Hi, Thanks for the pointers Michael. I've set up the sync and it will authenticate properly now. The docs cleared up my questions about the sync and how it works.
The only issue I'm having is that not all users have their e-mail address included in their AD account. We use Novell Groupwise so the e-mail address field is pretty much ignored in AD. There's not really much way around it I guess. An Agents e-mail address is an essential part of otrs for notifications, etc. As this is going to be a largely internal system I guess I can set up ldap customer access through the same AD. If I do that will I still be able to create customers who are not in AD, only in the otrs DB? I intend this to be an internal IT support tool but we will probably use it to manage external issues with third party suppliers who obviously won't be in our AD. Thanks for the help so far, Rory Support my 365 Challenge in aid of the Irish Cancer Society www.365challenge.ie 2009/7/29 Michiel Beijen <mich...@beefreeit.nl>: > Hi Rory, > > You can let the system do the syncing for you. Use 'UserSyncLDAPMap'. > Here some pointers: > > * The manual; look under 'agent data sync': > http://doc.otrs.org/2.4/en/html/x1885.html#configuration-agent-auth-backend-ldap > > * A mail with a complete and working configuration. The poster initially > thinks he has an issue with his setup; turns out only the email address is > missing in AD. > http://www.mail-archive.com/otrs@otrs.org/msg25974.html > > Let us know if this helps you. > > Regards, > -- > Michiel Beijen > Software Consultant > +31 6 - 457 42 418 > Bee Free IT + http://beefreeit.nl > > > On Wed, Jul 29, 2009 at 14:56, Rory <rcler...@gmail.com> wrote: >> >> Hi, >> >> I've gotten otrs up and running (on IIS6 with mysql 5.1 and Activeperl >> 5.10). >> I've attempted to set up ldap authentication with Active Directory for >> Agent users. The config seems to have gone reasonably well except for >> this error I get when I try to log in; >> >> Panic, user authenticated but no user data can be found in OTRS DB!! >> Perhaps the user is invalid >> >> Do I need to sync my AD to the OTRS DB? >> I think I read the how-to doc for that somewhere. >> >> The otrs.log file gives the following; >> >> ================= >> [Wed Jul 29 13:16:50 2009][Notice][Kernel::System::Auth::LDAP::Auth] >> User: roryc (CN=Rory >> Clerkin,OU=Users,OU=IT,OU=Departments,DC=<domain>,DC=com) >> authentication ok (REMOTE_ADDR: <IP_Address>). >> [Wed Jul 29 13:16:50 >> 2009][Error][Kernel::System::User::UserLookup][680] No UserID found >> for 'roryc'! >> [Wed Jul 29 13:16:50 >> 2009][Error][Kernel::System::User::UserLookup][680] No UserID found >> for 'roryc'! >> [Wed Jul 29 13:16:50 2009][Notice][Kernel::System::User::GetUserData] >> Panic! No UserData for user: 'roryc'!!! >> ================= >> >> And the otrs.log.error gives the following; >> >> ================= >> ERROR: OTRS-CGI-63 Perl: 5.10.0 OS: MSWin32 Time: Wed Jul 29 13:16:50 2009 >> >> Message: No UserID found for 'roryc'! >> >> Traceback (5476): >> Module: Kernel::System::User::UserLookup (v1.93) Line: 680 >> Module: Kernel::System::Auth::Auth (v1.41) Line: 196 >> Module: Kernel::System::Web::InterfaceAgent::Run (v1.43) Line: 192 >> Module: F:\wwwroot\otrs-2.4.1\bin\cgi-bin\index.pl (v1.88) Line: 49 >> >> ERROR: OTRS-CGI-63 Perl: 5.10.0 OS: MSWin32 Time: Wed Jul 29 13:16:50 2009 >> >> Message: No UserID found for 'roryc'! >> >> Traceback (5476): >> Module: Kernel::System::User::UserLookup (v1.93) Line: 680 >> Module: Kernel::System::Auth::Auth (v1.41) Line: 258 >> Module: Kernel::System::Web::InterfaceAgent::Run (v1.43) Line: 192 >> Module: F:\wwwroot\otrs-2.4.1\bin\cgi-bin\index.pl (v1.88) Line: 49 >> ================== >> >> I was able to create a user for ldap lookups in the otrs DB before I >> added the ldap auth config and this user exists in AD using the same >> credentials. >> With this user I can log into the system as they're in both AD and the >> OTRS DB it seems. >> >> So do I have to sync AD to the otrs DB? It would seem kinda strange if >> I did. I think that pretty much defeats the purpose of having an ldap >> login because I've no longer got a central point of administration. >> What would happen if I added a new user to AD? >> >> Any help would be hugely appreciated, >> >> Rory Clerkin >> >> Support my 365 Challenge in aid of the Irish Cancer Society >> >> www.365challenge.ie >> --------------------------------------------------------------------- >> OTRS mailing list: otrs - Webpage: http://otrs.org/ >> Archive: http://lists.otrs.org/pipermail/otrs >> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs >> >> NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! >> http://www.otrs.com/en/support/enterprise-subscription/ > > > --------------------------------------------------------------------- > OTRS mailing list: otrs - Webpage: http://otrs.org/ > Archive: http://lists.otrs.org/pipermail/otrs > To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs > > NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! > http://www.otrs.com/en/support/enterprise-subscription/ > --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
