OTRS error when communicating with AD

Moderator: crythias

Post Reply
bryansin
Znuny newbie
Posts: 3
Joined: 03 Sep 2013, 03:43
Znuny Version: 3.2.9
Real Name: Bryan Sin
Company: Jcdecaux

OTRS error when communicating with AD

Post by bryansin »

Hi,

I have some problem when connecting OTRS to my AD server, it was working and suddenly i am having problem on login.

When i try for customer.pl, i am having the error like :

Logs from Linux
Sep 26 02:55:56 jcdecauxsg OTRS-CGI-10[1403]: [Notice][Kernel::System::CustomerAuth::LDAP::Auth] CustomerUser: kitkat (CN=kitkat,OU=JA,OU=Users,OU=MyBusiness,DC=JCD,DC=local) authentication ok (REMOTE_ADDR: 192.168.0.1).
Sep 26 02:55:56 jcdecauxsg OTRS-CGI-10[1354]: [Error][Kernel::Output::HTML::Layout::CustomerError][Line:3809]: Need CustomerID!!!

Error from the interface :
Traceback:
ERROR: OTRS-CGI-10 Perl: 5.10.1 OS: linux Time: Thu Sep 26 02:56:52 2013

Message: Need CustomerID!!!

RemoteAddress: 10.184.2.86
RequestURI: /otrs/customer.pl?Action=CustomerTicketOverview;Subaction=MyTickets

Traceback (1353):
Module: Kernel::Output::HTML::Layout::CustomerError (OTRS 3.2.10) Line: 3809
Module: Kernel::Modules::CustomerTicketOverview::Run (OTRS 3.2.10) Line: 88
Module: Kernel::System::Web::InterfaceCustomer::Run (OTRS 3.2.10) Line: 992
Module: ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_customer_2epl::handler (unknown version) Line: 41
Module: (eval) (v1.99) Line: 204
Module: ModPerl::RegistryCooker::run (v1.99) Line: 204
Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 170
Module: ModPerl::Registry::handler (v1.99) Line: 31



For error when i am trying to login with index.pl , which is the agent, i am having problem like :
jcdecauxsg OTRS-CGI-10[1352]: [Notice][Kernel::System::User::GetUserData] Panic! No UserData for user: 'mark.lee'!!!




Below is my config.pm

Code: Select all

#Enable LDAP authentication for Customers / Users
  $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
  $Self->{'Customer::AuthModule::LDAP::Host'} = 'host.example.com';
  $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=BaseOU,dc=example,dc=com';
  $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';

#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
  $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrs_ldap';
  $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'PASSWORD';

#CustomerUser
#(customer user database backend and settings)
    $Self->{CustomerUser} = {
      Module => 'Kernel::System::CustomerUser::LDAP',
      Params => {
      Host => 'host.example.com',
      BaseDN => 'OU=BaseOU,DC=example,DC=com',
      SSCOPE => 'sub',
      UserDN =>'otrs_ldap',
      UserPw => 'PASSWORD',
    },
# customer unique id
    CustomerKey => 'sAMAccountName',
    # customer #
    CustomerID => 'mail',
    CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserSearchPrefix => '',
    CustomerUserSearchSuffix => '*',
    CustomerUserSearchListLimit => 250,
    CustomerUserPostMasterSearchFields => ['mail'],
    CustomerUserNameFields => ['givenname', 'sn'],
    Map => [
      # note: Login, Email and CustomerID needed!
      # var, frontend, storage, shown, required, storage-type
      #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
      [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
      [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
      [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
      [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
      [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
      [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
      #[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
      #[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
    ],
  };
  
#Add the following lines when only users are allowed to login if they reside in the spicified security group
#Remove these lines if you want to provide login to all users specified in the User Base DN
#example: $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=BaseOU, dc=example, dc=com';
  $Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'CN=otrs_ldap_allow_C,OU=Groups,OU=BaseOU,DC=example,DC=com';
  $Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
  $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN'




#Enable LDAP authentication for Customers / Users
  $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
  $Self->{'AuthModule::LDAP::Host'} = 'host.example.com';
  $Self->{'AuthModule::LDAP::BaseDN'} = 'ou=BaseOU,dc=example,dc=com';
  $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
  
#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
  $Self->{'AuthModule::LDAP::SearchUserDN'} = 'otrs_ldap';
  $Self->{'AuthModule::LDAP::SearchUserPw'} = 'PASSWORD';

# UserSyncLDAPMap
# (map if agent should create/synced from LDAP to DB after login)
    $Self->{UserSyncLDAPMap} = {
        # DB -> LDAP
        UserFirstname => 'givenName',
        UserLastname => 'sn',
        UserEmail => 'mail',
    };

# UserSyncLDAPGroups
# (If "LDAP" was selected for AuthModule, you can specify
# initial user groups for first login.)
    $Self->{UserSyncLDAPGroups} = [
        'users',
    ];

# UserTable
    $Self->{DatabaseUserTable} = 'users';
    $Self->{DatabaseUserTableUserID} = 'id';
    $Self->{DatabaseUserTableUserPW} = 'pw';
    $Self->{DatabaseUserTableUser} = 'login';

#Add the following lines when only users are allowed to login if they reside in the spicified security group
#Remove these lines if you want to provide login to all users specified in the User Base DN
  $Self->{'AuthModule::LDAP::GroupDN'} =''CN=otrs_ldap_allow_A,OU=Groups,OU=BaseOU,DC=example,DC=com';
  $Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
  $Self->{'AuthModule::LDAP::UserAttr'} = 'DN';


Any one out there can help ?
did12345
Znuny newbie
Posts: 50
Joined: 04 Dec 2012, 15:24
Znuny Version: 3.2.0

Re: OTRS error when communicating with AD

Post by did12345 »

try using the

Code: Select all

 tags for your code

making OTRS communicate with the AD is a tricky task.

There is a little program that helps you with that OTRS_AD_SCRIPT_CREATOR
[url]http://sourceforge.net/projects/otrsadconfig/[/url]

check out [url]http://forums.otterhub.org/viewtopic.php?f=60&t=16543[/url]
and also check out your OTRS\Var\log for any errors that may apear!
OTRS 4!
crythias
Moderator
Posts: 10169
Joined: 04 May 2010, 18:38
Znuny Version: 5.0.x
Location: SouthWest Florida, USA
Contact:

Re: OTRS error when communicating with AD

Post by crythias »

You have customerID pointing to mail. If it's blank, there might be a problem.
OTRS 6.0.x (private/testing/public) on Linux with MySQL database.
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
Post Reply