Troy Shafer
Fri, 05 Feb 2010 12:07:01 -0800
YOU ARE THE MAN! -Troy
________________________________
From: David Holder <david.hol...@gmail.com>
To: User questions and discussions about OTRS. <otrs@otrs.org>
Sent: Fri, February 5, 2010 2:30:25 PM
Subject: Re: [otrs] AD Synch
Hi Troy,
Instead of this:
CustomerKey => 'sAMAccountName',
CustomerID => 'sAMAccountName',
Try this:
CustomerKey => 'sAMAccountName',
CustomerID => 'mail'
Regards,
Troy Shafer wrote:
>
>ok,
>i'm missing something.. below is my customer ldap code. I made sure all
>uid were changed too sAMAccountName... (i changed specific domain info
>for obvious reasons)
>
>
>>#Customer LDAP Settings
>
>>$Self->{CustomerUser} = {
>> Module => 'Kernel::System::CustomerUser::LDAP',
>> Params => {
>> Host => '192.168.30.55',
>> BaseDN => 'dc=domain,dc=com',
>> SSCOPE => 'sub',
>> UserDN => 'cn=otrs,ou=mis,ou=User_Accounts,dc=domain,dc=com',
>> UserPw => 'otrspassword',
>> },
>> CustomerKey => 'sAMAccountName',
>> CustomerID => 'sAMAccountName',
>> CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
>> CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
>> CustomerUserPostMasterSearchFields => ['mail'],
>> CustomerUserNameFields => ['givenname', 'sn'],
>> Map => [
>> # note: Login, Email and CustomerID needed!
>> # var, frontend, storage, shown, required, storage-type
>># [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
>> [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
>> [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
>> [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
>> [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
>> [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
>># [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
>># [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
>># [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
>> ],
>> };
>
>
>
>-Troy
>
>
>
>
>
>
________________________________
From: >Troy Shafer <troyksha...@yahoo.com>
>To: User questions and
>discussions about OTRS. <otrs@otrs.org>
>Sent: Fri, February 5,
>2010 1:00:36 PM
>Subject: Re: [otrs] AD
>Synch
>
>
>Ok
>i went back and tried the customer login and I get an error that
>says... Error: Need CustomerID!!! I'm sure this is common.
>
>I think i found my answer here:
>http://lists.otrs.org/pipermail/otrs/2004-October/006523.html
>
>>I'll report back if I did i'm sure i can't be the only one looking for
>this... or i'm a moron and i AM the only one :)
>
>>Thanks Sune and David, i've seen your post throughout my search and i
>do appreciate such knowledgeable admins helping us out.
>
>
>
>
>-Troy
>
>
>
>
>
>
________________________________
From: >Sune T. Tougaard <s...@lyngsoesystems.com>
>To: User questions and
>discussions about OTRS. <otrs@otrs.org>
>Sent: Thu, February 4,
>2010 6:46:41 PM
>Subject: Re: [otrs] AD
>Synch
>
>
>If this
>by any chance
>is for the customer part (it’s a big install if you have 3000 agents, I
>think),
>perhaps the following may be helpful.
>
>By “No
>user data”
>it could mean that some info that is required in the OTRS DB is not
>available
>in the AD/LDAP lookup. So one thing to check, I guess, would be if the
>AD is
>populated with the needed data.
>In my
>setup I think
>that the only parts “required” for the customer part are Login, Email
>and CustomerID.
>
>In my
>Customer
>Authentication part of the config, I have
>those
>fields mapped as follows:
>
># 'var',
>'frontend', 'storage', shown, required, 'storage-type'
>[ 'UserLogin',
>'Login', 'sAMAccountName', 1, 1, 'var'
>],
>[ 'UserEmail',
>'Email', 'mail', 1, 1, 'var' ],
>[ 'UserCustomerID',
>'CustomerID', 'mail', 0, 1, 'var'
>],
>
>So, in
>my AD, if I have
>empty “sAMAccountName” or “mail”
>fields, I would get the “No user data” error when logging in.
>Also, I
>believe that
>the UID must be set to “sAMAccountName”,
>the default is UPN as far as I recall.
>
>Your otrs log may give your hints to what may be
>missing or
>going wrong.
>Perhaps
>you could show
>us the authen part of your config,
>that could help.
>
>It’s
>been a
>while since I was last deep in otrs, so I
>may be
>using an older version. Dunno if all this
>applies to
>yours.
>I may
>also be totally
>off track, it was setup years ago.
>
>--
>/Sune
>T.
>
>From:otrs-boun...@otrs.org >[mailto:otrs-boun...@otrs.org] On
>Behalf Of David
>Holder
>Sent: 05 February 2010
>00:16
>To: User questions and
>discussions
>about OTRS.
>Subject: Re: [otrs] AD
>Synch
>
>Hi Troy,
>
>>AFAIK agents are authenticated against OTRS's database, but the
>information for
>those accounts is first probed in the LDAP directory. If you're getting
>a
>"panic no user data!" when logging in as a agent, the information
>isn't being synced to OTRS's database. Have you implemented the
>following code:
> # agent data sync against ldap
> $Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
> $Self->{'AuthSyncModule::LDAP::Host'} = 'ldap://ldap.example.com/';
> $Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=otrs, dc=org';
> $Self->{'AuthSyncModule::LDAP::UID'} = 'uid';
> $Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'uid=sys, ou=user,
> dc=otrs, dc=org';
> $Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'some_pass';
> $Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
> # DB -> LDAP
> UserFirstname => 'givenName',
> UserLastname => 'sn',
> UserEmail => 'mail',
> };
> [...]
>
> # AuthSyncModule::LDAP::UserSyncInitialGroups
> # (sync following group with rw permission after initial create of first
> agent
> # login)
> $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
> 'users',
> ];
>
>If you haven't
>implemented the above, do so and let us know how you get on. If you get
>compeltely stuck I can send you a blank config from my current OTRS
>setup,
>which I have e-mailed to several people already to help them resolve
>their AD
>sync/access issues.
>
>>Regards,
>
>>David
>
>
>>Troy Shafer wrote:
>I
>have searched and searched but can't seem to find the answer.
>
>>So i setup the Config.pm to use AD authentication.. then
>of course i got the
>Panic! No user data! error. We have over 3,000 employees. I'm not
>going to sit here and create an account for each of them. I do have it
>searching AD successfully and autheniticating against AD.
>
>>I've seen examples of user synchronization on the web and everytime i
>try those
>code in the config file and restart apache i can't login to otrs with
>an AD
>account or r...@localhost.
>
>>Essentially i'm looking for the code that will allow authentication
>against AD
>without the user needing to be in the otrs db... or..
>
>>When authenticated against AD the user is automatically created in the
>OTRS DB..
>
>>or some variation that doesn't need me to create 3000 accounts by hand.
>
>
>-Troy
>
>
>
>
>
>
>
>
________________________________
>
>
>---------------------------------------------------------------------
>OTRS mailing list: otrs - Webpage: http://otrs.org/
>Archive: http://lists.otrs.org/pipermail/otrs
>To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
>
>NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
>http://www.otrs.com/en/support/enterprise-subscription/
>
>
>
>
________________________________
>---------------------------------------------------------------------
>OTRS mailing list: otrs - Webpage: http://otrs.org/
>Archive: http://lists.otrs.org/pipermail/otrs
>To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
>
>NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
>http://www.otrs.com/en/support/enterprise-subscription/
--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/