Hi Alvaro,
thanks for your help.
I am not sure if I undesrtand.
I walked arround sysconfig, without success.
CustomerInformationCenter
1 Framework
Frontend::Admin
4 Framework
Frontend::Admin::AdminCustomerCompany
1 Framework
Frontend::Admin::AdminCustomerUser
1 Framework
Frontend::Admin::AdminSelectBox
1 Framework
Frontend::Admin::ModuleRegistration
28 Framework
Frontend::Agent
29 Framework
Frontend::Agent::Auth::TwoFactor
4 Framework
Frontend::Agent::Dashboard
11 Framework
Frontend::Agent::LinkObject
1 Framework
Frontend::Agent::ModuleMetaHead
1 Framework
Frontend::Agent::ModuleNotify
7 Framework
Frontend::Agent::ModuleRegistration
15 Framework
Frontend::Agent::NavBarModule
2 Framework
Frontend::Agent::Preferences
13 Framework
Frontend::Agent::SearchRouter
1 Framework
Frontend::Agent::Stats
10 Framework
Frontend::Customer
28 Framework
Frontend::Customer::Auth
26 Framework
Frontend::Customer::Auth::TwoFactor
4 Framework
Frontend::Customer::ModuleMetaHead
I have:
* Frontend::Customer::Auth
I do not have:
* Frontend::Agent::Auth
Why?
I am using LDAP with memberof.
My idea is:
* Do not use root@localhost in normal operation.
* LDAP Auth is suppressing DB Auth.
I have no problems If i create, manually, an account and log AFTER.
This is a part of my Config.pm
...
# OpenLDAP
# authenticate agents against ldap
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = '127.0.0.1';
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=aaa,dc=bb';
$Self->{'AuthModule::LDAP::UID'} = 'uid';
# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group clerks to use otrs)
$Self->{'AuthModule::LDAP::GroupDN'} =
'cn=clerks,ou=Group,dc=aaa,dc=bb';
# $Self->{'AuthModule::LDAP::AccessAttr'} = 'memberUid';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
# defines AuthSyncBackend (AuthSyncModule) for AuthModule
# if this key exists and is empty, there won't be a sync.
# example values: AuthSyncBackend, AuthSyncBackend2
$Self->{'AuthModule::UseSyncBackend'} = 'AuthSyncBackend';
# sync agents from ldap to mysql
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = '127.0.0.1';
# $Self->{'AuthSyncModule::LDAP::BaseDN'} = 'ou=People,dc=aaa,dc=bb';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=aaa,dc=bb';
$Self->{'AuthSyncModule::LDAP::UID'} = 'uid';
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
# DB -> LDAP
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
UserMobile => 'mobile',
# UserComment => 'description',
};
# AuthSyncModule::LDAP::UserSyncInitialGroups
# (sync following group with rw permission after initial create of
first agent
# login)
$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
'users',
];
# Attributes needed for group syncs
# (attribute name for group value key)
# $Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'memberUid';
$Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'member';
# (attribute for type of group content UID/DN for full ldap name)
# $Self->{'AuthSyncModule::LDAP::UserAttr'} = 'UID';
$Self->{'AuthSyncModule::LDAP::UserAttr'} = 'DN';
# AuthSyncModule::LDAP::UserSyncGroupsDefinition
# (If "LDAP" was selected for AuthModule and you want to sync LDAP
# groups to otrs groups, define the following.)
$Self->{'AuthSyncModule::LDAP::UserSyncGroupsDefinition'} = {
# # ldap group
'cn=netadmins,ou=Group,dc=aaa,dc=bb' => {
# # otrs group
'admin' => {
# # permission
rw => 1,
ro => 1,
},
},
'cn=users,ou=Group,dc=aaa,dc=bb' => {
'users' => {
rw => 1,
ro => 1,
},
}
};
...
Could you help me?
I will appreciate any kind of directions or examples.
TIA
On 28/01/16 11:15, Alvaro Cordero wrote:
Hello,
That means that the user cannot be sync to the database, you need to
verify the user mapping in sysconfig, to match the fields from ldap
into OTRS.
Regards
2016-01-28 9:59 GMT-06:00 Cosme Faria Corrêa <cosm...@canalsac.com.br
<mailto:cosm...@canalsac.com.br>>:
Hi,
my interface message is that:
Panic, user authenticated but no user data can be found in OTRS
DB!! Perhaps the user is invalid.
My log says:
[Thu Jan 28 10:45:40
2016][Error][Kernel::System::User::UserLookup][922] No UserID
found for 'johndoe'!
[Thu Jan 28 10:45:40
2016][Error][Kernel::System::User::UserLookup][922] No UserID
found for 'johndoe'!
[Thu Jan 28 10:45:40
2016][Error][Kernel::System::User::UserAdd][348] Need UserEmail!
[Thu Jan 28 10:45:40
2016][Error][Kernel::System::Auth::Sync::LDAP::Sync][281] Can't
create user 'johndoe' (uid=johndoe,ou=People,dc=aaa,dc=bb) in RDBMS!
[Thu Jan 28 10:45:40
2016][Error][Kernel::System::User::UserLookup][922] No UserID
found for 'johndoe'!
The point is, Why? Why it can't?
[Thu Jan 28 10:45:40
2016][Error][Kernel::System::Auth::Sync::LDAP::Sync][281] Can't
create user 'johndoe' (uid=johndoe,ou=People,dc=aaa,dc=bb) in RDBMS!
--
Cosme Corrêa
+55 21 4042-6606 <tel:%2B55%2021%204042-6606>
CanalSAC
O Nosso Negócio é Relacionamento
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
--
/Alvaro Cordero Retana
Consultor de Tecnologias/
/Tel: 22585757 ext 123/
/Email:/ alv...@gridshield.net <mailto:alv...@gridshield.net>
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
--
Cosme Corrêa
+55 21 4042-6606
CanalSAC
O Nosso Negócio é Relacionamento
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
