@Alvaro: Martin already is able to authenticate, so changing SysConfig for this will not be helpful.
On Wed, Mar 20, 2013 at 10:22 AM, Alvaro Cordero <alv...@gridshield.net>wrote: > Hello Marting, > > Have you also check CustomerAuth option in Sysconfig. You need to > configure both place (Config.pm) and Sysconfig options so the customers can > loging and get into OTRS. > > The option FrontEnd::Customer::Auth is what I am talking about. > > > 2013/3/19 Marty Hillman <mhill...@equuscs.com> > >> My Config.pm appears to be configured correctly, but it does not work. I >> have looked at the articles in your links along with dozens of others. All >> of them have the exact same configuration as what I posted in my initial >> email unless there is a character somewhere I am missing. I copied and >> pasted the configurations changing my DN, CN, OU, DC in accordance with my >> AD structure. It is obviously authenticating, so I am fairly certain I did >> it right. The sAMAccountName and mail settings have been changed various >> times to try to get it working. Until just before I posted my message, >> they were both set to ‘mail’.**** >> >> ** ** >> >> One user wrote that the Customer::Auth page needed to be modified in >> SysConfig. http://deckerix.com/blog/configura-tu-otrs-con-soporte-ldap/ >> I did this as well and verified the settings in ZZZauto.pm.**** >> >> ** ** >> >> From how I read your email (“OTRS will not populate your customer_user >> database”), I am going to have to hand enter 500 user accounts for the >> potential employees that can enter tickets or they will not be able to use >> the system. If I understand you correctly, that is a project killer.** >> ** >> >> ** ** >> >> If the system can create the agent accounts based on settings in the >> Config.pm file, why would it not be able to do so with customers?**** >> >> ** ** >> >> *From:* otrs-boun...@otrs.org [mailto:otrs-boun...@otrs.org] *On Behalf >> Of *Leonardo Certuche >> *Sent:* Tuesday, March 19, 2013 2:03 PM >> *To:* User questions and discussions about OTRS. >> *Subject:* Re: [otrs] "Authentication succeeded, but no customer record >> is found in the customer backend. Please contact your administrator."**** >> >> ** ** >> >> Hello Marty,**** >> >> ** ** >> >> OTRS will not populate your customer_user database once integrated with >> an LDAP/AD. It will check if the user exists on 'CN=OTRS >> Dev,OU=level2,OU=level1,DC=domain,DC=com' and then it will confirm the >> password. If it matches, it will let the customer log in.**** >> >> ** ** >> >> What you are facing probably has to do with the fact that first you >> associate CustomerID with one thing:**** >> >> ** ** >> >> CustomerID => 'sAMAccountName',**** >> >> ** ** >> >> And then you map it with another:**** >> >> ** ** >> >> [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],**** >> >> ** ** >> >> Have you tried the following entries?**** >> >> ** ** >> >> >> https://www.google.com.co/search?q=site%3Aforums.otterhub.org+%22Authentication+succeeded%22 >> **** >> >> >> **** >> >> Leonardo Certuche >> www.itconsultores.com.co >> Medellín, Colombia**** >> >> ** ** >> >> On 19 March 2013 13:41, Marty Hillman <mhill...@equuscs.com> wrote:**** >> >> I have Googled and screwed around with Config.pm for hours. The >> configuration is creating agents in the database appropriately, but it is >> not creating users in the customer database. I am using this as in >> internal system only, so there is no outside access. I want any user to be >> able to use their AD credentials to log on. If there is not an account in >> OTRS, it should create one for them. **** >> >> **** >> >> Anyone have any thoughts on what I am overlooking? Here is my >> /opt/otrs/Kernel/Config.pm. I copied and pasted from several Google >> results and modified for my own information. It does validate the password >> is correct for the customer, but does not add them to the database if they >> don’t exist.**** >> >> **** >> >> # ---------------------------------------------------- #**** >> >> # >> http://wiki.otterhub.org/index.php?title=Using_OTRS_with_Active_Directory_as_a_source_for_agents# >> **** >> >> # ---------------------------------------------------- #**** >> >> **** >> >> # This is an example configuration for using an MS AD backend**** >> >> $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';**** >> >> $Self->{'AuthModule::LDAP::Host'} = '172.16.10.21';**** >> >> $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=domain,dc=com';**** >> >> $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';**** >> >> **** >> >> # Check if the user is allowed to auth in a posixGroup**** >> >> # (e. g. user needs to be in a group OTRS_Agents to use otrs)**** >> >> $Self->{'AuthModule::LDAP::GroupDN'} = >> 'CN=Corp_Admin_MIS,OU=level2,OU=level1,DC=domain,DC=com';**** >> >> $Self->{'AuthModule::LDAP::AccessAttr'} = 'member';**** >> >> $Self->{'AuthModule::LDAP::UserAttr'} = 'DN';**** >> >> **** >> >> # Bind credentials to log into AD**** >> >> $Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=OTRS >> Dev,OU=level2,OU=level1,DC=domain,DC=com';**** >> >> $Self->{'AuthModule::LDAP::SearchUserPw'} = 'password';**** >> >> **** >> >> # in case you want to add always one filter to each ldap query, use** >> ** >> >> # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => >> '(objectclass=user)'**** >> >> $Self->{'AuthModule::LDAP::AlwaysFilter'} = '';**** >> >> **** >> >> # in case you want to add a suffix to each login name, then**** >> >> # you can use this option. e. g. user just want to use user but**** >> >> # in your ldap directory exists user@domain.**** >> >> #$Self->{'AuthModule::LDAP::UserSuffix'} = '';**** >> >> **** >> >> # Net::LDAP new params (if needed - for more info see perldoc >> Net::LDAP)**** >> >> $Self->{'AuthModule::LDAP::Params'} = {**** >> >> port => 389,**** >> >> timeout => 120,**** >> >> async => 0,**** >> >> version => 3,**** >> >> };**** >> >> **** >> >> # Now sync data with OTRS DB**** >> >> $Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';**** >> >> $Self->{'AuthSyncModule::LDAP::Host'} = '172.16.10.21';**** >> >> $Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=domain, dc=com';**** >> >> $Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';**** >> >> $Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'CN=OTRS >> Dev,OU=level2,OU=level1,DC=domain,DC=com';**** >> >> $Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'password';**** >> >> **** >> >> $Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {**** >> >> # DB -> LDAP**** >> >> UserFirstname => 'givenName',**** >> >> UserLastname => 'sn',**** >> >> UserEmail => 'mail',**** >> >> };**** >> >> **** >> >> # AuthSyncModule::LDAP::UserSyncInitialGroups**** >> >> # (sync following group with rw permission after initial create of >> first agent**** >> >> # login)**** >> >> $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [**** >> >> 'users',**** >> >> ];**** >> >> **** >> >> # ---------------------------------------------------- #**** >> >> # Customer authentication section #**** >> >> # ---------------------------------------------------- #**** >> >> **** >> >> $Self->{'SecureMode'} = '1';**** >> >> # The name to be used for this server when constructing URLs in >> email**** >> >> $Self-> {'FQDN'} = 'otrsdev.domain.com';**** >> >> **** >> >> #Enable LDAP authentication for Customers / Users**** >> >> $Self->{'Customer::AuthModule'} = >> 'Kernel::System::CustomerAuth::LDAP';**** >> >> $Self->{'Customer::AuthModule::LDAP::Host'} = '172.16.10.21';**** >> >> $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'DC=domain,DC=com';** >> ** >> >> $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';**** >> >> $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN';**** >> >> $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'CN=OTRS >> Dev,OU=level2,OU=level1,DC=domain,DC=com';**** >> >> $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'password';**** >> >> $Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = >> '(objectclass=user)';**** >> >> $Self->{'Customer::AuthModule::LDAP::UserSuffix'} = '';**** >> >> # $Self->{'AuthModule::LDAP::Die'} = 1;**** >> >> **** >> >> #CustomerUser**** >> >> #(customer user database backend and settings)**** >> >> $Self->{CustomerUser} = {**** >> >> Module => 'Kernel::System::CustomerUser::LDAP',**** >> >> Params => {**** >> >> Host => '172.16.10.21',**** >> >> BaseDN => 'DC=domain,DC=com',**** >> >> async => 0,**** >> >> port => 389,**** >> >> sscope => 'sub',**** >> >> timeout => 120,**** >> >> version => 3,**** >> >> UserDN => 'CN=OTRS Dev,OU=level2,OU=level1,DC=domain,DC=com'; >> **** >> >> UserPw => 'password',**** >> >> },**** >> >> **** >> >> # Unique customer key/id**** >> >> CustomerKey => 'sAMAccountName',**** >> >> CustomerID => 'sAMAccountName',**** >> >> CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],**** >> >> CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],**** >> >> CustomerUserSearchPrefix => '',**** >> >> CustomerUserSearchSuffix => '*',**** >> >> CustomerUserSearchListLimit => 250,**** >> >> CustomerUserPostMasterSearchFields => ['mail'],**** >> >> CustomerUserNameFields => ['givenname', 'sn'],**** >> >> Map => [**** >> >> # note: Login, Email and CustomerID needed!**** >> >> # var, frontend, storage, shown, required, storage-type**** >> >> #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],**** >> >> [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],** >> ** >> >> [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],**** >> >> [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],**** >> >> [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],**** >> >> [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],**** >> >> [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],**** >> >> #[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],* >> *** >> >> #[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],*** >> * >> >> ],**** >> >> };**** >> >> **** >> >> **** >> >> # ---------------------------------------------------- #**** >> >> **** >> >> >> --------------------------------------------------------------------- >> OTRS mailing list: otrs - Webpage: http://otrs.org/ >> Archive: http://lists.otrs.org/pipermail/otrs >> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs**** >> >> ** ** >> >> --------------------------------------------------------------------- >> OTRS mailing list: otrs - Webpage: http://otrs.org/ >> Archive: http://lists.otrs.org/pipermail/otrs >> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs >> > > > > -- > ___________________________ > Alvaro Cordero Retana > Consultor de Tecnologias > Gridshield Monitoreo de Redes e > Infraestructura. > 2258-5757 ext 123 > alv...@gridshield.net > www.gridshield.net > > --------------------------------------------------------------------- > OTRS mailing list: otrs - Webpage: http://otrs.org/ > Archive: http://lists.otrs.org/pipermail/otrs > To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs >
--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
