On 27/09/2016 10:38, [email protected] wrote:
Hi Bene.
Am 27.09.2016 um 09:36 schrieb Bene<[email protected]>:
Previously when we worked with customers authenticating vs. the OTRS DB, the
customer user list contained
all the customers in the database. We changed Config.pm to allow the customers
to also authenticate
vs. the AD, and inserted a 2nd authentication method vs the OTRS DB.
However, the Customer User administration only shows those customers from the
AD, not the customer user
from the OTRS DB.
How can I included both in the list?
You missed some information in your mail:
* what is your OTRS version?
* please provide a (anonymized) extract from your config that contains the
configuration for both: DB and AD connection.
By default both should sources should be available via AdminCustomerUser
interface.
Best wishes,
Jan Dreyer
Hello Jan,
off course, I use OTRS 5.0.12.
I have succeeded in getting the OTRS database users listed in Customer
User Administration. However, I encounter 2 errors.
1. When I want to update the password from a database user, I get this
error in the system logs
ERROR: duplicate key value violates unique constraint
"customer_user_login"DETAIL: Key (login)=(general) already exists.,
SQL: 'UPDATE customer_user SET title = ?, first_name = ?, last_name = ?,
login = ?, email = ?, customer_id = ?, phone = ?,
fax = ?, mobile = ?, street = ?, zip = ?, city = ?, country = ?,
comments = ?, valid_id = ?,
change_time = '2016-09-27 10:44:00' , change_by = ? WHERE
LOWER(customer_id) = LOWER(?)'
The user does not exist in AD, only in the database. If I change the
password of another database user, it does work.
No idea why this fails. The error seems weird at first because I'm
trying to update an existing customer.
The error is syslog is "Need UserID!". Syslog says this:
OTRS-CGI-91[8810]:
[Error][Kernel::System::CustomerUser::SetPreferences][Line:560]: Need
UserID!
2. In the system log, I see this error when I go to the Customer User list:
[Error][Kernel::System::CustomerUser::LDAP::CustomerUserDataGet][Line:771]:
Bad filter
Could this be because the LDAP search is first, before the database entries?
Excerpt of my Config.pm
...
#-------------------------------------------------------------------------------------------#
# Agent
Authentication #
#-------------------------------------------------------------------------------------------#
### --- Step 1: Authenticate vs. ldap --- ###
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'ad.myowndomain.com';
$Self->{'AuthModule::LDAP::BaseDN'} = 'OU=Users,OU=myowndomain,DC=com';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
$Self->{'AuthModule::LDAP::SearchUserDN'} =
'CN=queryotrs,CN=Users,DC=myowndomain,DC=com';
$Self->{'AuthModule::LDAP::SearchUserPw'} = '<password>';
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
#-------------------------------------------------------------------------------------------#
# Agent
Data #
#-------------------------------------------------------------------------------------------#
# UserSyncLDAPMap
# (map if agent should create/synced from LDAP to DB after login)
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
# DB -> LDAP
#UserID => 'sAMAccountName',
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
# AuthSyncModule::LDAP::UserSyncInitialGroups
$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
'users',
];
### --- Step 2: Authenticate vs. local OTRS DB --- ###
# Second backend, internal OTRS DB
$Self->{'AuthModule2'} = 'Kernel::System::Auth::DB';
$Self->{'AuthModule::DB::CryptType2'} = 'crypt';
#-------------------------------------------------------------------------------------------#
# Customer
Authentication #
#-------------------------------------------------------------------------------------------#
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'ad.myowndomain.com';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} =
'OU=Users,OU=myowndomain,DC=com';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} =
''CN=queryotrs,CN=Users,DC=myowndomain,DC=com';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = '<password>';
#-------------------------------------------------------------------------------------------#
#
Customerdata #
#-------------------------------------------------------------------------------------------#
$Self->{CustomerUser} = {
Name => 'Customer',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'ad.myowndomain.com',
BaseDN => 'OU=OTRS,DC=myowndomain,DC=com',
SSCOPE => 'sub',
UserDN => 'CN=queryotrs,CN=Users,DC=myowndomain,DC=com',
UserPw => '<password>',
AlwaysFilter => '(&(objectClass=user))',
},
CustomerKey => 'sAMAccountName',
#CustomerID => 'Customer',
CustomerID => 'company',
CustomerUserListFields => [ 'sAMAccountName','cn','mail','company'],
CustomerUserSearchFields => [ 'sAMAccountName','cn','mail','company'],
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
#['UserSalutation', 'Title', 'title', '1', '0', 'var'],
['UserFirstname', 'Firstname', 'givenname', '1', '1', 'var'],
['UserLastname', 'Lastname', 'sn', '1', '1', 'var'],
['UserLogin', 'Login', 'sAMAccountName', '1', '1', 'var'],
['UserEmail', 'Email', 'mail', '1', '1', 'var'],
['UserCustomerID', 'CustomerID', 'company', '0', '1', 'var'],
['UserPhone', 'Phone', 'telephonenumber', '1', '0', 'var'],
#['UserAddress', 'Address', 'postaladdress', '1', '0', 'var'],
#['UserComment', 'Comment', 'description', '1', '0', 'var'],
],
};
### --- Step 2: Authenticate vs. local OTRS DB --- ###
# Second backend, internal OTRS DB
$Self->{'Customer::AuthModule1'} = 'Kernel::System::Auth::DB';
$Self->{'Customer::AuthModule1::DB::CryptType1'} = 'crypt';
$Self->{CustomerUser1} = {
Name => 'Customer Database',
Module => 'Kernel::System::CustomerUser::DB',
Params => {
Table => 'customer_user',
},
# customer unique id
CustomerKey => 'customer_id',
# customer #
CustomerID => 'customer_id',
CustomerValid => 'valid_id',
CustomerUserListFields => ['first_name', 'last_name', 'email'],
CustomerUserSearchFields => ['login', 'last_name', 'customer_id'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserPostMasterSearchFields => ['email'],
CustomerUserNameFields => ['title','first_name','last_name'],
CustomerUserEmailUniqCheck => 1,
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown (1=always,2=lite), required,
storage-type, http-link, readonly, http-link-target
[ 'UserTitle', 'Title', 'title', 1, 0, 'var',
'', 0 ],
[ 'UserFirstname', 'Firstname', 'first_name', 1, 1, 'var',
'', 0 ],
[ 'UserLastname', 'Lastname', 'last_name', 1, 1, 'var',
'', 0 ],
[ 'UserLogin', 'Username', 'login', 1, 1, 'var',
'', 0 ],
[ 'UserPassword', 'Password', 'pw', 0, 0, 'var',
'', 0 ],
[ 'UserEmail', 'Email', 'email', 1, 1, 'var',
'', 0 ],
[ 'UserCustomerID', 'CustomerID', 'customer_id', 0, 1, 'var',
'', 0 ],
[ 'UserPhone', 'Phone', 'phone', 1, 0, 'var',
'', 0 ],
[ 'UserFax', 'Fax', 'fax', 1, 0, 'var',
'', 0 ],
[ 'UserMobile', 'Mobile', 'mobile', 1, 0, 'var',
'', 0 ],
[ 'UserStreet', 'Street', 'street', 1, 0, 'var',
'', 0 ],
[ 'UserZip', 'Zip', 'zip', 1, 0, 'var',
'', 0 ],
[ 'UserCity', 'City', 'city', 1, 0, 'var',
'', 0 ],
[ 'UserCountry', 'Country', 'country', 1, 0, 'var',
'', 0 ],
[ 'UserComment', 'Comment', 'comments', 1, 0, 'var',
'', 0 ],
[ 'ValidID', 'Valid', 'valid_id', 0, 1, 'int',
'', 0 ],
],
# default selections
Selections => {
UserTitle => {
'Mr.' => 'Mr.',
'Mrs.' => 'Mrs.',
},
},
};
Thanks,
Bene
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/mailman/listinfo/otrs
