I'm setting up a support environment for users of my company/institution: all user data (agents and costumers) comes from only one LDAP source.
For our evaluation of the product/setup, the authentication for agents is configured up and working (setup made accordingly to http://wiki.otrs.org/index.php?title=Us ... for_agents ), but I'm having trouble setting costumer auth: after the setup, all attempts to login leads to "Panic! No UserData!!!" (setup based on http://wiki.otrs.org/index.php?title=Us ... _customers )
I'm not understanding this behavior... anyone has passed through and solved it?
* the changes we're made by editing the file /opt/otrs/Kernel/Config.pm (based on parts of /opt/otrs/Kernel/Config/Default.pm) - I'm afraid that it's not the correct way to do it... what is the correct way? Through the web interface? How?
[Solved] Problem setting AD/LDAP costumer auth
Moderator: crythias
[Solved] Problem setting AD/LDAP costumer auth
Last edited by fbobraga2 on 20 Jul 2010, 20:50, edited 1 time in total.
OTRS 2.4.7 on Linux (CentOS 5.4) with MySQL database connected to an Active Directory for Agents and Customers.
http://www.tce.sp.gov.br/
http://www.tce.sp.gov.br/
-
- Moderator
- Posts: 10169
- Joined: 04 May 2010, 18:38
- Znuny Version: 5.0.x
- Location: SouthWest Florida, USA
- Contact:
Re: Problem setting AD/LDAP costumer auth
I set it up as you have, more or less copy/pasting directly from the help files. I took the info from http://doc.otrs.org/1.3/en/html/ldap-integration.html and it was pretty painless (Edit: don't use this link for 2.4.7+! don't do what I did.), though the links you site should be more up to date.
Last edited by crythias on 20 Jul 2010, 17:40, edited 1 time in total.
OTRS 6.0.x (private/testing/public) on Linux with MySQL database.
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
Re: Problem setting AD/LDAP costumer auth
Thanks for the quick reply
The problem persists for customer auth (the "Panic! No UserData!!!" message), but I've noted:
- no record in the 'customer_user' table is created, after a customer tried to log (the "Panic! No UserData!!!" message is displayed);
- the system behavior is the same even with no backend defined ($Self->{CustomerUser}) in the Config.pm (only the auth section is defined, through $Self->{'Customer::AuthModule'} and related)
-> log after an agent login:
-> log after a costumer try to log (the "Panic! No UserData!!!" message is displayed):
Any ideas of what is going on are much appreciated
The problem persists for customer auth (the "Panic! No UserData!!!" message), but I've noted:
- no record in the 'customer_user' table is created, after a customer tried to log (the "Panic! No UserData!!!" message is displayed);
- the system behavior is the same even with no backend defined ($Self->{CustomerUser}) in the Config.pm (only the auth section is defined, through $Self->{'Customer::AuthModule'} and related)
-> log after an agent login:
Code: Select all
Jul 20 11:14:14 <host> OTRS-CGI-10[7693]: [Notice][Kernel::System::Auth::LDAP::Auth] User: <user> (<user_DN>) authentication ok (REMOTE_ADDR: <user_IP>).
Jul 20 11:14:14 <host> OTRS-CGI-10[7693]: [Notice][Kernel::System::User::UserUpdate] User: '<user>' updated successfully (1)!
Jul 20 11:14:14 <host> OTRS-CGI-10[7693]: [Notice][Kernel::System::User::SetPassword] User: '<user>' changed password successfully!
Code: Select all
Jul 20 11:18:53 Glpi OTRS-CGI-10[7701]: [Notice][Kernel::System::CustomerAuth::LDAP::Auth] CustomerUser: <user_mail> (<user_DN>) authentication ok (REMOTE_ADDR: <user_IP>).
OTRS 2.4.7 on Linux (CentOS 5.4) with MySQL database connected to an Active Directory for Agents and Customers.
http://www.tce.sp.gov.br/
http://www.tce.sp.gov.br/
-
- Moderator
- Posts: 10169
- Joined: 04 May 2010, 18:38
- Znuny Version: 5.0.x
- Location: SouthWest Florida, USA
- Contact:
Re: Problem setting AD/LDAP costumer auth
My *guess* is that you don't have the Map set up properly in Config.pm. There's not enough information to provide you with better answer at this point.
OTRS 6.0.x (private/testing/public) on Linux with MySQL database.
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
Re: Problem setting AD/LDAP costumer auth
problem solved: some config that I did after install, using the admin web frontend (in the Frontend::Customer::Auth section) caused the issue: cleaning all items (only turning off the checkboxes) solved it
OTRS 2.4.7 on Linux (CentOS 5.4) with MySQL database connected to an Active Directory for Agents and Customers.
http://www.tce.sp.gov.br/
http://www.tce.sp.gov.br/
Re: [Solved] Problem setting AD/LDAP costumer auth
I have the same problem and still get the "Panic! No UserData!!! message, will you give a hand??
This my Config.pm
# Customer Authentication backend.
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
# Have seen a few issues when using specific hostnames or IP addresses. Using domain works.
$Self->{'Customer::AuthModule::LDAP::Host'} = '10.100.5.170';
# Where do you want to start searching?
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'DC=mycompany,DC=cl';
# What LDAP attribute would you like to use as User ID in OTRS?
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
# LDAP search credentials. Dunno if a full DN is required or if just the username is enough. Have only tried this.
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'CN=wpsbind,CN=Users,DC=mycompany,DC=cl';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'mypassword';
# We only need to see users. Not computers and no disabled users.
$Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '(&(!(objectClass=Computer))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))';
# Customer DATA backend.
$Self->{CustomerUser} = {
Name => 'LDAP Backend',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => '10.100.5.170',
BaseDN => 'DC=mycompany,DC=cl',
# Search Scope. (one|sub). One-Level or entire Sub-Tree
SSCOPE => 'sub',
# LDAP search credentials. Dunno if a full DN is required or if just the username is enough. Have only tried this.
UserDN => 'CN=wpsbind,CN=Users,DC=mycompany,DC=cl',
UserPw => 'mypassword,
# This is needed to avoid issues with ae, oe, aa. Dunno what happens or if it's entirely correct.
SourceCharset => 'utf-8',
DestCharset => 'utf-8',
# We only need to see users. Not computers and no disabled users.
AlwaysFilter => '(&(!(objectClass=Computer))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))',
CustomerKey => 'sAMAccountName',
CustomerID => 'o',
CustomerUserListFields => ['cn'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
# [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
# [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
},
# customer uniq id
CustomerKey => 'sAMAccountName',
# customer #
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName','cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
# # show not own tickets in customer panel, CompanyTickets
# CustomerUserExcludePrimaryCustomerID => 0,
# # add a ldap filter for valid users (expert setting)
# # CustomerUserValidFilter => '(!(description=gesperrt))',
# # admin can't change customer preferences
# AdminSetPreferences => 0,
# # cache time to life in sec. - cache any ldap queris
# CacheTTL => 0,
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly
# [ 'UserSalutation', 'Title', 'title', 1, 0, 'var', '', 0 ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var', '', 0 ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var', '', 0 ],
[ 'UserLogin', 'Username', 'uid', 1, 1, 'var', '', 0 ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var', '', 0 ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var', '', 0 ],
# # [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1, 0, 'var', '', 0 ],
# [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var', '', 0 ],
# [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var', '', 0 ],
# [ 'UserComment', 'Comment', 'description', 1, 0, 'var', '', 0 ],
],
};
# AuthSyncModule::LDAP::UserSyncMap
# (map if agent should create/synced from LDAP to DB after successful login)
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
# DB -> LDAP
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
# AuthSyncModule::LDAP::UserSyncInitialGroups
# (sync following group with rw permission after initial create of first agent
# login)
$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
'users',
];
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# #
# End of your own config options!!! #
# #
# ---------------------------------------------------- #
# ---------------------------------------------------- #
}
fbobraga2 can you tell me what you did to resolve this issue??
Regards
This my Config.pm
# Customer Authentication backend.
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
# Have seen a few issues when using specific hostnames or IP addresses. Using domain works.
$Self->{'Customer::AuthModule::LDAP::Host'} = '10.100.5.170';
# Where do you want to start searching?
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'DC=mycompany,DC=cl';
# What LDAP attribute would you like to use as User ID in OTRS?
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
# LDAP search credentials. Dunno if a full DN is required or if just the username is enough. Have only tried this.
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'CN=wpsbind,CN=Users,DC=mycompany,DC=cl';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'mypassword';
# We only need to see users. Not computers and no disabled users.
$Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '(&(!(objectClass=Computer))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))';
# Customer DATA backend.
$Self->{CustomerUser} = {
Name => 'LDAP Backend',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => '10.100.5.170',
BaseDN => 'DC=mycompany,DC=cl',
# Search Scope. (one|sub). One-Level or entire Sub-Tree
SSCOPE => 'sub',
# LDAP search credentials. Dunno if a full DN is required or if just the username is enough. Have only tried this.
UserDN => 'CN=wpsbind,CN=Users,DC=mycompany,DC=cl',
UserPw => 'mypassword,
# This is needed to avoid issues with ae, oe, aa. Dunno what happens or if it's entirely correct.
SourceCharset => 'utf-8',
DestCharset => 'utf-8',
# We only need to see users. Not computers and no disabled users.
AlwaysFilter => '(&(!(objectClass=Computer))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))',
CustomerKey => 'sAMAccountName',
CustomerID => 'o',
CustomerUserListFields => ['cn'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
# [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
# [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
},
# customer uniq id
CustomerKey => 'sAMAccountName',
# customer #
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName','cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
# # show not own tickets in customer panel, CompanyTickets
# CustomerUserExcludePrimaryCustomerID => 0,
# # add a ldap filter for valid users (expert setting)
# # CustomerUserValidFilter => '(!(description=gesperrt))',
# # admin can't change customer preferences
# AdminSetPreferences => 0,
# # cache time to life in sec. - cache any ldap queris
# CacheTTL => 0,
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly
# [ 'UserSalutation', 'Title', 'title', 1, 0, 'var', '', 0 ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var', '', 0 ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var', '', 0 ],
[ 'UserLogin', 'Username', 'uid', 1, 1, 'var', '', 0 ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var', '', 0 ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var', '', 0 ],
# # [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1, 0, 'var', '', 0 ],
# [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var', '', 0 ],
# [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var', '', 0 ],
# [ 'UserComment', 'Comment', 'description', 1, 0, 'var', '', 0 ],
],
};
# AuthSyncModule::LDAP::UserSyncMap
# (map if agent should create/synced from LDAP to DB after successful login)
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
# DB -> LDAP
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
# AuthSyncModule::LDAP::UserSyncInitialGroups
# (sync following group with rw permission after initial create of first agent
# login)
$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
'users',
];
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# #
# End of your own config options!!! #
# #
# ---------------------------------------------------- #
# ---------------------------------------------------- #
}
fbobraga2 can you tell me what you did to resolve this issue??
Regards
-
- Moderator
- Posts: 10169
- Joined: 04 May 2010, 18:38
- Znuny Version: 5.0.x
- Location: SouthWest Florida, USA
- Contact:
Re: [Solved] Problem setting AD/LDAP costumer auth
I may be really off here, but I question the { pairing location(s), as well as the filter being really strict.
but taking a cue from here: http://doc.otrs.org/2.4/en/html/x1801.html, it really seems like you are close but missing a few things.
You need to close } on Params probably immediately after AlwaysFilter, though you should try to be a BIT more relaxed about it, first.
AlwaysFilter => '(objectclass=user)' is a good start.
I could be very wrong, but you probably should eyeball the aforementioned link and make certain you have things that look sane. (in fact, I wouldn't hesitate to suggest copy/paste and fill in your own information just to be safe.). This is also replicated in the wiki: http://wiki.otrs.org/index.php?title=Us ... _customers
If you could have possibly enclosed your posted info in [ code ] [ /code ] tags, it would ease our ability to help out.
but taking a cue from here: http://doc.otrs.org/2.4/en/html/x1801.html, it really seems like you are close but missing a few things.
You need to close } on Params probably immediately after AlwaysFilter, though you should try to be a BIT more relaxed about it, first.
AlwaysFilter => '(objectclass=user)' is a good start.
I could be very wrong, but you probably should eyeball the aforementioned link and make certain you have things that look sane. (in fact, I wouldn't hesitate to suggest copy/paste and fill in your own information just to be safe.). This is also replicated in the wiki: http://wiki.otrs.org/index.php?title=Us ... _customers
If you could have possibly enclosed your posted info in [ code ] [ /code ] tags, it would ease our ability to help out.
OTRS 6.0.x (private/testing/public) on Linux with MySQL database.
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
Re: [Solved] Problem setting AD/LDAP costumer auth
Thaks A LOT!!!! the wiki really works!! of course I changed some stuff, but it works just perfect.
Thank you and god bless you
Thank you and god bless you