Hi Leonid, You're absolutely right with your analysis. Currently, if you're using SSO, OTRS will expect that the user is already available. If you're not using SSO, but LDAP Authentication instead, OTRS can pull in the user data from LDAP on request. Unfortunately, with SSO, OTRS does not do this at the moment.
You can run otrs/scripts/tools/sync-ldap2db.pl via a cron job or so to make sure user data is available if the user connects. hth, -- Michiel Beijen R&D Follow me on Twitter: @otrsnl [https://twitter.com/otrsnl] OTRS AG Norsk-Data-Str 1. 61352 Bad Homburg Germany T: +31 (0) 6457 42418 F: +49 (0) 9421 56818-18 I: http://www.otrs.com/ Business location: Bad Homburg, Country Court: Bad Homburg, HRB 10751, VAT ID: DE256610065 Chairman: Burchard Steinbild, Managing Board: André Mindermann CU@ CeBIT 2010 in Hannover (Germany) and get to know more about OTRS at booth no. C37, in hall 2 from March 2-6, 2010! http://bit.ly/4qLvqm On Fri, Feb 12, 2010 at 12:25 PM, Leonid Korokh <l.kor...@aladdin.ru> wrote: > > Hi All, > > > > My goal is to authenticate agents using integrated windows authentication and > use database backend to store their accounts (group membership and so on). > We cannot use passwords as we use smartcards to authenticate in windows > domain. > > > > I’ve deployed clean OTRS 2.4.7 setup under IIS and MSSQL. All settings in > Config.pm are defaults except that are needed to use MSSQL. I’ve created user > in database (let’s say qqq) which is member of admin and users groups. After > that I’ve added these two strings into Config.pm: > > $Self->{'AuthModule'} = 'Kernel::System::Auth::HTTPBasicAuth'; > > $Self->{'AuthModule::HTTPBasicAuth::Replace'} = ‘DOMAIN\\'; > > > > Next I set IIS to use integrated windows authentication, so REMOTE_USER > environment variable will be set to the user who is authenticated by IIS, for > example DOMAIN\qqq. As I understand architecture of OTRS it is allowed to do > this way. > > But when I try to enter agent’s interface I got these errors: > > Message: Need UserLogin or UserID! > > Traceback (3364): > > Module: Kernel::System::User::UserLookup (v1.94) Line: 668 > > Module: Kernel::System::Auth::Auth (v1.42) Line: 261 > > Module: Kernel::System::Web::InterfaceAgent::Run (v1.43.2.1) Line: 192 > > Module: c:\inetpub\wwwroot\bin\cgi-bin\index.pl (v1.88) Line: 48 > > > > Digging into source code I’ve found that Atuh.pm expects that $Param{User} > variable should be set somewhere before the call of UserLookup at line 261. > If I add Param{User}=$User at line 260 everything is working well. > > > > So, is it a bug, or I do something wrong? > > > > TIA > > --------------------------------------------------- > > Leonid S. Korokh > > CIO > > Aladdin Software Security R.D. > > > > Phone: +7 (495) 223-0001 (30 lines) > > Phone: +7 (495) 988-4640 > > Fax: +7 (495) 646-0882 > > E-mail: l.kor...@aladdin.ru > > Web: www.aladdin.ru > > > > --------------------------------------------------------------------- > OTRS mailing list: dev - Webpage: http://otrs.org/ > Archive: http://lists.otrs.org/pipermail/dev > To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/dev > > NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! > http://www.otrs.com/en/support/enterprise-subscription/ --------------------------------------------------------------------- OTRS mailing list: dev - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/dev To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/dev NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/