Re: [otrs] AD Synch

Sune T. Tougaard Thu, 04 Feb 2010 16:02:33 -0800

If this by any chance is for the customer part (it's a big install if you
have 3000 agents, I think), perhaps the following may be helpful.
 
By "No user data" it could mean that some info that is required in the OTRS
DB is not available in the AD/LDAP lookup. So one thing to check, I guess,
would be if the AD is populated with the needed data.
In my setup I think that the only parts "required" for the customer part are
Login, Email and CustomerID.
 
In my Customer Authentication part of the config, I have those fields mapped
as follows:
 
# 'var', 'frontend', 'storage', shown, required, 'storage-type'
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
 
So, in my AD, if I have empty "sAMAccountName" or "mail" fields, I would get
the "No user data" error when logging in.
Also, I believe that the UID must be set to "sAMAccountName", the default is
UPN as far as I recall.
 
Your otrs log may give your hints to what may be missing or going wrong.
Perhaps you could show us the authen part of your config, that could help.
 
It's been a while since I was last deep in otrs, so I may be using an older
version. Dunno if all this applies to yours.
I may also be totally off track, it was setup years ago.
 
-- 
/Sune T.
 
From: otrs-boun...@otrs.org [mailto:otrs-boun...@otrs.org] On Behalf Of
David Holder
Sent: 05 February 2010 00:16
To: User questions and discussions about OTRS.
Subject: Re: [otrs] AD Synch
 
Hi Troy,


AFAIK agents are authenticated against OTRS's database, but the information
for those accounts is first probed in the LDAP directory. If you're getting
a "panic no user data!" when logging in as a agent, the information isn't
being synced to OTRS's database. Have you implemented the following code:
    # agent data sync against ldap
    $Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
    $Self->{'AuthSyncModule::LDAP::Host <LDAP::Host> '} =
'ldap://ldap.example.com/ <ldap://ldap.example.com/> ';
    $Self->{'AuthSyncModule::LDAP::BaseDN <LDAP::BaseDN> '} = 'dc=otrs,
dc=org';
    $Self->{'AuthSyncModule::LDAP::UID <LDAP::UID> '} = 'uid';
    $Self->{'AuthSyncModule::LDAP::SearchUserDN <LDAP::SearchUserDN> '} =
'uid=sys, ou=user, dc=otrs, dc=org';
    $Self->{'AuthSyncModule::LDAP::SearchUserPw <LDAP::SearchUserPw> '} =
'some_pass';
    $Self->{'AuthSyncModule::LDAP::UserSyncMap <LDAP::UserSyncMap> '} = {
        # DB -> LDAP
        UserFirstname => 'givenName',
        UserLastname  => 'sn',
        UserEmail     => 'mail',
    };
    [...]
 
    # AuthSyncModule::LDAP::UserSyncInitialGroups
<LDAP::UserSyncInitialGroups> 
    # (sync following group with rw permission after initial create of first
agent
    # login)
    $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups
<LDAP::UserSyncInitialGroups> '} = [
        'users',
    ];
 
If you haven't implemented the above, do so and let us know how you get on.
If you get compeltely stuck I can send you a blank config from my current
OTRS setup, which I have e-mailed to several people already to help them
resolve their AD sync/access issues.

Regards,

David


Troy Shafer wrote: 
I have searched and searched but can't seem to find the answer. 

So i setup the Config.pm to use AD authentication.. then of course i got the
Panic! No user data! error.  We have over 3,000 employees.  I'm not going to
sit here and create an account for each of them.  I do have it searching AD
successfully and autheniticating against AD. 

I've seen examples of user synchronization on the web and everytime i try
those code in the config file and restart apache i can't login to otrs with
an AD account or r...@localhost.

Essentially i'm looking for the code that will allow authentication against
AD without the user needing to be in the otrs db... or..

When authenticated against AD the user is automatically created in the OTRS
DB..

or some variation that doesn't need me to create 3000 accounts by hand. 
 
-Troy 
 



 





  _____  



 
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/ <http://otrs.org/> 
Archive: http://lists.otrs.org/pipermail/otrs
<http://lists.otrs.org/pipermail/otrs> 
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
<http://lists.otrs.org/cgi-bin/listinfo/otrs> 
 
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/
<http://www.otrs.com/en/support/enterprise-subscription/>

---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/

Re: [otrs] AD Synch

Reply via email to