Ldap Authenticated customers are not noted in DB

[maro584]

Hello Guys,

Finally I have made a proper configuration of LDAP for our OTRS instance but unfortunatelly when any customer is logging in to customer view he has not leave any entry or trace in DB. Do you know how to configure LDAP authentcation to duplicate customers in the database? I made a configuration for agents on that way that if some agent logs in his login and password is duplicated in database in table "SELECT * FROM users".

[wurzel]

Hi,

there is no customer user sync available.

Flo

[maro584]

There is no sync In all version of OTRS?

Maybe with some background there will be easier to find a solution.

I have a lot of customers on my OTRS instance who is authenticating via LDAP.
All of that users - because they are authenticating via LDAP - have a CustomerID as their mail mentioned in AD, of course it can be any value mentioned in their account in AD .

If customerA create a ticket only he can see and edit it because he has unique CustomerID. CustomerB can not view a ticket of CustomerA because he have other unique CustimerID. I want to add ability for CustomerA to control which customer can view his ticket. I thought that I will acheive this creating a CustomerID as a ticket number and put there both Customers using GenericAgent and some python script which made a changes in database, but LDAP customers do not leave any entries in DB despite of table Ticket . I will be very thankfull for solution of it.

Hope you guys well during this whole Corona thing.

[wurzel]

Hi,

There is no sync In all version of OTRS?

yes.

If customerA create a ticket only he can see and edit it because he has unique CustomerID. CustomerB can not view a ticket of CustomerA because he have other unique CustimerID. I want to add ability for CustomerA to control which customer can view his ticket. I thought that I will acheive this creating a CustomerID as a ticket number and put there both Customers using GenericAgent and some python script which made a changes in database, but LDAP customers do not leave any entries in DB despite of table Ticket . I will be very thankfull for solution of it.

https://doc.otrs.com/doc/manual/admin/6 ... ckets-ldap

use CustomerIDs.

no scripts, no generic agent, no changes in database.

Flo

[maro584]

You suggent to put in field:

CustomerID => 'customer_id',

Some name of customerID but it will caused that all customers will have the same customerId and a effect of thi will be that every customer user will have a ability to see all of the tickets. What I want to achieve is that all customers will only have an access to their ticket but also they will have abbility to assign some other ldap user to see his ticket.

[jojo]

this requires an additional Feature Add On to have additional customers assigned to the ticket

[maro584]

One more thing , support for the same problem advise me something like below, so I will share it and maybe it helps anybody in any case:

//But is there any way to configure ldap authentication of customers that customers will be stored in db?

you can use the script /opt/otrs/scripts/contrib/otrs.SyncLDAP2DB.pl to synch LDAP data to your local DB.
Configure your LDAP settings in the script and run in frequently as you need it (daily, hourly,...).
Treat all your Customer Users now as coming from local DB, the script just reads the LDAP information and copies the data to the local DB.
Be aware this will lead to delays, any change in LDAP is synchronized on next run of the script.


But when I am trying to use this script I have received an error like this:

otrs.SyncLDAP2DB.pl: IO::Socket::INET: Bad hostname 'bay.csuhayward.edu' at ./otrs.SyncLDAP2DB.pl line 69.

And I think the cause of it is network issues in my company (proxy)

[root]

But when I am trying to use this script I have received an error like this:

otrs.SyncLDAP2DB.pl: IO::Socket::INET: Bad hostname 'bay.csuhayward.edu' at ./otrs.SyncLDAP2DB.pl line 69.

And I think the cause of it is network issues in my company (proxy)

Hi,

that is the hostname of the LDAP server in the script. You should think about adjusting parameters according to your environment.

- Roy

[maro584]

Yes, you have right, silly me

I have tested this script, and yes it duplicate a users from ldap to DB.

I think we can close a topic and enjoy this solution

Have a happy quarantine

[maro584]

Unfortunatelly it is not working as I thought, something is going wrong.

Now in the the table customer_user there are a users from AD but no password in pw column. Does anybody know what is wrong here?

[jojo]

Passwords can not be fetched by LDAP for security reasons. So the script sets test as a password and the customer users should use the password forgotten function the create a local password.

You still could mix the customer data (from DB) and the authentification (via LDAP) but I strongly advise to get some deeper experience with OTRS first (like admin training)