Hi Jean-Marie,
OTRS needs to sync information about agents into its own database. This can
be accomplished with the following code segment:
# Now sync data with OTRS DB
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = 'servername.companyname.local';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=companyname, dc=local';
$Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'cn=OTRS
Searcher,ou=OTRS LDAP Searcher,dc=companyname,dc=local';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'searcherpassword';
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
# DB -> LDAP
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
What I've also done is attached my blank LDAP config file. Feel free to
extrapolate required sections and implement it into your own. It also
contains customer authentication. If you don't need the customer
authentication bit, copy everything up to #CustomerUser.
Have a bash at that and let us know how you get on.
Regards,
On Tue, Mar 9, 2010 at 9:18 AM, Ricciarelli, Jean-Marie (Noumea) <
[email protected]> wrote:
> Hi all,
>
>
>
> I’m encountering the following issue when I try to connect to the agent
> interface on otrs :
>
>
>
> - « Panic, user authenticated but no user data can be found in OTRS DB!!
> Perhaps the user is invalid. »
>
>
>
> System is running under debian lenny
>
> OTRS is version 2.4.7
>
> I use Mysql connection
>
> Connection to customer interface is working properly and all data are
> synced as well.
>
>
>
> My config.pm on agent auth is set as follow, I checked from otrs doc and
> mails from lists.otrs.org but…
>
>
>
> #----------------------------------- # Active directory Config
>
> #-- # Active directory declaration
>
> #-----------------------------------
>
> $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
>
> $Self->{'AuthModule::LDAP::Host'} = 'dc.domaine.net';
>
> $Self->{'AuthModule::LDAP::BaseDN'} = 'DC=domaine,DC=net';
>
> $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
>
>
>
>
>
> #-- #Agent LDAP search account
>
> #------------------------------
>
> $Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=otrs account,OU=Service
> Accounts,DC=INCO,DC=NET';
>
> $Self->{'AuthModule::LDAP::SearchUserPw'} = 'password';
>
>
>
> # AuthSyncModule::LDAP::UserSyncMap
>
> # (map if agent should create/synced from LDAP to DB after successful
> login)
>
> $Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
>
> # DB -> LDAP
>
> UserFirstname => 'givenName',
>
> UserLastname => 'sn',
>
> UserEmail => 'mail',
>
> };
>
>
>
> # AuthSyncModule::LDAP::UserSyncInitialGroups
>
> # (sync following group with rw permission after initial create of
> first agent
>
> # login)
>
> $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
>
> 'users',
>
> ];
>
>
>
> When I look at the user.log file, I have an error regarding a table which
> doesn’t look to exist ?!
>
>
>
> Mar 10 05:59:58 neagnet01 OTRS-CGI-10[1026]:
> [Notice][Kernel::System::Auth::LDAP::Auth] User: jmricciarelli
> (CN=Ricciarelli\, Jean-Marie (Noumea),OU=Noumea,OU=Users,OU=Goro
> Operations,DC=INCO,DC=NET) authentication ok (REMOTE_ADDR: 10.xx.xxx.xx).
>
>
>
> Mar 10 05:59:58 neagnet01 OTRS-CGI-10[1026]:
> [Error][Kernel::System::User::UserLookup][Line:680]: Table
> 'otrs.system_user' doesn't exist, SQL: 'SELECT id FROM system_user WHERE
> LOWER(login) = ?'
>
>
>
> Mar 10 05:59:58 neagnet01 OTRS-CGI-10[1026]:
> [Error][Kernel::System::User::UserLookup][Line:680]: Table
> 'otrs.system_user' doesn't exist, SQL: 'SELECT id FROM system_user WHERE
> LOWER(login) = ?'
>
>
>
> Mar 10 05:59:58 neagnet01 OTRS-CGI-10[1026]:
> [Error][Kernel::System::User::GetUserData][Line:172]: Table
> 'otrs.system_user' doesn't exist, SQL: 'SELECT id, login, salutation,
> first_name, last_name, pw, valid_id FROM system_user WHERE LOWER(login) =
> ?'
>
>
>
> So, I’m kind of desperated as I do not know what I can do and actually
> where to look in order to get a solution to my problem…
>
>
>
> If you have any idea, please let me know, I will try any idea in order to
> solve this problem.
>
>
>
> For information, I have another OTRS system running perfectly in version
> 2.2.3 with same type of configuration…
>
>
>
> Kind Regards,
>
> ___________________________________________
> *Jm Ricciarelli.
> *Support IT - Vale Inco NC
> (: 00 (687) (23) 5036
> *:* **[email protected]*
>
>
>
>
>
> ---------------------------------------------------------------------
> OTRS mailing list: itsm - Webpage: http://otrs.org/
> Archive: http://lists.otrs.org/pipermail/itsm
> To unsubscribe: http://lists.otrs.org/mailman/listinfo/itsm
>
> NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
> http://www.otrs.com/en/support/enterprise-subscription/
>
# This is an example configuration for an LDAP auth. backend.
# (take care that Net::LDAP is installed!)
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'servername.companyname.local';
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=companyname,dc=local';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName'; #You may need to
change this, not sure if it's M$ AD specific, default is "mail" I think
# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group xyz to use otrs)
$Self->{'AuthModule::LDAP::GroupDN'} =
'cn=OTRS_Agents,ou=OTRS_Groups,dc=companyname,dc=local';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
# for ldap posixGroups objectclass (just uid)
#$Self->{'AuthModule::LDAP::UserAttr'} = 'UID';
# for non ldap posixGroups objectclass (with full user dn)
$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
# The following is valid but would only be necessary if the
# anonymous user do NOT have permission to read from the LDAP tree
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=OTRS Searcher,OU=OTRS LDAP
Searcher,DC=companyname,DC=local';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'searcherpassword';
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter =>
'(objectclass=user)'
$Self->{'AuthModule::LDAP::AlwaysFilter'} = '';
# in case you want to add a suffix to each login name, then
# you can use this option. e. g. user just want to use user but
# in your ldap directory exists u...@domain.
#$Self->{'AuthModule::LDAP::UserSuffix'} = '';
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
# Now sync data with OTRS DB
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = 'servername.companyname.local';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=companyname, dc=local';
$Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'cn=OTRS Searcher,ou=OTRS
LDAP Searcher,dc=companyname,dc=local';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'searcherpassword';
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
# DB -> LDAP
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
# AuthSyncModule::LDAP::UserSyncInitialGroups
# (sync following group with rw permission after initial create of first
agent
# login)
$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
'users',
];
# CustomerUser
# (customer user ldap backend and settings)
$Self->{CustomerUser} = {
Name => 'Company Staff',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
# ldap host
Host => 'servername.companyname.local',
# ldap base dn
BaseDN => 'ou=Company User Accounts,dc=companyname,dc=local',
# search scope (one|sub)
SSCOPE => 'sub',
# # The following is valid but would only be necessary if the
# # anonymous user does NOT have permission to read from the LDAP
tree
UserDN => 'cn=OTRS Searcher,ou=OTRS LDAP
Searcher,dc=companyname,dc=local',
UserPw => 'searcherpassword',
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter =>
'(objectclass=user)'
AlwaysFilter => '',
# if your frontend is e. g. iso-8859-1 and the charset of your
# ldap server is utf-8, use this options (if not, ignore it)
# SourceCharset => 'utf-8',
# DestCharset => 'iso-8859-1',
# Net::LDAP new params (if needed - for more info see perldoc
Net::LDAP)
Params => {
port => 389,
timeout => 120,
async => 0,
version => 3,
},
},
# customer uniq id
CustomerKey => 'sAMAccountName',
# customer #
CustomerID => 'mail',
CustomerUserListFields => ['cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
# show now own tickets in customer panel, CompanyTickets
CustomerUserExcludePrimaryCustomerID => 0,
# add a ldap filter for valid users (expert setting)
# CustomerUserValidFilter => '(!(description=gesperrt))',
# admin can't change customer preferences
AdminSetPreferences => 0,
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown (1=always,2=lite), required,
storage-type, http-link, readonly
[ 'UserSalutation', 'Title', 'title', 1, 0, 'var',
'', 0 ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var',
'', 0 ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var',
'', 0 ],
[ 'UserLogin', 'Username', 'sAMAccountName', 1,
1, 'var', '', 0 ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var',
'', 0 ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var',
'', 0 ],
# [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1, 0,
'var', '', 0 ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var',
'', 0 ],
[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var',
'', 0 ],
[ 'UserComment', 'Comment', 'description', 1, 0, 'var',
'', 0 ],
],
};
################### Customer User Authentication #####################
# This is an example configuration for an LDAP auth. backend.
# (take care that Net::LDAP is installed!)
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'server.companyname.local';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=companyname,dc=local';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group xyz to use otrs)
# $Self->{'Customer::AuthModule::LDAP::GroupDN'} =
'cn=otrsallow,ou=posixGroups,dc=example,dc=com';
# $Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'memberUid';
# for ldap posixGroups objectclass (just uid)
$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID';
# for non ldap posixGroups objectclass (full user dn)
$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN';
# The following is valid but would only be necessary if the
# anonymous user do NOT have permission to read from the LDAP tree
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=OTRS
Searcher,ou=OTRS LDAP Searcher,dc=companyname,dc=local';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'searcherpassword';
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter =>
'(objectclass=user)'
$Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '';
# in case you want to add a suffix to each customer login name, then
# you can use this option. e. g. user just want to use user but
# in your ldap directory exists u...@domain.
# $Self->{'Customer::AuthModule::LDAP::UserSuffix'} = '@domain.com';
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'Customer::AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
---------------------------------------------------------------------
OTRS mailing list: itsm - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/itsm
To unsubscribe: http://lists.otrs.org/mailman/listinfo/itsm
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/
