->{'Customer::AuthModule::LDAP::Host2'} = 'xxx.xxx.xxx.xxx';
        $Self->{'Customer::AuthModule::LDAP::BaseDN2'} = 'dc=domain,dc=local';
        $Self->{'Customer::AuthModule::LDAP::UID2'} = 'sAMAccountName';

        $Self->{'Customer::AuthModule::LDAP::GroupDN2'} = 'CN=Benutzer,OU=Gruppen,DC=domain,DC=local';
        $Self->{'Customer::AuthModule::LDAP::AccessAttr2'} = 'member';
        $Self->{'Customer::AuthModule::LDAP::UserAttr2'} = 'DN';

        $Self->{'Customer::AuthModule::LDAP::SearchUserDN2'} = 'userlogin';
        $Self->{'Customer::AuthModule::LDAP::SearchUserPw2'} = 'userpw';

        $Self->{'Customer::AuthModule::LDAP::Params2'} = {
                'port' => '389',
                'timeout' => '120',
                'async' => '0',
                'version' => '3'
                };

[mayster]

Hallo Lorsay,

ich würde gerne die Kundenseite benutzen - funktioniert aber nicht.

Als Fehlermeldung kommt "Anmeldung fehlgeschlagen! Benutzername oder Passwort wurden falsch eingegeben."
Diese sind allerdings beide richtig (Benutzer ist auch Agent und dort funktioniert die Anmeldung).

Gruß
Mayster

[mayster]

Hallo RoH1,

OK - das setze ich quasi an meine bestehende Config unten an?

Danke für die Hilfe!

Gruß
Mayster

[jojo]

Wer hat denn Deine Config gebaut?

[mayster]

www.google.de - mit Anpassungen von mir.

[RoH1]

OK - das setze ich quasi an meine bestehende Config unten an?

Gehört zu deinem Bereich "Customer Backend LDAP".