Login Failure with active directory

[talfeldman]

Hello folks,

I'm having issues login my OTRS 6 (installed on ubuntu 16.04) using ActiveDirectory users (Windows server 2019)
-
as I try to login with a test user I've created I get the following error:
OTRS-CGI-53[1349]: [Error][Kernel::System::User::UserLookup][Line:969]: No UserID found for 'taltest'!

in the OTRS webpage I get: "Authentication succeeded, but no user data record is found in the database. Please contact the administrator."

I'm adding a file with the modification I've made in the Config.pm file.

I've tried to play with the settings but nothing works for me

Thanks in advance,

TaL

[reneeb]

You need to sync the user to the OTRS DB. https://doc.otrs.com/doc/manual/admin/6 ... h-backends

[talfeldman]

have you seen my config file?

-
I tried doing modifications I get now after login in
Internal Server Error

Edit:
after sitting on this for a few hours I got to the point that I get this

Mar 30 20:05:25 localhost OTRS-CGI-53[1476]: [Error][Kernel::System::User::UserAdd][Line:376]: Need UserEmail!
Mar 30 20:05:25 localhost OTRS-CGI-53[1476]: [Error][Kernel::System::Auth::Sync::LDAP::Sync][Line:277]: Can't create user 'talm' (CN=tal moshe,OU=users,OU=Israel,OU=domain,DC=domain,DC=corp) in RDBMS!
Mar 30 20:05:25 localhost OTRS-CGI-53[1476]: [Error][Kernel::System::User::UserLookup][Line:969]: No UserID found for 'talm'!
Mar 30 20:05:25 localhost OTRS-CGI-53[1476]: [Error][Kernel::System::User::UserLookup][Line:969]: No UserID found for 'talm'!
Mar 30 20:05:30 localhost OTRS-CGI-53[1476]: [Error][Kernel::System::User::UserAdd][Line:376]: Need UserEmail!
Mar 30 20:05:30 localhost OTRS-CGI-53[1476]: [Error][Kernel::System::Auth::Sync::LDAP::Sync][Line:277]: Can't create user 'talm' (CN=tal moshe,OU=users,OU=Israel,OU=domain,DC=domain,DC=corp) in RDBMS!
Mar 30 20:05:30 localhost OTRS-CGI-53[1476]: [Error][Kernel::System::User::UserLookup][Line:969]: No UserID found for 'talm'!

any idea what is missing or wrong ?

[crythias]

Mar 30 20:05:25 localhost OTRS-CGI-53[1476]: [Error][Kernel::System::User::UserAdd][Line:376]: Need UserEmail! <-- talm doesn't have an email in the "mail" attribute.
Can't create user 'talm' (CN=tal moshe,OU=users,OU=Israel,OU=domain,DC=domain,DC=corp) in RDBMS!

Code: Select all

    # AuthSyncModule::LDAP::UserSyncMap
    # (map if agent should create/synced from LDAP to DB after successful login)
    $Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
        # DB -> LDAP
        UserFirstname => 'givenName',
        UserLastname  => 'sn',
        UserEmail     => 'mail', <-- this field should have relevant data.
    };

[talfeldman]

Nice, thank you!, I've managed to login from a user located in AD but it looks like it's an agent and not a user
any references maybe regarding this ?

[crythias]

otrs/index.pl <-- agent login
otrs/customer.pl <-- customer login

[talfeldman]

otrs/index.pl <-- agent login
otrs/customer.pl <-- customer login

First, thanks. that is the right link
though, the login works for localdb and agents from AD but users still can't log on.. I'm using the same settings for costumer,

$Self->{'Customer::AuthModule1'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host1'} = 'dc01.domain.corp';
$Self->{'Customer::AuthModule::LDAP::BaseDN1'} = 'dc=domain,dc=corp';
$Self->{'Customer::AuthModule::LDAP::UID1'} = 'sAMAccountName';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN1'} = 'CN=ldap bind,CN=Users,DC=domain,DC=corp';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw1'} = 'passwd';
$Self->{'Customer::AuthModule::LDAP::Params1'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};

EDIT:
and yes, I did restart the service.
its just for agents it works and for users it doesn't even when using the right link
OTRS-CGI-53[7153]: [Error][Kernel::System::CustomerUser::SetPreferences][Line:1139]: No such user
this is the error I get.. no way the user doesn't exists, could you point me to where the problem might come from

thank you for bearing with me

TaL

[crythias]

what do you have for your Customer Map?

https://github.com/OTRS/otrs/blob/3cf48 ... s.pm#L1609

[talfeldman]

it's now working. I'm not sure if at the time being I need extra configuration for the logins
but I found this online

Code: Select all

# customer unique id
    CustomerKey => 'sAMAccountName',
    # customer #
    CustomerID => 'mail',
    CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserSearchPrefix => '',
    CustomerUserSearchSuffix => '*',
    CustomerUserSearchListLimit => 250,
    CustomerUserPostMasterSearchFields => ['mail'],
    CustomerUserNameFields => ['givenname', 'sn'],
    Map => [
      # note: Login, Email and CustomerID needed!
      # var, frontend, storage, shown, required, storage-type
      #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
      [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
      [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
      [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
      [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
      [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
      [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
      #[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
      #[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
    ],
  };