Debian Linux 6.0 amd64 + Apache
Win2k8R2 AD DC
I am evaluating and testing OTRS for the first time. Agents in our AD are able to login and authenticate and their AD account info populates correctly in the Agents listing of the Admin panel. I have set things up so only AD users who are members of the OTRS group may authenticate/login as agents in OTRS.
Customers from AD are able to authenticate apparently, but are unable to login. A test customer I created in the local OTRS DB is able to login when I have the LDAP disabled however. My understanding of the problem is that the customers are not syncing to the LDAP backend in the way the agents have been. In the documentation and Defaults.pm I have not seen any reference to something like the agent's AuthSyncModule for the customers and this is perhaps throwing me off.
Any help is greatly appreciated and thanks to the OTRS devs for what seems to be a top notch application. Please assume I know nothing when responding.
This is what the customer sees at the login screen:
This is what shows up in the otrs log file:Authentication succeeded, but no customer record is found in the customer backend. Please contact your administrator.
database from config.pm:[Thu Feb 24 08:51:02 2011][Notice][Kernel::System::CustomerAuth::LDAP::Auth] CustomerUser: testcustomer (CN=testcustomer,CN=Users,DC=domainname,DC=com) authentication ok (REMOTE_ADDR: *.*.*.*).
[Thu Feb 24 08:51:02 2011][Error][Kernel::System::CustomerUser::SetPreferences][493] No such user 'testcustomer'!
Code: Select all
$Self->{'DatabaseHost'} = 'localhost';
$Self->{'Database'} = 'otrs';
$Self->{'DatabaseUser'} = 'username';
$Self->{'DatabasePw'} = '******';
$Self->{DatabaseDSN} = "DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost};";
Code: Select all
$Self->{AuthModule} = 'Kernel::System::Auth::DB';
$Self->{AuthModule1} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host1'} = 'dcname.domainname.com';
$Self->{'AuthModule::LDAP::BaseDN1'} = 'dc=domainname,dc=com';
$Self->{'AuthModule::LDAP::UID1'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::GroupDN1'} = 'cn=OTRS,dc=domainname,dc=com';
$Self->{'AuthModule::LDAP::AccessAttr1'} = 'member';
$Self->{'AuthModule::LDAP::UserAttr1'} = 'DN';
$Self->{'AuthModule::LDAP::SearchUserDN1'} = 'CN=OTRS SEARCH,CN=Users,DC=domainname,DC=com';
$Self->{'AuthModule::LDAP::SearchUserPw1'} = '******';
$Self->{AuthSyncModule1} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host1'} = 'dcname.domainname.com';
$Self->{'AuthSyncModule::LDAP::BaseDN1'} = 'dc=domainname,dc=com';
$Self->{'AuthSyncModule::LDAP::UID1'} = 'sAMAccountName';
$Self->{'AuthSyncModule::LDAP::SearchUserDN1'} = 'CN=OTRS SEARCH,CN=Users,DC=domainname,DC=com';
$Self->{'AuthSyncModule::LDAP::SearchUserPw1'} = '******';
$Self->{'AuthSyncModule::LDAP::UserSyncMap1'} = {
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
'users',
];
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'dcname.domainname.com';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=domainname,dc=com';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'CN=OTRS SEARCH,CN=Users,DC=domainname,DC=com';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = '******';
$Self->{CustomerUser} = {
Name => 'LDAP Backend',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'dcname.domainname.com',
BaseDN => 'dc=domainname,dc=com',
SSCOPE => 'sub',
UserDN => 'CN=OTRS SEARCH,CN=Users,DC=domainname,DC=com',
UserPw => '******',
Params => {
port => 389,
timeout => 120,
async => 0,
version => 3,
},
},
CustomerKey => 'sAMAccountName',
CustomerID => 'mail',
CustomerUserListFields => ['cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
CustomerUserExcludePrimaryCustomerID => 0,
AdminSetPreferences => 0,
Map => [
[ 'UserTitle', 'Title', 'title', 1, 0, 'var', '', 0 ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var', '', 0 ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var', '', 0 ],
[ 'UserLogin', 'Username', 'uid', 1, 1, 'var', '', 0 ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var', '', 0 ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var', '', 0 ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var', '', 0 ],
[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var', '', 0 ],
[ 'UserComment', 'Comment', 'description', 1, 0, 'var', '', 0 ],
],
};
edit: and this what shows up in /var/log/apache2/error.log each time:
ERROR: OTRS-CGI-10 Perl: 5.10.1 OS: linux Time: Thu Feb 24 12:03:17 2011
Message: No such user 'testcustomer'!
Traceback (8860):
Module: Kernel::System::CustomerUser::SetPreferences (v1.61) Line: 493
Module: Kernel::System::CustomerAuth::Auth (v1.34) Line: 155
Module: Kernel::System::Web::InterfaceCustomer::Run (v1.56) Line: 203
Module: ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_customer_2epl::handler (unknown version) Line: 45
Module: (eval) (v1.43) Line: 204
Module: ModPerl::RegistryCooker::run (v1.43) Line: 204
Module: ModPerl::RegistryCooker::default_handler (v1.43) Line: 170
Module: ModPerl::Registry::handler (v1.99) Line: 31