Gerald I understand, when we started we struggled a lot with that, because we could see the system was loging the customers (in the logs) but we always got the messages about not being found in the data base. The solution is to change in sysconfig, it by default points to use Database as Customer Backend, so what he needs to adjust is make it LDAP and set the other data the same as in Config.pm.
Regards 2013/3/20 Gerald Young <cryth...@gmail.com> > @Alvaro: Martin already is able to authenticate, so changing SysConfig for > this will not be helpful. > > > On Wed, Mar 20, 2013 at 10:22 AM, Alvaro Cordero <alv...@gridshield.net>wrote: > >> Hello Marting, >> >> Have you also check CustomerAuth option in Sysconfig. You need to >> configure both place (Config.pm) and Sysconfig options so the customers can >> loging and get into OTRS. >> >> The option FrontEnd::Customer::Auth is what I am talking about. >> >> >> 2013/3/19 Marty Hillman <mhill...@equuscs.com> >> >>> My Config.pm appears to be configured correctly, but it does not work. >>> I have looked at the articles in your links along with dozens of others. >>> All of them have the exact same configuration as what I posted in my >>> initial email unless there is a character somewhere I am missing. I copied >>> and pasted the configurations changing my DN, CN, OU, DC in accordance with >>> my AD structure. It is obviously authenticating, so I am fairly certain I >>> did it right. The sAMAccountName and mail settings have been changed >>> various times to try to get it working. Until just before I posted my >>> message, they were both set to ‘mail’.**** >>> >>> ** ** >>> >>> One user wrote that the Customer::Auth page needed to be modified in >>> SysConfig. http://deckerix.com/blog/configura-tu-otrs-con-soporte-ldap/ >>> I did this as well and verified the settings in ZZZauto.pm.**** >>> >>> ** ** >>> >>> From how I read your email (“OTRS will not populate your customer_user >>> database”), I am going to have to hand enter 500 user accounts for the >>> potential employees that can enter tickets or they will not be able to use >>> the system. If I understand you correctly, that is a project killer.* >>> *** >>> >>> ** ** >>> >>> If the system can create the agent accounts based on settings in the >>> Config.pm file, why would it not be able to do so with customers?**** >>> >>> ** ** >>> >>> *From:* otrs-boun...@otrs.org [mailto:otrs-boun...@otrs.org] *On Behalf >>> Of *Leonardo Certuche >>> *Sent:* Tuesday, March 19, 2013 2:03 PM >>> *To:* User questions and discussions about OTRS. >>> *Subject:* Re: [otrs] "Authentication succeeded, but no customer record >>> is found in the customer backend. Please contact your administrator."*** >>> * >>> >>> ** ** >>> >>> Hello Marty,**** >>> >>> ** ** >>> >>> OTRS will not populate your customer_user database once integrated with >>> an LDAP/AD. It will check if the user exists on 'CN=OTRS >>> Dev,OU=level2,OU=level1,DC=domain,DC=com' and then it will confirm the >>> password. If it matches, it will let the customer log in.**** >>> >>> ** ** >>> >>> What you are facing probably has to do with the fact that first you >>> associate CustomerID with one thing:**** >>> >>> ** ** >>> >>> CustomerID => 'sAMAccountName',**** >>> >>> ** ** >>> >>> And then you map it with another:**** >>> >>> ** ** >>> >>> [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],**** >>> >>> ** ** >>> >>> Have you tried the following entries?**** >>> >>> ** ** >>> >>> >>> https://www.google.com.co/search?q=site%3Aforums.otterhub.org+%22Authentication+succeeded%22 >>> **** >>> >>> >>> **** >>> >>> Leonardo Certuche >>> www.itconsultores.com.co >>> Medellín, Colombia**** >>> >>> ** ** >>> >>> On 19 March 2013 13:41, Marty Hillman <mhill...@equuscs.com> wrote:**** >>> >>> I have Googled and screwed around with Config.pm for hours. The >>> configuration is creating agents in the database appropriately, but it is >>> not creating users in the customer database. I am using this as in >>> internal system only, so there is no outside access. I want any user to be >>> able to use their AD credentials to log on. If there is not an account in >>> OTRS, it should create one for them. **** >>> >>> **** >>> >>> Anyone have any thoughts on what I am overlooking? Here is my >>> /opt/otrs/Kernel/Config.pm. I copied and pasted from several Google >>> results and modified for my own information. It does validate the password >>> is correct for the customer, but does not add them to the database if they >>> don’t exist.**** >>> >>> **** >>> >>> # ---------------------------------------------------- #**** >>> >>> # >>> http://wiki.otterhub.org/index.php?title=Using_OTRS_with_Active_Directory_as_a_source_for_agents# >>> **** >>> >>> # ---------------------------------------------------- #**** >>> >>> **** >>> >>> # This is an example configuration for using an MS AD backend**** >>> >>> $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';**** >>> >>> $Self->{'AuthModule::LDAP::Host'} = '172.16.10.21';**** >>> >>> $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=domain,dc=com';**** >>> >>> $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';**** >>> >>> **** >>> >>> # Check if the user is allowed to auth in a posixGroup**** >>> >>> # (e. g. user needs to be in a group OTRS_Agents to use otrs)**** >>> >>> $Self->{'AuthModule::LDAP::GroupDN'} = >>> 'CN=Corp_Admin_MIS,OU=level2,OU=level1,DC=domain,DC=com';**** >>> >>> $Self->{'AuthModule::LDAP::AccessAttr'} = 'member';**** >>> >>> $Self->{'AuthModule::LDAP::UserAttr'} = 'DN';**** >>> >>> **** >>> >>> # Bind credentials to log into AD**** >>> >>> $Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=OTRS >>> Dev,OU=level2,OU=level1,DC=domain,DC=com';**** >>> >>> $Self->{'AuthModule::LDAP::SearchUserPw'} = 'password';**** >>> >>> **** >>> >>> # in case you want to add always one filter to each ldap query, use* >>> *** >>> >>> # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => >>> '(objectclass=user)'**** >>> >>> $Self->{'AuthModule::LDAP::AlwaysFilter'} = '';**** >>> >>> **** >>> >>> # in case you want to add a suffix to each login name, then**** >>> >>> # you can use this option. e. g. user just want to use user but**** >>> >>> # in your ldap directory exists user@domain.**** >>> >>> #$Self->{'AuthModule::LDAP::UserSuffix'} = '';**** >>> >>> **** >>> >>> # Net::LDAP new params (if needed - for more info see perldoc >>> Net::LDAP)**** >>> >>> $Self->{'AuthModule::LDAP::Params'} = {**** >>> >>> port => 389,**** >>> >>> timeout => 120,**** >>> >>> async => 0,**** >>> >>> version => 3,**** >>> >>> };**** >>> >>> **** >>> >>> # Now sync data with OTRS DB**** >>> >>> $Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';**** >>> >>> $Self->{'AuthSyncModule::LDAP::Host'} = '172.16.10.21';**** >>> >>> $Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=domain, dc=com';**** >>> >>> $Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';**** >>> >>> $Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'CN=OTRS >>> Dev,OU=level2,OU=level1,DC=domain,DC=com';**** >>> >>> $Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'password';**** >>> >>> **** >>> >>> $Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {**** >>> >>> # DB -> LDAP**** >>> >>> UserFirstname => 'givenName',**** >>> >>> UserLastname => 'sn',**** >>> >>> UserEmail => 'mail',**** >>> >>> };**** >>> >>> **** >>> >>> # AuthSyncModule::LDAP::UserSyncInitialGroups**** >>> >>> # (sync following group with rw permission after initial create of >>> first agent**** >>> >>> # login)**** >>> >>> $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [**** >>> >>> 'users',**** >>> >>> ];**** >>> >>> **** >>> >>> # ---------------------------------------------------- #**** >>> >>> # Customer authentication section #**** >>> >>> # ---------------------------------------------------- #**** >>> >>> **** >>> >>> $Self->{'SecureMode'} = '1';**** >>> >>> # The name to be used for this server when constructing URLs in >>> email**** >>> >>> $Self-> {'FQDN'} = 'otrsdev.domain.com';**** >>> >>> **** >>> >>> #Enable LDAP authentication for Customers / Users**** >>> >>> $Self->{'Customer::AuthModule'} = >>> 'Kernel::System::CustomerAuth::LDAP';**** >>> >>> $Self->{'Customer::AuthModule::LDAP::Host'} = '172.16.10.21';**** >>> >>> $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'DC=domain,DC=com';* >>> *** >>> >>> $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';**** >>> >>> $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN';**** >>> >>> $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'CN=OTRS >>> Dev,OU=level2,OU=level1,DC=domain,DC=com';**** >>> >>> $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'password';*** >>> * >>> >>> $Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = >>> '(objectclass=user)';**** >>> >>> $Self->{'Customer::AuthModule::LDAP::UserSuffix'} = '';**** >>> >>> # $Self->{'AuthModule::LDAP::Die'} = 1;**** >>> >>> **** >>> >>> #CustomerUser**** >>> >>> #(customer user database backend and settings)**** >>> >>> $Self->{CustomerUser} = {**** >>> >>> Module => 'Kernel::System::CustomerUser::LDAP',**** >>> >>> Params => {**** >>> >>> Host => '172.16.10.21',**** >>> >>> BaseDN => 'DC=domain,DC=com',**** >>> >>> async => 0,**** >>> >>> port => 389,**** >>> >>> sscope => 'sub',**** >>> >>> timeout => 120,**** >>> >>> version => 3,**** >>> >>> UserDN => 'CN=OTRS Dev,OU=level2,OU=level1,DC=domain,DC=com'; >>> **** >>> >>> UserPw => 'password',**** >>> >>> },**** >>> >>> **** >>> >>> # Unique customer key/id**** >>> >>> CustomerKey => 'sAMAccountName',**** >>> >>> CustomerID => 'sAMAccountName',**** >>> >>> CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],**** >>> >>> CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],*** >>> * >>> >>> CustomerUserSearchPrefix => '',**** >>> >>> CustomerUserSearchSuffix => '*',**** >>> >>> CustomerUserSearchListLimit => 250,**** >>> >>> CustomerUserPostMasterSearchFields => ['mail'],**** >>> >>> CustomerUserNameFields => ['givenname', 'sn'],**** >>> >>> Map => [**** >>> >>> # note: Login, Email and CustomerID needed!**** >>> >>> # var, frontend, storage, shown, required, storage-type**** >>> >>> #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],**** >>> >>> [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],* >>> *** >>> >>> [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],**** >>> >>> [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],**** >>> >>> [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],**** >>> >>> [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],**** >>> >>> [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],*** >>> * >>> >>> #[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ], >>> **** >>> >>> #[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],** >>> ** >>> >>> ],**** >>> >>> };**** >>> >>> **** >>> >>> **** >>> >>> # ---------------------------------------------------- #**** >>> >>> **** >>> >>> >>> --------------------------------------------------------------------- >>> OTRS mailing list: otrs - Webpage: http://otrs.org/ >>> Archive: http://lists.otrs.org/pipermail/otrs >>> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs**** >>> >>> ** ** >>> >>> --------------------------------------------------------------------- >>> OTRS mailing list: otrs - Webpage: http://otrs.org/ >>> Archive: http://lists.otrs.org/pipermail/otrs >>> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs >>> >> >> >> >> -- >> ___________________________ >> Alvaro Cordero Retana >> Consultor de Tecnologias >> Gridshield Monitoreo de Redes e >> Infraestructura. >> 2258-5757 ext 123 >> alv...@gridshield.net >> www.gridshield.net >> >> --------------------------------------------------------------------- >> OTRS mailing list: otrs - Webpage: http://otrs.org/ >> Archive: http://lists.otrs.org/pipermail/otrs >> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs >> > > > --------------------------------------------------------------------- > OTRS mailing list: otrs - Webpage: http://otrs.org/ > Archive: http://lists.otrs.org/pipermail/otrs > To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs > -- ___________________________ Alvaro Cordero Retana Consultor de Tecnologias Gridshield Monitoreo de Redes e Infraestructura. 2258-5757 ext 123 alv...@gridshield.net www.gridshield.net
--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
