Re: [otrs] "Authentication succeeded, but no customer record is found in the customer backend. Please contact your administrator."

Tue, 19 Mar 2013 13:06:39 -0700 

Come to think of it, if it does not add the customers to the database, the 
feature is pretty worthless.  Why validate against LDAP/AD at all for customers 
if everything has to exist in the database?  That would just be adding useless 
complexity.

From: otrs-boun...@otrs.org [mailto:otrs-boun...@otrs.org] On Behalf Of Marty 
Hillman
Sent: Tuesday, March 19, 2013 3:00 PM
To: User questions and discussions about OTRS.
Subject: Re: [otrs] "Authentication succeeded, but no customer record is found 
in the customer backend. Please contact your administrator."

My Config.pm appears to be configured correctly, but it does not work.  I have 
looked at the articles in your links along with dozens of others.  All of them 
have the exact same configuration as what I posted in my initial email unless 
there is a character somewhere I am missing.  I copied and pasted the 
configurations changing my DN, CN, OU, DC in accordance with my AD structure.  
It is obviously authenticating, so I am fairly certain I did it right.  The 
sAMAccountName and mail settings have been changed various times to try to get 
it working.  Until just before I posted my message, they were both set to 
'mail'.

One user wrote that the Customer::Auth page needed to be modified in SysConfig. 
 http://deckerix.com/blog/configura-tu-otrs-con-soporte-ldap/  I did this as 
well and verified the settings in ZZZauto.pm.

>From how I read your email ("OTRS will not populate your customer_user 
>database"), I am going to have to hand enter 500 user accounts for the 
>potential employees that can enter tickets or they will not be able to use the 
>system.    If I understand you correctly, that is a project killer.

If the system can create the agent accounts based on settings in the Config.pm 
file, why would it not be able to do so with customers?

From: otrs-boun...@otrs.org [mailto:otrs-boun...@otrs.org] On Behalf Of 
Leonardo Certuche
Sent: Tuesday, March 19, 2013 2:03 PM
To: User questions and discussions about OTRS.
Subject: Re: [otrs] "Authentication succeeded, but no customer record is found 
in the customer backend. Please contact your administrator."

Hello Marty,

OTRS will not populate your customer_user database once integrated with an 
LDAP/AD. It will check if the user exists on  'CN=OTRS 
Dev,OU=level2,OU=level1,DC=domain,DC=com' and then it will confirm the 
password. If it matches, it will let the customer log in.

What you are facing probably has to do with the fact that first you associate 
CustomerID with one thing:

CustomerID => 'sAMAccountName',

And then you map it with another:

     [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],

Have you tried the following entries?

https://www.google.com.co/search?q=site%3Aforums.otterhub.org+%22Authentication+succeeded%22

Leonardo Certuche
www.itconsultores.com.co<http://www.itconsultores.com.co>
MedellĂ­n, Colombia

On 19 March 2013 13:41, Marty Hillman 
<mhill...@equuscs.com<mailto:mhill...@equuscs.com>> wrote:
I have Googled and screwed around with Config.pm for hours.  The configuration 
is creating agents in the database appropriately, but it is not creating users 
in the customer database.  I am using this as in internal system only, so there 
is no outside access.  I want any user to be able to use their AD credentials 
to log on.  If there is not an account in OTRS, it should create one for them.

Anyone have any thoughts on what I am overlooking?  Here is my 
/opt/otrs/Kernel/Config.pm.  I copied and pasted from several Google results 
and modified for my own information.  It does validate the password is correct 
for the customer, but does not add them to the database if they don't exist.

    # ---------------------------------------------------- #
    # 
http://wiki.otterhub.org/index.php?title=Using_OTRS_with_Active_Directory_as_a_source_for_agents
 #
    # ---------------------------------------------------- #

    # This is an example configuration for using an MS AD backend
    $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
    $Self->{'AuthModule::LDAP::Host'} = '172.16.10.21';
    $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=domain,dc=com';
    $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';

    # Check if the user is allowed to auth in a posixGroup
    # (e. g. user needs to be in a group OTRS_Agents to use otrs)
    $Self->{'AuthModule::LDAP::GroupDN'} = 
'CN=Corp_Admin_MIS,OU=level2,OU=level1,DC=domain,DC=com';
    $Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
    $Self->{'AuthModule::LDAP::UserAttr'} = 'DN';

    # Bind credentials to log into AD
    $Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=OTRS 
Dev,OU=level2,OU=level1,DC=domain,DC=com';
    $Self->{'AuthModule::LDAP::SearchUserPw'} = 'password';

    # in case you want to add always one filter to each ldap query, use
    # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => 
'(objectclass=user)'
    $Self->{'AuthModule::LDAP::AlwaysFilter'} = '';

    # in case you want to add a suffix to each login name,  then
    # you can use this option. e. g. user just want to use user but
    # in your ldap directory exists user@domain.
    #$Self->{'AuthModule::LDAP::UserSuffix'} = '';

    # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
    $Self->{'AuthModule::LDAP::Params'} = {
        port => 389,
        timeout => 120,
        async => 0,
        version => 3,
    };

   # Now sync data with OTRS DB
    $Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
    $Self->{'AuthSyncModule::LDAP::Host'} = '172.16.10.21';
    $Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=domain, dc=com';
    $Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
    $Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'CN=OTRS 
Dev,OU=level2,OU=level1,DC=domain,DC=com';
    $Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'password';

    $Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
        # DB -> LDAP
        UserFirstname => 'givenName',
       UserLastname  => 'sn',
        UserEmail     => 'mail',
    };

    # AuthSyncModule::LDAP::UserSyncInitialGroups
    # (sync following group with rw permission after initial create of first 
agent
    # login)
    $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
        'users',
    ];

    # ---------------------------------------------------- #
    # Customer authentication section                      #
    # ---------------------------------------------------- #

    $Self->{'SecureMode'} = '1';
    #    The name to be used for this server when constructing URLs in email
    $Self-> {'FQDN'} = 'otrsdev.domain.com<http://otrsdev.domain.com>';

    #Enable LDAP authentication for Customers / Users
    $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
    $Self->{'Customer::AuthModule::LDAP::Host'} = '172.16.10.21';
    $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'DC=domain,DC=com';
    $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
    $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN';
    $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'CN=OTRS 
Dev,OU=level2,OU=level1,DC=domain,DC=com';
    $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'password';
    $Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '(objectclass=user)';
    $Self->{'Customer::AuthModule::LDAP::UserSuffix'} = '';
#    $Self->{'AuthModule::LDAP::Die'} = 1;

    #CustomerUser
    #(customer user database backend and settings)
        $Self->{CustomerUser} = {
            Module => 'Kernel::System::CustomerUser::LDAP',
            Params => {
            Host => '172.16.10.21',
            BaseDN => 'DC=domain,DC=com',
            async => 0,
            port => 389,
            sscope => 'sub',
            timeout => 120,
            version => 3,
            UserDN => 'CN=OTRS Dev,OU=level2,OU=level1,DC=domain,DC=com';
            UserPw => 'password',
        },

        # Unique customer key/id
        CustomerKey => 'sAMAccountName',
        CustomerID => 'sAMAccountName',
        CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
        CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
        CustomerUserSearchPrefix => '',
        CustomerUserSearchSuffix => '*',
        CustomerUserSearchListLimit => 250,
        CustomerUserPostMasterSearchFields => ['mail'],
        CustomerUserNameFields => ['givenname', 'sn'],
        Map => [
            # note: Login, Email and CustomerID needed!
            # var, frontend, storage, shown, required, storage-type
            #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
            [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
            [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
            [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
            [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
            [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
            [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
            #[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
            #[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
            ],
        };


    # ---------------------------------------------------- #


---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs


---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

Reply via email to