[SOLVED]Panic, user authenticated but no user data..

[kool_kid]

Hi,

My LDAP integration with customers back end went successfully. Even I'm able to login my agents using LDAP authentication. The problem I'm facing is that OTRS is not adding new agents through LDAP Sync.

I may be wrong, but what I'm assuming is that once otrs is able to authenticate the agent using ldap, it will create a user in OTRS DB automatically. I'm receiving this error when trying to login with a proper ldap user which is not there in OTRS DB.

Code: Select all

Panic, user authenticated but no user data can be found in OTRS DB!! 

My Logs publish these errors

Code: Select all

Need User Email

Code: Select all

Can't create user 'otrs_test' (CN=otrs test,OU=IT Test,OU=Department,OU=OU_OU1,DC=domain,DC=com) in RDBMS 

Code: Select all

No user ID found for otrs_test

If I create a user in otrs db with same ldap username then I'm able to login. But cant this creation of users be done automatically in otrs DB??


Here is my agents code

Code: Select all

  $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
  $Self->{'AuthModule::LDAP::Host'} = 'host.domain.com';
  $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=domain,dc=com';
  $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
 
  $Self->{'AuthModule::LDAP::SearchUserDN'} = 'cn=Ldap User,cn=users,dc=domain,dc=com';
  $Self->{'AuthModule::LDAP::SearchUserPw'} = 'somepass';
 $Self->{'AuthModule::LDAP::AlwaysFilter'} = '';
$Self->{'AuthModule::LDAP::Params'} = {
    port => 389,
    timeout => 120,
    async => 0,
    version => 3,
};

$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = 'host.domain.com';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=domain, dc=com';
$Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthSyncModule::LDAP::UserAttr'} = 'DN';
$Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'cn=Ldap User,cn=users,dc=domain,dc=com';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'somepass';


  $Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {  
        UserFirstname => 'givenName',
        UserLastname => 'sn',
        UserEmail => 'mail',
    };

    $Self->{UserSyncLDAPGroups} = ['users',];

    $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = ['users',];
    

    $Self->{DatabaseUserTable} = 'users';
    $Self->{DatabaseUserTableUserID} = 'id';
    $Self->{DatabaseUserTableUserPW} = 'pw';
    $Self->{DatabaseUserTableUser} = 'login';

  $Self->{'AuthModule::LDAP::GroupDN'} ='cn=Agents,OU=AgentsAccounts,dc=domain,dc=com';
 $Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
 $Self->{'AuthModule::LDAP::UserAttr'} = 'DN';

  

[crythias]

I believe that agents may need to be added once manually.

[jojo]

please show the Log entries

[kool_kid]

Now I added my agents login via add agents interface in admin control panel. Agents are able to login but the question remains.

I was said that the below code will restrict the users from Agents group to login via agent interface.

Code: Select all

  $Self->{'AuthModule::LDAP::GroupDN'} ='cn=Agents,OU=AgentsAccounts,dc=domain,dc=com';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';

What's the point of doing this when we have to add the agents manually? Supposing this code is not part of my config.pm and some member of my Active Directory tries to login via agent interface, anyway the login will not be successful becuz the user doesnt exist in OTRS db. Then why add the above code?



Regards
Kk

[jojo]

Agents can be synced on first login, so there is no need for manual creating them in database. So please show the log...

[kool_kid]

Thanks for the reply.

My first post contains the log entries, let me know if you looking for something more.

Regards
Kk

[jojo]

Your LDAP Data does not contain a mail address:

Need User Email

[kool_kid]

All users in ldap do have email address. Is it that the ldap is not able to fetch the email address?

Also my customer back end is integrated and I can get email addresses through this.



Regards
Kk

[jojo]

does the user otrs_test have a mail addrss in the LDAP field mail?

[kool_kid]

Yes, there was a missing email address. When I added the email address the login worked.

Thanks for the pointer.

[cinderellaxd]

In my case, the agents login through LDAP and this message appears when an agent is in an "invalid" state.
Go to the Admin menu -> Agents -> go to the agent detail and change the status.

[root]

In my case, the agents login through LDAP and this message appears when an agent is in an "invalid" state.
Go to the Admin menu -> Agents -> go to the agent detail and change the status.

Both are correct, but why answer to an 8 years old post?

- Roy

[cinderellaxd]

In my case, the agents login through LDAP and this message appears when an agent is in an "invalid" state.
Go to the Admin menu -> Agents -> go to the agent detail and change the status.

Both are correct, but why answer to an 8 years old post?

- Roy

I just signed up for this forum, maybe it can serve someone and there is no other similar response.