Hi Stephan, > When switching the positions in the Config.pm having DB at the end, the DB > Customer login works
This result gives the impression that whichever AuthModule is second in the config is overwriting settings from the first AuthModule. It might be worth comparing the 2 parts of the config side by side. Rory Support my 365 Challenge in aid of the Irish Cancer Society www.365challenge.ie 2009/8/26 savitra sirohi <[email protected]>: > Stephan, > > I think you need to make sure the configurations for ldap and db can > be identified uniquely, you could add a suffix to all lines, something > like this below. > > Thanks, > Savitra Sirohi > Nucsoft OSS Labs > http://www.osslabs.biz > > #Enable DB authentication for Customers / Users >> $Self->{'Customer::AuthModule1'} = 'Kernel::System::CustomerAuth::DB'; >> $Self->{'Customer::AuthModule::DB::Table1'} = 'customer_user'; >> $Self->{'Customer::AuthModule::DB::CustomerKey1'} = 'login'; >> $Self->{'Customer::AuthModule::DB::CustomerPassword1'} = 'pw'; >> >> #CustomerUser DB >> #(customer user ldap backend and settings) >> $Self->{CustomerUse1r} = { > > > For LDAP > >> #Enable LDAP authentication for Customers / Users >> $Self->{'Customer::AuthModule2'} = 'Kernel::System::CustomerAuth::LDAP'; >> $Self->{'Customer::AuthModule::LDAP::Host2'} = 'bockw2k8dc1.bock.lan'; >> $Self->{'Customer::AuthModule::LDAP::BaseDN2'} = 'ou= >> structur,dc=bock,dc=lan'; >> $Self->{'Customer::AuthModule::LDAP::UID2'} = 'sAMAccountName'; >> >> #The following is valid but would only be necessary if the >> #anonymous user do NOT have permission to read from the LDAP tree >> $Self->{'Customer::AuthModule::LDAP::SearchUserDN2'} = 'domain\user'; >> $Self->{'Customer::AuthModule::LDAP::SearchUserPw2'} = 'password'; >> >> #CustomerUser1 LDAP >> #(customer user ldap backend and settings) >> $Self->{CustomerUser2} = { > > > > > On 8/26/09, Stephan Lang <[email protected]> wrote: >> Hi, >> >> That's what I'm having in the Config.pm for testing: >> >> # ---------------------------------------------------- # >> # Config for Costumer DB Backend and Auth SL 240809 # >> # ---------------------------------------------------- # >> >> #Enable DB authentication for Customers / Users >> $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::DB'; >> $Self->{'Customer::AuthModule::DB::Table'} = 'customer_user'; >> $Self->{'Customer::AuthModule::DB::CustomerKey'} = 'login'; >> $Self->{'Customer::AuthModule::DB::CustomerPassword'} = 'pw'; >> >> #CustomerUser DB >> #(customer user ldap backend and settings) >> $Self->{CustomerUser} = { >> Name => 'Datenbank', >> Module => 'Kernel::System::CustomerUser::DB', >> Params => { >> Table => 'customer_user', >> }, >> >> # customer unique id >> CustomerKey => 'login', >> # customer # >> CustomerID => 'customer_id', >> CustomerValid => 'valid_id', >> CustomerUserListFields => ['first_name', 'last_name', 'email'], >> CustomerUserSearchFields => ['login', 'first_name', 'last_name', >> 'email'], >> CustomerUserSearchPrefix => '', >> CustomerUserSearchSuffix => '*', >> CustomerUserSearchListLimit => 250, >> CustomerUserPostMasterSearchFields => ['email'], >> CustomerUserNameFields => ['first_name', 'last_name'], >> CustomerUserEmailUniqCheck => 1, >> Map => [ >> # note: Login, Email and CustomerID needed! >> # var, frontend, storage, shown (1=always,2=lite), required, >> storage-type, http-127 >> [ 'UserSalutation', 'Salutation', 'salutation', 1, 0, 'var', '', 0 ], >> [ 'UserFirstname', 'Firstname', 'first_name', 1, 1, 'var', '', 0 ], >> [ 'UserLastname', 'Lastname', 'last_name', 1, 1, 'var', '', 0 ], >> [ 'UserLogin', 'Username', 'login', 1, 1, 'var', '', 0 ], >> [ 'UserPassword', 'Password', 'pw', 0, 1, 'var', '', 0 ], >> [ 'UserEmail', 'Email', 'email', 0, 1, 'var', '', 0 ], >> # [ 'UserEmail', 'Email', 'email', 1, 1, >> # >> 'var','$Env{"CGIHandle"}?Action=AgentTicketCompose&ResponseID=1&TicketID=$Data{"[ >> 'UserCustomerID', 'CustomerID', 'customer_id', 0, 1, 'var', '', 0 ], >> # [ 'UserCustomerIDs', 'CustomerIDs', 'customer_ids', 1, 0, 'var', >> '', 0 ], >> [ 'UserComment', 'Comment', 'comments', 1, 0, 'var', '', 0 ], >> [ 'ValidID', 'Valid', 'valid_id', 0, 1, 'int', '', 0 ], >> ], >> }; >> >> >> # ---------------------------------------------------- # >> # Config for Costumer LDAP Backend and Auth SL 160809 # >> # ---------------------------------------------------- # >> >> #Enable LDAP authentication for Customers / Users >> $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; >> $Self->{'Customer::AuthModule::LDAP::Host'} = 'bockw2k8dc1.bock.lan'; >> $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou= >> structur,dc=bock,dc=lan'; >> $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName'; >> >> #The following is valid but would only be necessary if the >> #anonymous user do NOT have permission to read from the LDAP tree >> $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'domain\user'; >> $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'password'; >> >> #CustomerUser1 LDAP >> #(customer user ldap backend and settings) >> $Self->{CustomerUser1} = { >> Name => 'BOCK.LAN', >> Module => 'Kernel::System::CustomerUser::LDAP', >> Params => { >> Host => 'bockw2k8dc1.bock.lan', >> BaseDN => 'OU= structur,DC=bock,DC=lan', >> SSCOPE => 'sub', >> UserDN =>'domain\user', >> UserPw => 'password', >> SourceCharset => 'utf-8', >> DestCharset => 'utf-8', >> Params => { >> port => 389, >> timeout => 120, >> async => 0, >> version => 3, >> }, >> }, >> >> # customer unique id >> CustomerKey => 'sAMAccountName', >> # customer # >> CustomerID => 'mail', >> CustomerUserListFields => ['cn', 'mail'], >> CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'], >> CustomerUserSearchPrefix => '', >> CustomerUserSearchSuffix => '*', >> CustomerUserSearchListLimit => 250, >> CustomerUserPostMasterSearchFields => ['mail'], >> CustomerUserNameFields => ['cn'], >> Map => [ >> # note: Login, Email and CustomerID needed! >> # var, frontend, storage, shown, required, storage-type >> #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ], >> [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ], >> [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ], >> [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ], >> [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ], >> [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ], >> [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ], >> #[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ], >> #[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ], >> ], >> }; >> >> >> >> I'm using CustomerUser and CustomerUser1, when using CustomerUser1 and >> CustomerUser2 I'm having 3 backends, probably the CustomerUser default. >> With that Config the LDAP Auth works but not the DB Auth and in the Agent >> Login -> Customers I can view the LDAP and edit the DB Customers. >> When switching the positions in the Config.pm having DB at the end, the DB >> Customer login works, probably because the $Self->{'Customer::AuthModule'} = >> 'Kernel::System::CustomerAuth::DB'; is the last entry. >> >> My guess is that I have to integrate $Self->{'Customer::AuthModule'} = >> 'Kernel::System::CustomerAuth::DB'; into $Self->{CustomerUser1} but how? >> >> >> Mit freundlichen Gruessen >> >> i.A. Stephan Lang >> Systembetreuung >> >> Tel.: +49 9180 189-276 >> Fax.: +49 9180 189-55276 >> E-Mail: [email protected] >> Internet: http://www.bockonline.de >> >> -----Original Message----- >> From: [email protected] [mailto:[email protected]] On Behalf Of >> savitra sirohi >> Sent: Mittwoch, 26. August 2009 05:54 >> To: User questions and discussions about OTRS. >> Subject: Re: [otrs] Using LDAP and DB Customer Backend and Authentification >> >> Stephen, >> >> You need to have a separate block (CustomerUser2) for the database auth. Do >> you have that? >> >> Thanks, >> Savitra Sirohi >> Nucsoft OSS Labs >> http://www.osslabs.biz >> >> On 8/26/09, Stephan Lang <[email protected]> wrote: >>> Hi @all, >>> >>> >>> >>> I'm trying to use LDAP and MySQL DB as customer Backend and to >>> authenticate the user. >>> >>> I've added LDAP config as CustomerUser1 and $Self->{'AuthModule'} = >>> 'Kernel::System::Auth::LDAP'; and all the required settings. >>> >>> Customer Login via LDAP works perfect, but a DB Customer can't login. >>> >>> Error message reads: >>> >>> CustomerUser: [email protected] authentification failed, no >>> LDAP entry found!BaseDN='ou=structur,dc=bock,dc=lan', >>> Filter='([email protected])', (REMOTE_ADDR: >>> 192.168.24.33). >>> >>> But the Customer exists in the DB, and I can edit the DB Customers and >>> view the LDAP Customers as well. >>> >>> >>> >>> I've already found an article (in German): >>> http://www.otrs-forum.de/viewtopic.php?f=15&t=641 >>> >>> It describes changes in /opt/otrs/Kernel/System/CustomerAuth.pm >>> required to switch from one AuthModule to the other but the article is >>> from 2006 and the file provided is very different from the version in >>> the current OTRS Version and my perl knowledge is mostly none existing. >>> >>> Maybe someone has a similar configuration working and can point out >>> the necessary changes or provide a config file? >>> >>> >>> >>> >>> >>> Regards >>> >>> Stephan Lang >>> System administrator >>> >>> OTRS: 2.4.3 (rpm) >>> >>> OS: openSUSE 10.3 without X >>> >>> DB: MySQL 5.0.45 >>> >>> >>> >>> ---------------------------------------------------------------------- >>> -- >>> Bock 1 GmbH & Co. KG >>> An der Heide 17 >>> 92353 Postbauer-Heng >>> >>> Sitz: Postbauer-Heng >>> Amtsgericht Nuernberg, HRA 11 240 >>> pers. haft. Geschaeftsfuehrer: Hermann Bock Bock 1 Verwaltungs GmbH >>> Sitz: Postbauer-Heng >>> Amtsgericht Nuernberg, HRB 93 10 >>> Geschaeftsfuehrer: Harald Meyer, Klaus Stepper >>> >>> Diese E-Mail enthaelt moeglicherweise vertrauliche und/oder rechtlich >>> geschuetzte Informationen. Wenn Sie nicht der richtige Adressat sind >>> oder diese E-Mail irrtuemlich erhalten haben, informieren Sie bitte >>> sofort den Absender und vernichten Sie diese E-Mail. Das unerlaubte >>> Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist nicht gestattet. >>> >>> This email may contain confidential and/or privileged information. If >>> you are not the intended recipient (or have received this email in >>> error) please notify the sender immediately and destroy this email. >>> Any unauthorized copying, disclosure or distribution of the material >>> in this email is strictly forbidden. >>> >>> >> --------------------------------------------------------------------- >> OTRS mailing list: otrs - Webpage: http://otrs.org/ >> Archive: http://lists.otrs.org/pipermail/otrs >> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs >> >> NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! >> http://www.otrs.com/en/support/enterprise-subscription/ >> >> >> Click >> https://www.mailcontrol.com/sr/6AcFd9pqwD3TndxI!oX7Uj+Zd8hgYGYDU1Cf089ToDJmJaXwNzp+SZcAYUetVfOoq9ApH41y+VajfskgLULbMA== >> to report this email as spam. >> ------------------------------------------------------------------------ >> Bock 1 GmbH & Co. KG >> An der Heide 17 >> 92353 Postbauer-Heng >> >> Sitz: Postbauer-Heng >> Amtsgericht Nuernberg, HRA 11 240 >> pers. haft. Geschaeftsfuehrer: Hermann Bock >> Bock 1 Verwaltungs GmbH >> Sitz: Postbauer-Heng >> Amtsgericht Nuernberg, HRB 93 10 >> Geschaeftsfuehrer: Harald Meyer, Klaus Stepper >> >> Diese E-Mail enthaelt moeglicherweise vertrauliche und/oder rechtlich >> geschuetzte Informationen. Wenn Sie nicht der richtige Adressat sind oder >> diese E-Mail irrtuemlich erhalten haben, informieren Sie bitte sofort den >> Absender und vernichten Sie diese E-Mail. Das unerlaubte Kopieren sowie die >> unbefugte Weitergabe dieser E-Mail ist nicht gestattet. >> >> This email may contain confidential and/or privileged information. If you >> are not the intended recipient (or have received this email in error) please >> notify the sender immediately and destroy this email. Any unauthorized >> copying, disclosure or distribution of the material in this email is >> strictly forbidden. >> >> --------------------------------------------------------------------- >> OTRS mailing list: otrs - Webpage: http://otrs.org/ >> Archive: http://lists.otrs.org/pipermail/otrs >> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs >> >> NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! >> http://www.otrs.com/en/support/enterprise-subscription/ >> > --------------------------------------------------------------------- > OTRS mailing list: otrs - Webpage: http://otrs.org/ > Archive: http://lists.otrs.org/pipermail/otrs > To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs > > NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! > http://www.otrs.com/en/support/enterprise-subscription/ > --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
