To clarify, I've tried both with and without the domain suffix, using both UPN and sAMAccountname (with and without the default domain suffix option)
Same error message on all. To me, it looks like OTRS is successfully authenticating and pulling ldap info (otherwise it wouldn't populate the customers, and anonymous ldap queries are disabled) but is trying to authenticate customers to the local DB at the logon portal. -- --- Evan Spangler Systems Administrator TEK Fusion Global, Inc On Fri, 2017-06-30 at 17:24 -0400, Evan Spangler wrote: > [This sender failed our fraud detection checks and may not be who > they appear to be. Learn about spoofing at http://aka.ms/LearnAboutSp > oofing] > > Hi Roy, > > Thanks for looking at my config! I hadn't considered using the UPN > instead of the sAMAccountName. No luck, unfortunately. > > > The old and new installations are on two different VMs, and I used > the > same syntax and similar parameters with the exception of switching to > LDAPS instead of plaintext LDAP. I didn't have to specify the port > and > protocol in the Net::LDAP or hostname fields. Besides that, nothing > has > changed. They weren't rolled out to production yet so are/were stock > (besides this LDAP auth) with no tickets except for test tickets. > > I've switched sAMAccountname to userPrincipalName in the relevant > fields and commented out the appending UserSuffix line. > > The customer fields repopulated using the UPN as username and > customer > ID, but same error. > > Syslog: > > OTRS-CGI-10[3833]: > [Error][Kernel::System::User::UserLookup][Line:922]: > No UserID found for '[email protected]'! > OTRS-CGI-10[3832]: > [Error][Kernel::System::User::UserLookup][Line:922]: > No UserID found for 'test.user'! > > Apache error.log: > > ERROR: OTRS-CGI-10 Perl: 5.22.1 OS: linux Time: Fri Jun 30 17:20:15 > 2017 > > Message: No UserID found for '[email protected]'! > > RemoteAddress: 192.168.0.61 > RequestURI: /otrs/index.pl > > Traceback (3833): > Module: Kernel::System::User::UserLookup Line: 922 > Module: Kernel::System::Auth::Auth Line: 241 > Module: Kernel::System::Web::InterfaceAgent::Run Line: 226 > Module: > ModPerl::ROOT::ModPerl::Registry::usr_share_otrs_bin_cgi_2dbin_index_ > 2e > pl::handler Line: 40 > Module: (eval) (v1.99) Line: 207 > Module: ModPerl::RegistryCooker::run (v1.99) Line: 207 > Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 173 > Module: ModPerl::Registry::handler (v1.99) Line: 32 > > ERROR: OTRS-CGI-10 Perl: 5.22.1 OS: linux Time: Fri Jun 30 17:20:20 > 2017 > > Message: No UserID found for 'test.user'! > > RemoteAddress: 192.168.0.61 > RequestURI: /otrs/index.pl > > Traceback (3832): > Module: Kernel::System::User::UserLookup Line: 922 > Module: Kernel::System::Auth::Auth Line: 241 > Module: Kernel::System::Web::InterfaceAgent::Run Line: 226 > Module: > ModPerl::ROOT::ModPerl::Registry::usr_share_otrs_bin_cgi_2dbin_index_ > 2e > pl::handler Line: 40 > Module: (eval) (v1.99) Line: 207 > Module: ModPerl::RegistryCooker::run (v1.99) Line: 207 > Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 173 > Module: ModPerl::Registry::handler (v1.99) Line: 32 > > > Thanks! > > -- > --- > > Evan Spangler > Systems Administrator > > TEK Fusion Global, Inc > > > > > On Fri, 2017-06-30 at 22:27 +0200, Roy Kaldung wrote: > > > > Hi Evan, > > > > Is this the same config you’re using on your other system? > > > > > > > > > > > On Jun 30, 2017, at 9:08 PM, Evan Spangler <evan.spangler@tekfusi > > > on > > > inc.com> wrote: > > > > > > $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName'; > > > > > > $Self->{'Customer::AuthModule::LDAP::UserSuffix'} = '@domain.com' > > > ; > > Looks weird to me to add the domain to the sAMAccountName. AFAIK > > know > > sAMAccountName plus the domain is mostly the userPrincipalName. > > Did you tried it without the UserSuffix when the customer enter the > > sAMAccountName? > > > > - Roy > > > This e-mail may contain confidential or privileged information. This > communication and any attached documents may also contain data > subject to the International Traffic in Arms Regulations or U.S. > Export Administration Regulations and cannot be disseminated, > distributed or copied to foreign nationals, residing in the U.S. or > abroad, without the prior approval of the U.S. Department of State or > appropriate export licensing authority. If you are not the intended > recipient, please notify the sender immediately by return e-mail with > a copy to: [email protected] and delete this e-mail and all copies > and attachments. Opinions, conclusions and other information in this > message that do not relate to the official business of Tek Fusion > Global, Inc., shall be understood as neither given nor endorsed by > it. > --------------------------------------------------------------------- > OTRS mailing list: otrs - Webpage: http://otrs.org/ > Archive: http://lists.otrs.org/pipermail/otrs > To unsubscribe: http://lists.otrs.org/mailman/listinfo/otrs This e-mail may contain confidential or privileged information. This communication and any attached documents may also contain data subject to the International Traffic in Arms Regulations or U.S. Export Administration Regulations and cannot be disseminated, distributed or copied to foreign nationals, residing in the U.S. or abroad, without the prior approval of the U.S. Department of State or appropriate export licensing authority. If you are not the intended recipient, please notify the sender immediately by return e-mail with a copy to: [email protected] and delete this e-mail and all copies and attachments. Opinions, conclusions and other information in this message that do not relate to the official business of Tek Fusion Global, Inc., shall be understood as neither given nor endorsed by it. --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/mailman/listinfo/otrs
