Re: [otrs] Authentication succeeded, but no customer record is found in the customer backend. Please contact your administrator.
Hi all,
Does anyone have an idea about this?
Is it because of the CustomerID?
Met vriendelijke groet / Kind regards / Mit freundlichem Gruß,
Erik
From: Erik van Ast
Sent: maandag 26 mei 2014 16:40
To: 'otrs@otrs.org'
Subject: Authentication succeeded, but no customer record is found in the
customer backend. Please contact your administrator.
Hi all,
When trying to log in as a customer, I get the error Authentication succeeded,
but no customer record is found in the customer backend. Please contact your
administrator.. Authentication works good, but apparently the information from
Active Directory does not synchronize to OTRS... When I use a wrong password I
get the error Login failed! Your user name or password was entered
incorrectly, so authenticating works good... As soon as I get the error
mentioned earlier, I see the following error in the otrs.log
[Error][Kernel::System::CustomerUser::SetPreferences][587] No such user
'HaraldW'.
Agents have no problem logging in, so I think I won't have to think about that
part, but the customer authentication part of my config.pm looks like this (I
have replaced parts with xxx for security reasons) :
# This is an example configuration for an LDAP auth. backend.
# (make sure Net::LDAP is installed!)
$Self-{'Customer::AuthModule3'} = 'Kernel::System::CustomerAuth::LDAP';
$Self-{'Customer::AuthModule::LDAP::Host3'} = 'xxx.xxx.xxx.xxx';
$Self-{'Customer::AuthModule::LDAP::BaseDN3'} = 'dc=xxx,dc=xxx';
$Self-{'Customer::AuthModule::LDAP::UID3'} = 'sAMAccountName';
# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group xyz to use otrs)
$Self-{'Customer::AuthModule::LDAP::GroupDN3'} =
'CN=OTRS_Users,OU=XXX,DC=xxx,DC=xxx';
$Self-{'Customer::AuthModule::LDAP::AccessAttr3'} = 'member';
# for ldap posixGroups objectclass (just uid)
# $Self-{'Customer::AuthModule::LDAP::UserAttr'} = 'UID';
# for non ldap posixGroups objectclass (full user dn)
$Self-{'Customer::AuthModule::LDAP::UserAttr3'} = 'DN';
# The following is valid but would only be necessary if the
# anonymous user does NOT have permission to read from the LDAP tree
$Self-{'Customer::AuthModule::LDAP::SearchUserDN3'} = 'CN=XX,OU=IT
Department,OU=XXX,DC=xxx,DC=xxx';
$Self-{'Customer::AuthModule::LDAP::SearchUserPw3'} = 'XXX';
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter = '(mail=*)' or AlwaysFilter =
'(objectclass=user)'
# $Self-{'Customer::AuthModule::LDAP::AlwaysFilter'} = '';
# in case you want to add a suffix to each customer login name, then
# you can use this option. e. g. user just want to use user but
# in your ldap directory exists user@domain.
#$Self-{'Customer::AuthModule::LDAP::UserSuffix'} = '@domain.com';
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self-{'Customer::AuthModule::LDAP::Params3'} = {
port = 389,
timeout = 120,
async = 0,
version = 3,
};
# LATER TOEGEVOEGD, SYNC:
# Example 4.8. Configuring an LDAP customer backend
# CustomerUser
# (customer ldap backend and settings)
$Self-{CustomerUser2} = {
Name = 'LDAP Data Source',
Module = 'Kernel::System::CustomerUser::LDAP',
Params = {
# ldap host
Host = 'xxx.xxx.xxx.xxx',
# ldap base dn
BaseDN = 'dc=xxx,dc=xxx',
# search scope (one|sub)
SSCOPE = 'sub',
# The following is valid but would only be necessary if the
# anonymous user does NOT have permission to read from the LDAP tree
UserDN = 'CN=XX,OU=IT Department,OU=XXX,DC=xxx,DC=xxx',
UserPw = 'XXX',
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter = '(mail=*)' or AlwaysFilter =
'(objectclass=user)'
AlwaysFilter = '(memberOf='CN=OTRS_Users,OU=XXX,DC=xxx,DC=xxx)',
# if both your frontend and your LDAP are unicode, use this:
# SourceCharset = 'utf-8',
# DestCharset = 'utf-8',
# if your frontend is unicode and the charset of your
# ldap server is iso-8859-1, use these options.
# SourceCharset = 'iso-8859-1',
# DestCharset = 'utf-8',
# Net::LDAP new params (if needed - for more info see perldoc
Net::LDAP)
Params = {
port = 389,
timeout = 120,
async = 0,
version = 3,
},
},
# customer unique id
CustomerKey = 'sAMAccountName',
# customer #
CustomerID = 'company',
CustomerUserListFields = ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields = ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix = '',
CustomerUserSearchSuffix = '*',
CustomerUserSearchListLimit = 250,
CustomerUserPostMasterSearchFields = ['mail'],
CustomerUserNameFields = ['givenname', 'sn'],
# show not own tickets in customer panel, CompanyTickets
#
Re: [otrs] Authentication succeeded, but no customer record is found in the customer backend. Please contact your administrator.
http://stackoverflow.com/questions/1032351/how-to-write-ldap-query-to-test-if-user-is-member-of-a-group Don't forget to enclose all your filter. ((criteria1)(criteria2)) - OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Re: [otrs] Authentication succeeded, but no customer record is found in the customer backend. Please contact your administrator.
I have seen this issue when you configure LDAP as the Auth Source, but in
config it is still pointing to DB Backend.
Look in Sysconfig for Auth and check in Frontend::Customer::Auth set the
corresponding variables there as you have them in your Config.pm
Regards
2014-05-26 8:39 GMT-06:00 Erik van Ast erik.van@suzohapp.nl:
Hi all,
When trying to log in as a customer, I get the error “Authentication
succeeded, but no customer record is found in the customer backend. Please
contact your administrator.”. Authentication works good, but apparently the
information from Active Directory does not synchronize to OTRS… When I use
a wrong password I get the error “Login failed! Your user name or password
was entered incorrectly”, so authenticating works good… As soon as I get
the error mentioned earlier, I see the following error in the otrs.log
“[Error][Kernel::System::CustomerUser::SetPreferences][587] No such user
'HaraldW'.
Agents have no problem logging in, so I think I won’t have to think about
that part, but the customer authentication part of my config.pm looks
like this (I have replaced parts with xxx for security reasons) :
# This is an example configuration for an LDAP auth. backend.
# (make sure Net::LDAP is installed!)
$Self-{'Customer::AuthModule3'} = 'Kernel::System::CustomerAuth::LDAP';
$Self-{'Customer::AuthModule::LDAP::Host3'} = 'xxx.xxx.xxx.xxx';
$Self-{'Customer::AuthModule::LDAP::BaseDN3'} = 'dc=xxx,dc=xxx';
$Self-{'Customer::AuthModule::LDAP::UID3'} = 'sAMAccountName';
# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group xyz to use otrs)
$Self-{'Customer::AuthModule::LDAP::GroupDN3'} =
'CN=OTRS_Users,OU=XXX,DC=xxx,DC=xxx';
$Self-{'Customer::AuthModule::LDAP::AccessAttr3'} = 'member';
# for ldap posixGroups objectclass (just uid)
# $Self-{'Customer::AuthModule::LDAP::UserAttr'} = 'UID';
# for non ldap posixGroups objectclass (full user dn)
$Self-{'Customer::AuthModule::LDAP::UserAttr3'} = 'DN';
# The following is valid but would only be necessary if the
# anonymous user does NOT have permission to read from the LDAP tree
$Self-{'Customer::AuthModule::LDAP::SearchUserDN3'} = 'CN=XX,OU=IT
Department,OU=XXX,DC=xxx,DC=xxx';
$Self-{'Customer::AuthModule::LDAP::SearchUserPw3'} = 'XXX';
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter = '(mail=*)' or AlwaysFilter =
'(objectclass=user)'
# $Self-{'Customer::AuthModule::LDAP::AlwaysFilter'} = '';
# in case you want to add a suffix to each customer login name, then
# you can use this option. e. g. user just want to use user but
# in your ldap directory exists user@domain.
#$Self-{'Customer::AuthModule::LDAP::UserSuffix'} = '@domain.com';
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self-{'Customer::AuthModule::LDAP::Params3'} = {
port = 389,
timeout = 120,
async = 0,
version = 3,
};
# LATER TOEGEVOEGD, SYNC:
# Example 4.8. Configuring an LDAP customer backend
# CustomerUser
# (customer ldap backend and settings)
$Self-{CustomerUser2} = {
Name = 'LDAP Data Source',
Module = 'Kernel::System::CustomerUser::LDAP',
Params = {
# ldap host
Host = 'xxx.xxx.xxx.xxx',
# ldap base dn
BaseDN = 'dc=xxx,dc=xxx',
# search scope (one|sub)
SSCOPE = 'sub',
# The following is valid but would only be necessary if the
# anonymous user does NOT have permission to read from the LDAP
tree
UserDN = 'CN=XX,OU=IT Department,OU=XXX,DC=xxx,DC=xxx',
UserPw = 'XXX',
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter = '(mail=*)' or AlwaysFilter =
'(objectclass=user)'
AlwaysFilter = '(memberOf='CN=OTRS_Users,OU=XXX,DC=xxx,DC=xxx)',
# if both your frontend and your LDAP are unicode, use this:
# SourceCharset = 'utf-8',
# DestCharset = 'utf-8',
# if your frontend is unicode and the charset of your
# ldap server is iso-8859-1, use these options.
# SourceCharset = 'iso-8859-1',
# DestCharset = 'utf-8',
# Net::LDAP new params (if needed - for more info see perldoc
Net::LDAP)
Params = {
port = 389,
timeout = 120,
async = 0,
version = 3,
},
},
# customer unique id
CustomerKey = 'sAMAccountName',
# customer #
CustomerID = 'company',
CustomerUserListFields = ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields = ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix = '',
CustomerUserSearchSuffix = '*',
CustomerUserSearchListLimit = 250,
Re: [otrs] Authentication succeeded, but no customer record is found in the customer backend. Please contact your administrator.
Ok. I am going to start over from scratch with a fresh Config.pm and report back. Brand new day. The ultimate goal would be for the site to automatically log the user in based on the context of the user logged in to the workstation. This would allow me to embed the customer.pl page (more specifically a new ticket form) directly into SharePoint (gasp!) so that we have full integration within our intranet. Again, there will be no access for non-employees as this is exclusively internal facing. Am I being too unrealistic? Thanks for all of the pointers everyone. I will use these links to try again and let you know. From: otrs-boun...@otrs.org [mailto:otrs-boun...@otrs.org] On Behalf Of David Boyes Sent: Wednesday, March 20, 2013 12:09 AM To: User questions and discussions about OTRS. Subject: Re: [otrs] Authentication succeeded, but no customer record is found in the customer backend. Please contact your administrator. Authentication and authorization are two different things (one is can you access this system, the other is what are you allowed to do). I agree that on first authentication, OTRS should create a stub record in the database for the authorized entity, but I actually think the no privileges until explicitly assigned is a good thing in that you don't accidentally disclose things that that customer has no business seeing. I think the compromise approach would be to use the authorization exit to check whether the customer is in the database and then add a default entry from a site-assigned template (queue access, permissions, etc). From: otrs-boun...@otrs.org [mailto:otrs-boun...@otrs.org] On Behalf Of Marty Hillman Sent: Tuesday, March 19, 2013 4:06 PM To: User questions and discussions about OTRS. Subject: Re: [otrs] Authentication succeeded, but no customer record is found in the customer backend. Please contact your administrator. Come to think of it, if it does not add the customers to the database, the feature is pretty worthless. Why validate against LDAP/AD at all for customers if everything has to exist in the database? That would just be adding useless complexity. - OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Re: [otrs] Authentication succeeded, but no customer record is found in the customer backend. Please contact your administrator.
No. I do this all the time. Sso, even. On Mar 20, 2013 9:16 AM, Marty Hillman mhill...@equuscs.com wrote: Ok. I am going to start over from scratch with a fresh Config.pm and report back. Brand new day. The ultimate goal would be for the site to automatically log the user in based on the context of the user logged in to the workstation. This would allow me to embed the customer.pl page (more specifically a new ticket form) directly into SharePoint (gasp!) so that we have full integration within our intranet. Again, there will be no access for non-employees as this is exclusively internal facing. Am I being too unrealistic? ** ** Thanks for all of the pointers everyone. I will use these links to try again and let you know. ** ** *From:* otrs-boun...@otrs.org [mailto:otrs-boun...@otrs.org] *On Behalf Of *David Boyes *Sent:* Wednesday, March 20, 2013 12:09 AM *To:* User questions and discussions about OTRS. *Subject:* Re: [otrs] Authentication succeeded, but no customer record is found in the customer backend. Please contact your administrator. ** ** Authentication and authorization are two different things (one is “can you access this system”, the other is “what are you allowed to do”). I agree that on first authentication, OTRS should create a stub record in the database for the authorized entity, but I actually think the “no privileges until explicitly assigned” is a good thing in that you don’t accidentally disclose things that that customer has no business seeing. ** ** I think the compromise approach would be to use the authorization exit to check whether the customer is in the database and then add a default entry from a site-assigned template (queue access, permissions, etc). ** ** *From:* otrs-boun...@otrs.org [mailto:otrs-boun...@otrs.org] *On Behalf Of *Marty Hillman *Sent:* Tuesday, March 19, 2013 4:06 PM *To:* User questions and discussions about OTRS. *Subject:* Re: [otrs] Authentication succeeded, but no customer record is found in the customer backend. Please contact your administrator. ** ** Come to think of it, if it does not add the customers to the database, the feature is pretty worthless. Why validate against LDAP/AD at all for customers if everything has to exist in the database? That would just be adding useless complexity. ** ** - OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs - OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Re: [otrs] Authentication succeeded, but no customer record is found in the customer backend. Please contact your administrator.
Hello Marting,
Have you also check CustomerAuth option in Sysconfig. You need to configure
both place (Config.pm) and Sysconfig options so the customers can loging
and get into OTRS.
The option FrontEnd::Customer::Auth is what I am talking about.
2013/3/19 Marty Hillman mhill...@equuscs.com
My Config.pm appears to be configured correctly, but it does not work. I
have looked at the articles in your links along with dozens of others. All
of them have the exact same configuration as what I posted in my initial
email unless there is a character somewhere I am missing. I copied and
pasted the configurations changing my DN, CN, OU, DC in accordance with my
AD structure. It is obviously authenticating, so I am fairly certain I did
it right. The sAMAccountName and mail settings have been changed various
times to try to get it working. Until just before I posted my message,
they were both set to ‘mail’.
** **
One user wrote that the Customer::Auth page needed to be modified in
SysConfig. http://deckerix.com/blog/configura-tu-otrs-con-soporte-ldap/
I did this as well and verified the settings in ZZZauto.pm.
** **
From how I read your email (“OTRS will not populate your customer_user
database”), I am going to have to hand enter 500 user accounts for the
potential employees that can enter tickets or they will not be able to use
the system.If I understand you correctly, that is a project killer.***
*
** **
If the system can create the agent accounts based on settings in the
Config.pm file, why would it not be able to do so with customers?
** **
*From:* otrs-boun...@otrs.org [mailto:otrs-boun...@otrs.org] *On Behalf
Of *Leonardo Certuche
*Sent:* Tuesday, March 19, 2013 2:03 PM
*To:* User questions and discussions about OTRS.
*Subject:* Re: [otrs] Authentication succeeded, but no customer record
is found in the customer backend. Please contact your administrator.
** **
Hello Marty,
** **
OTRS will not populate your customer_user database once integrated with an
LDAP/AD. It will check if the user exists on 'CN=OTRS
Dev,OU=level2,OU=level1,DC=domain,DC=com' and then it will confirm the
password. If it matches, it will let the customer log in.
** **
What you are facing probably has to do with the fact that first you
associate CustomerID with one thing:
** **
CustomerID = 'sAMAccountName',
** **
And then you map it with another:
** **
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
** **
Have you tried the following entries?
** **
https://www.google.com.co/search?q=site%3Aforums.otterhub.org+%22Authentication+succeeded%22
Leonardo Certuche
www.itconsultores.com.co
Medellín, Colombia
** **
On 19 March 2013 13:41, Marty Hillman mhill...@equuscs.com wrote:
I have Googled and screwed around with Config.pm for hours. The
configuration is creating agents in the database appropriately, but it is
not creating users in the customer database. I am using this as in
internal system only, so there is no outside access. I want any user to be
able to use their AD credentials to log on. If there is not an account in
OTRS, it should create one for them.
Anyone have any thoughts on what I am overlooking? Here is my
/opt/otrs/Kernel/Config.pm. I copied and pasted from several Google
results and modified for my own information. It does validate the password
is correct for the customer, but does not add them to the database if they
don’t exist.
# #
#
http://wiki.otterhub.org/index.php?title=Using_OTRS_with_Active_Directory_as_a_source_for_agents#
# #
# This is an example configuration for using an MS AD backend
$Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self-{'AuthModule::LDAP::Host'} = '172.16.10.21';
$Self-{'AuthModule::LDAP::BaseDN'} = 'dc=domain,dc=com';
$Self-{'AuthModule::LDAP::UID'} = 'sAMAccountName';
# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group OTRS_Agents to use otrs)
$Self-{'AuthModule::LDAP::GroupDN'} =
'CN=Corp_Admin_MIS,OU=level2,OU=level1,DC=domain,DC=com';
$Self-{'AuthModule::LDAP::AccessAttr'} = 'member';
$Self-{'AuthModule::LDAP::UserAttr'} = 'DN';
# Bind credentials to log into AD
$Self-{'AuthModule::LDAP::SearchUserDN'} = 'CN=OTRS
Dev,OU=level2,OU=level1,DC=domain,DC=com';
$Self-{'AuthModule::LDAP::SearchUserPw'} = 'password';
# in case you want to add always one filter to each ldap query, use***
*
# this option. e. g. AlwaysFilter = '(mail=*)' or AlwaysFilter =
'(objectclass=user)'
$Self-{'AuthModule::LDAP::AlwaysFilter'} =
Re: [otrs] Authentication succeeded, but no customer record is found in the customer backend. Please contact your administrator.
@Alvaro: Martin already is able to authenticate, so changing SysConfig for
this will not be helpful.
On Wed, Mar 20, 2013 at 10:22 AM, Alvaro Cordero alv...@gridshield.netwrote:
Hello Marting,
Have you also check CustomerAuth option in Sysconfig. You need to
configure both place (Config.pm) and Sysconfig options so the customers can
loging and get into OTRS.
The option FrontEnd::Customer::Auth is what I am talking about.
2013/3/19 Marty Hillman mhill...@equuscs.com
My Config.pm appears to be configured correctly, but it does not work. I
have looked at the articles in your links along with dozens of others. All
of them have the exact same configuration as what I posted in my initial
email unless there is a character somewhere I am missing. I copied and
pasted the configurations changing my DN, CN, OU, DC in accordance with my
AD structure. It is obviously authenticating, so I am fairly certain I did
it right. The sAMAccountName and mail settings have been changed various
times to try to get it working. Until just before I posted my message,
they were both set to ‘mail’.
** **
One user wrote that the Customer::Auth page needed to be modified in
SysConfig. http://deckerix.com/blog/configura-tu-otrs-con-soporte-ldap/
I did this as well and verified the settings in ZZZauto.pm.
** **
From how I read your email (“OTRS will not populate your customer_user
database”), I am going to have to hand enter 500 user accounts for the
potential employees that can enter tickets or they will not be able to use
the system.If I understand you correctly, that is a project killer.**
**
** **
If the system can create the agent accounts based on settings in the
Config.pm file, why would it not be able to do so with customers?
** **
*From:* otrs-boun...@otrs.org [mailto:otrs-boun...@otrs.org] *On Behalf
Of *Leonardo Certuche
*Sent:* Tuesday, March 19, 2013 2:03 PM
*To:* User questions and discussions about OTRS.
*Subject:* Re: [otrs] Authentication succeeded, but no customer record
is found in the customer backend. Please contact your administrator.
** **
Hello Marty,
** **
OTRS will not populate your customer_user database once integrated with
an LDAP/AD. It will check if the user exists on 'CN=OTRS
Dev,OU=level2,OU=level1,DC=domain,DC=com' and then it will confirm the
password. If it matches, it will let the customer log in.
** **
What you are facing probably has to do with the fact that first you
associate CustomerID with one thing:
** **
CustomerID = 'sAMAccountName',
** **
And then you map it with another:
** **
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
** **
Have you tried the following entries?
** **
https://www.google.com.co/search?q=site%3Aforums.otterhub.org+%22Authentication+succeeded%22
Leonardo Certuche
www.itconsultores.com.co
Medellín, Colombia
** **
On 19 March 2013 13:41, Marty Hillman mhill...@equuscs.com wrote:
I have Googled and screwed around with Config.pm for hours. The
configuration is creating agents in the database appropriately, but it is
not creating users in the customer database. I am using this as in
internal system only, so there is no outside access. I want any user to be
able to use their AD credentials to log on. If there is not an account in
OTRS, it should create one for them.
Anyone have any thoughts on what I am overlooking? Here is my
/opt/otrs/Kernel/Config.pm. I copied and pasted from several Google
results and modified for my own information. It does validate the password
is correct for the customer, but does not add them to the database if they
don’t exist.
# #
#
http://wiki.otterhub.org/index.php?title=Using_OTRS_with_Active_Directory_as_a_source_for_agents#
# #
# This is an example configuration for using an MS AD backend
$Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self-{'AuthModule::LDAP::Host'} = '172.16.10.21';
$Self-{'AuthModule::LDAP::BaseDN'} = 'dc=domain,dc=com';
$Self-{'AuthModule::LDAP::UID'} = 'sAMAccountName';
# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group OTRS_Agents to use otrs)
$Self-{'AuthModule::LDAP::GroupDN'} =
'CN=Corp_Admin_MIS,OU=level2,OU=level1,DC=domain,DC=com';
$Self-{'AuthModule::LDAP::AccessAttr'} = 'member';
$Self-{'AuthModule::LDAP::UserAttr'} = 'DN';
# Bind credentials to log into AD
$Self-{'AuthModule::LDAP::SearchUserDN'} = 'CN=OTRS
Dev,OU=level2,OU=level1,DC=domain,DC=com';
$Self-{'AuthModule::LDAP::SearchUserPw'} = 'password';
# in case you want to add always
Re: [otrs] Authentication succeeded, but no customer record is found in the customer backend. Please contact your administrator.
Gerald I understand, when we started we struggled a lot with that, because
we could see the system was loging the customers (in the logs) but we
always got the messages about not being found in the data base. The
solution is to change in sysconfig, it by default points to use Database as
Customer Backend, so what he needs to adjust is make it LDAP and set the
other data the same as in Config.pm.
Regards
2013/3/20 Gerald Young cryth...@gmail.com
@Alvaro: Martin already is able to authenticate, so changing SysConfig for
this will not be helpful.
On Wed, Mar 20, 2013 at 10:22 AM, Alvaro Cordero alv...@gridshield.netwrote:
Hello Marting,
Have you also check CustomerAuth option in Sysconfig. You need to
configure both place (Config.pm) and Sysconfig options so the customers can
loging and get into OTRS.
The option FrontEnd::Customer::Auth is what I am talking about.
2013/3/19 Marty Hillman mhill...@equuscs.com
My Config.pm appears to be configured correctly, but it does not work.
I have looked at the articles in your links along with dozens of others.
All of them have the exact same configuration as what I posted in my
initial email unless there is a character somewhere I am missing. I copied
and pasted the configurations changing my DN, CN, OU, DC in accordance with
my AD structure. It is obviously authenticating, so I am fairly certain I
did it right. The sAMAccountName and mail settings have been changed
various times to try to get it working. Until just before I posted my
message, they were both set to ‘mail’.
** **
One user wrote that the Customer::Auth page needed to be modified in
SysConfig. http://deckerix.com/blog/configura-tu-otrs-con-soporte-ldap/
I did this as well and verified the settings in ZZZauto.pm.
** **
From how I read your email (“OTRS will not populate your customer_user
database”), I am going to have to hand enter 500 user accounts for the
potential employees that can enter tickets or they will not be able to use
the system.If I understand you correctly, that is a project killer.*
***
** **
If the system can create the agent accounts based on settings in the
Config.pm file, why would it not be able to do so with customers?
** **
*From:* otrs-boun...@otrs.org [mailto:otrs-boun...@otrs.org] *On Behalf
Of *Leonardo Certuche
*Sent:* Tuesday, March 19, 2013 2:03 PM
*To:* User questions and discussions about OTRS.
*Subject:* Re: [otrs] Authentication succeeded, but no customer record
is found in the customer backend. Please contact your administrator.***
*
** **
Hello Marty,
** **
OTRS will not populate your customer_user database once integrated with
an LDAP/AD. It will check if the user exists on 'CN=OTRS
Dev,OU=level2,OU=level1,DC=domain,DC=com' and then it will confirm the
password. If it matches, it will let the customer log in.
** **
What you are facing probably has to do with the fact that first you
associate CustomerID with one thing:
** **
CustomerID = 'sAMAccountName',
** **
And then you map it with another:
** **
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
** **
Have you tried the following entries?
** **
https://www.google.com.co/search?q=site%3Aforums.otterhub.org+%22Authentication+succeeded%22
Leonardo Certuche
www.itconsultores.com.co
Medellín, Colombia
** **
On 19 March 2013 13:41, Marty Hillman mhill...@equuscs.com wrote:
I have Googled and screwed around with Config.pm for hours. The
configuration is creating agents in the database appropriately, but it is
not creating users in the customer database. I am using this as in
internal system only, so there is no outside access. I want any user to be
able to use their AD credentials to log on. If there is not an account in
OTRS, it should create one for them.
Anyone have any thoughts on what I am overlooking? Here is my
/opt/otrs/Kernel/Config.pm. I copied and pasted from several Google
results and modified for my own information. It does validate the password
is correct for the customer, but does not add them to the database if they
don’t exist.
# #
#
http://wiki.otterhub.org/index.php?title=Using_OTRS_with_Active_Directory_as_a_source_for_agents#
# #
# This is an example configuration for using an MS AD backend
$Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self-{'AuthModule::LDAP::Host'} = '172.16.10.21';
$Self-{'AuthModule::LDAP::BaseDN'} = 'dc=domain,dc=com';
$Self-{'AuthModule::LDAP::UID'} = 'sAMAccountName';
# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group OTRS_Agents to use otrs)
Re: [otrs] Authentication succeeded, but no customer record is found in the customer backend. Please contact your administrator.
Ok. I am going to start over from scratch with a fresh Config.pm and report back. Brand new day. The ultimate goal would be for the site to automatically log the user in based on the context of the user logged in to the workstation. Adding GSSAPI support to OTRS has been on my to-do list for quite a while. That would allow security and identity tokens (like the Kerberos 5 principal and service tickets that Windows uses) to be securely passed from lots of different authentication sources w/o special code for each. - OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Re: [otrs] Authentication succeeded, but no customer record is found in the customer backend. Please contact your administrator.
I've done this... it works nicely. On Wed, Mar 20, 2013 at 10:54 AM, David Boyes dbo...@sinenomine.net wrote: ** ** Ok. I am going to start over from scratch with a fresh Config.pm and report back. Brand new day. The ultimate goal would be for the site to automatically log the user in based on the context of the user logged in to the workstation. ** ** Adding GSSAPI support to OTRS has been on my to-do list for quite a while. That would allow security and identity tokens (like the Kerberos 5 principal and service tickets that Windows uses) to be securely passed from lots of different authentication sources w/o special code for each. ** ** - OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs - OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Re: [otrs] Authentication succeeded, but no customer record is found in the customer backend. Please contact your administrator.
I've done this... it works nicely. Goody! Is the code committed? I'll have some VERY happy people here if it is. - OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Re: [otrs] Authentication succeeded, but no customer record is found in the customer backend. Please contact your administrator.
http://forums.otterhub.org/viewtopic.php?f=81t=15422 On Wed, Mar 20, 2013 at 11:20 AM, David Boyes dbo...@sinenomine.net wrote: ** ** ** ** I've done this... it works nicely. ** ** Goody! Is the code committed? I’ll have some VERY happy people here if it is. - OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs - OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Re: [otrs] Authentication succeeded, but no customer record is found in the customer backend. Please contact your administrator.
That's not GSSAPI. That's using mod_kerb to supply the user information via basic mode. Not the same animal, although it produces a similar-looking effect. From: otrs-boun...@otrs.org [mailto:otrs-boun...@otrs.org] On Behalf Of Gerald Young Sent: Wednesday, March 20, 2013 11:33 AM To: User questions and discussions about OTRS. Subject: Re: [otrs] Authentication succeeded, but no customer record is found in the customer backend. Please contact your administrator. http://forums.otterhub.org/viewtopic.php?f=81t=15422 - OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Re: [otrs] Authentication succeeded, but no customer record is found in the customer backend. Please contact your administrator.
It's not GSSAPI? OK. With as many GSS errors as I got trying to get this thing to work, I could have sworn it was. Oh, well. You and Google may differ but the result is, as you say, the same mod_kerb uses GSSAPI, so if you figure out something different, please let me know. On Wed, Mar 20, 2013 at 11:46 AM, David Boyes dbo...@sinenomine.net wrote: That’s not GSSAPI. That’s using mod_kerb to supply the user information via basic mode. Not the same animal, although it produces a similar-looking effect. ** ** *From:* otrs-boun...@otrs.org [mailto:otrs-boun...@otrs.org] *On Behalf Of *Gerald Young *Sent:* Wednesday, March 20, 2013 11:33 AM *To:* User questions and discussions about OTRS. *Subject:* Re: [otrs] Authentication succeeded, but no customer record is found in the customer backend. Please contact your administrator. ** ** http://forums.otterhub.org/viewtopic.php?f=81t=15422 ** ** - OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs - OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Re: [otrs] Authentication succeeded, but no customer record is found in the customer backend. Please contact your administrator.
Yes. Those settings are all there.
From: Alvaro Cordero [mailto:alv...@gridshield.net]
Sent: Wednesday, March 20, 2013 9:22 AM
To: User questions and discussions about OTRS.
Subject: Re: [otrs] Authentication succeeded, but no customer record is found
in the customer backend. Please contact your administrator.
Hello Marting,
Have you also check CustomerAuth option in Sysconfig. You need to configure
both place (Config.pm) and Sysconfig options so the customers can loging and
get into OTRS.
The option FrontEnd::Customer::Auth is what I am talking about.
2013/3/19 Marty Hillman mhill...@equuscs.commailto:mhill...@equuscs.com
My Config.pm appears to be configured correctly, but it does not work. I have
looked at the articles in your links along with dozens of others. All of them
have the exact same configuration as what I posted in my initial email unless
there is a character somewhere I am missing. I copied and pasted the
configurations changing my DN, CN, OU, DC in accordance with my AD structure.
It is obviously authenticating, so I am fairly certain I did it right. The
sAMAccountName and mail settings have been changed various times to try to get
it working. Until just before I posted my message, they were both set to
'mail'.
One user wrote that the Customer::Auth page needed to be modified in SysConfig.
http://deckerix.com/blog/configura-tu-otrs-con-soporte-ldap/ I did this as
well and verified the settings in ZZZauto.pm.
From how I read your email (OTRS will not populate your customer_user
database), I am going to have to hand enter 500 user accounts for the
potential employees that can enter tickets or they will not be able to use the
system.If I understand you correctly, that is a project killer.
If the system can create the agent accounts based on settings in the Config.pm
file, why would it not be able to do so with customers?
From: otrs-boun...@otrs.orgmailto:otrs-boun...@otrs.org
[mailto:otrs-boun...@otrs.orgmailto:otrs-boun...@otrs.org] On Behalf Of
Leonardo Certuche
Sent: Tuesday, March 19, 2013 2:03 PM
To: User questions and discussions about OTRS.
Subject: Re: [otrs] Authentication succeeded, but no customer record is found
in the customer backend. Please contact your administrator.
Hello Marty,
OTRS will not populate your customer_user database once integrated with an
LDAP/AD. It will check if the user exists on 'CN=OTRS
Dev,OU=level2,OU=level1,DC=domain,DC=com' and then it will confirm the
password. If it matches, it will let the customer log in.
What you are facing probably has to do with the fact that first you associate
CustomerID with one thing:
CustomerID = 'sAMAccountName',
And then you map it with another:
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
Have you tried the following entries?
https://www.google.com.co/search?q=site%3Aforums.otterhub.org+%22Authentication+succeeded%22
Leonardo Certuche
www.itconsultores.com.cohttp://www.itconsultores.com.co
Medellín, Colombia
On 19 March 2013 13:41, Marty Hillman
mhill...@equuscs.commailto:mhill...@equuscs.com wrote:
I have Googled and screwed around with Config.pm for hours. The configuration
is creating agents in the database appropriately, but it is not creating users
in the customer database. I am using this as in internal system only, so there
is no outside access. I want any user to be able to use their AD credentials
to log on. If there is not an account in OTRS, it should create one for them.
Anyone have any thoughts on what I am overlooking? Here is my
/opt/otrs/Kernel/Config.pm. I copied and pasted from several Google results
and modified for my own information. It does validate the password is correct
for the customer, but does not add them to the database if they don't exist.
# #
#
http://wiki.otterhub.org/index.php?title=Using_OTRS_with_Active_Directory_as_a_source_for_agents
#
# #
# This is an example configuration for using an MS AD backend
$Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self-{'AuthModule::LDAP::Host'} = '172.16.10.21';
$Self-{'AuthModule::LDAP::BaseDN'} = 'dc=domain,dc=com';
$Self-{'AuthModule::LDAP::UID'} = 'sAMAccountName';
# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group OTRS_Agents to use otrs)
$Self-{'AuthModule::LDAP::GroupDN'} =
'CN=Corp_Admin_MIS,OU=level2,OU=level1,DC=domain,DC=com';
$Self-{'AuthModule::LDAP::AccessAttr'} = 'member';
$Self-{'AuthModule::LDAP::UserAttr'} = 'DN';
# Bind credentials to log into AD
$Self-{'AuthModule::LDAP::SearchUserDN'} = 'CN=OTRS
Dev,OU=level2,OU=level1,DC=domain,DC=com';
$Self-{'AuthModule::LDAP::SearchUserPw'} = 'password';
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter = '(mail=*)' or
Re: [otrs] Authentication succeeded, but no customer record is found in the customer backend. Please contact your administrator.
And you would make me a very happy person if you got that done. :-) From: otrs-boun...@otrs.org [mailto:otrs-boun...@otrs.org] On Behalf Of David Boyes Sent: Wednesday, March 20, 2013 9:54 AM To: User questions and discussions about OTRS. Subject: Re: [otrs] Authentication succeeded, but no customer record is found in the customer backend. Please contact your administrator. Ok. I am going to start over from scratch with a fresh Config.pm and report back. Brand new day. The ultimate goal would be for the site to automatically log the user in based on the context of the user logged in to the workstation. Adding GSSAPI support to OTRS has been on my to-do list for quite a while. That would allow security and identity tokens (like the Kerberos 5 principal and service tickets that Windows uses) to be securely passed from lots of different authentication sources w/o special code for each. - OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Re: [otrs] Authentication succeeded, but no customer record is found in the customer backend. Please contact your administrator.
Hello Marty,
OTRS will not populate your customer_user database once integrated with an
LDAP/AD. It will check if the user exists on 'CN=OTRS
Dev,OU=level2,OU=level1,DC=domain,DC=com' and then it will confirm the
password. If it matches, it will let the customer log in.
What you are facing probably has to do with the fact that first you
associate CustomerID with one thing:
CustomerID = 'sAMAccountName',
And then you map it with another:
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
Have you tried the following entries?
https://www.google.com.co/search?q=site%3Aforums.otterhub.org+%22Authentication+succeeded%22
Leonardo Certuche
www.itconsultores.com.co
Medellín, Colombia
On 19 March 2013 13:41, Marty Hillman mhill...@equuscs.com wrote:
I have Googled and screwed around with Config.pm for hours. The
configuration is creating agents in the database appropriately, but it is
not creating users in the customer database. I am using this as in
internal system only, so there is no outside access. I want any user to be
able to use their AD credentials to log on. If there is not an account in
OTRS, it should create one for them.
** **
Anyone have any thoughts on what I am overlooking? Here is my
/opt/otrs/Kernel/Config.pm. I copied and pasted from several Google
results and modified for my own information. It does validate the password
is correct for the customer, but does not add them to the database if they
don’t exist.
** **
# #
#
http://wiki.otterhub.org/index.php?title=Using_OTRS_with_Active_Directory_as_a_source_for_agents#
# #
** **
# This is an example configuration for using an MS AD backend
$Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self-{'AuthModule::LDAP::Host'} = '172.16.10.21';
$Self-{'AuthModule::LDAP::BaseDN'} = 'dc=domain,dc=com';
$Self-{'AuthModule::LDAP::UID'} = 'sAMAccountName';
** **
# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group OTRS_Agents to use otrs)
$Self-{'AuthModule::LDAP::GroupDN'} =
'CN=Corp_Admin_MIS,OU=level2,OU=level1,DC=domain,DC=com';
$Self-{'AuthModule::LDAP::AccessAttr'} = 'member';
$Self-{'AuthModule::LDAP::UserAttr'} = 'DN';
** **
# Bind credentials to log into AD
$Self-{'AuthModule::LDAP::SearchUserDN'} = 'CN=OTRS
Dev,OU=level2,OU=level1,DC=domain,DC=com';
$Self-{'AuthModule::LDAP::SearchUserPw'} = 'password';
** **
# in case you want to add always one filter to each ldap query, use***
*
# this option. e. g. AlwaysFilter = '(mail=*)' or AlwaysFilter =
'(objectclass=user)'
$Self-{'AuthModule::LDAP::AlwaysFilter'} = '';
** **
# in case you want to add a suffix to each login name, then
# you can use this option. e. g. user just want to use user but
# in your ldap directory exists user@domain.
#$Self-{'AuthModule::LDAP::UserSuffix'} = '';
** **
# Net::LDAP new params (if needed - for more info see perldoc
Net::LDAP)
$Self-{'AuthModule::LDAP::Params'} = {
port = 389,
timeout = 120,
async = 0,
version = 3,
};
** **
# Now sync data with OTRS DB
$Self-{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self-{'AuthSyncModule::LDAP::Host'} = '172.16.10.21';
$Self-{'AuthSyncModule::LDAP::BaseDN'} = 'dc=domain, dc=com';
$Self-{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
$Self-{'AuthSyncModule::LDAP::SearchUserDN'} = 'CN=OTRS
Dev,OU=level2,OU=level1,DC=domain,DC=com';
$Self-{'AuthSyncModule::LDAP::SearchUserPw'} = 'password';
** **
$Self-{'AuthSyncModule::LDAP::UserSyncMap'} = {
# DB - LDAP
UserFirstname = 'givenName',
UserLastname = 'sn',
UserEmail = 'mail',
};
** **
# AuthSyncModule::LDAP::UserSyncInitialGroups
# (sync following group with rw permission after initial create of
first agent
# login)
$Self-{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
'users',
];
** **
# #
# Customer authentication section #
# #
** **
$Self-{'SecureMode'} = '1';
#The name to be used for this server when constructing URLs in
email
$Self- {'FQDN'} = 'otrsdev.domain.com';
** **
#Enable LDAP authentication for Customers / Users
$Self-{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
Re: [otrs] Authentication succeeded, but no customer record is found in the customer backend. Please contact your administrator.
My Config.pm appears to be configured correctly, but it does not work. I have
looked at the articles in your links along with dozens of others. All of them
have the exact same configuration as what I posted in my initial email unless
there is a character somewhere I am missing. I copied and pasted the
configurations changing my DN, CN, OU, DC in accordance with my AD structure.
It is obviously authenticating, so I am fairly certain I did it right. The
sAMAccountName and mail settings have been changed various times to try to get
it working. Until just before I posted my message, they were both set to
'mail'.
One user wrote that the Customer::Auth page needed to be modified in SysConfig.
http://deckerix.com/blog/configura-tu-otrs-con-soporte-ldap/ I did this as
well and verified the settings in ZZZauto.pm.
From how I read your email (OTRS will not populate your customer_user
database), I am going to have to hand enter 500 user accounts for the
potential employees that can enter tickets or they will not be able to use the
system.If I understand you correctly, that is a project killer.
If the system can create the agent accounts based on settings in the Config.pm
file, why would it not be able to do so with customers?
From: otrs-boun...@otrs.org [mailto:otrs-boun...@otrs.org] On Behalf Of
Leonardo Certuche
Sent: Tuesday, March 19, 2013 2:03 PM
To: User questions and discussions about OTRS.
Subject: Re: [otrs] Authentication succeeded, but no customer record is found
in the customer backend. Please contact your administrator.
Hello Marty,
OTRS will not populate your customer_user database once integrated with an
LDAP/AD. It will check if the user exists on 'CN=OTRS
Dev,OU=level2,OU=level1,DC=domain,DC=com' and then it will confirm the
password. If it matches, it will let the customer log in.
What you are facing probably has to do with the fact that first you associate
CustomerID with one thing:
CustomerID = 'sAMAccountName',
And then you map it with another:
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
Have you tried the following entries?
https://www.google.com.co/search?q=site%3Aforums.otterhub.org+%22Authentication+succeeded%22
Leonardo Certuche
www.itconsultores.com.cohttp://www.itconsultores.com.co
Medellín, Colombia
On 19 March 2013 13:41, Marty Hillman
mhill...@equuscs.commailto:mhill...@equuscs.com wrote:
I have Googled and screwed around with Config.pm for hours. The configuration
is creating agents in the database appropriately, but it is not creating users
in the customer database. I am using this as in internal system only, so there
is no outside access. I want any user to be able to use their AD credentials
to log on. If there is not an account in OTRS, it should create one for them.
Anyone have any thoughts on what I am overlooking? Here is my
/opt/otrs/Kernel/Config.pm. I copied and pasted from several Google results
and modified for my own information. It does validate the password is correct
for the customer, but does not add them to the database if they don't exist.
# #
#
http://wiki.otterhub.org/index.php?title=Using_OTRS_with_Active_Directory_as_a_source_for_agents
#
# #
# This is an example configuration for using an MS AD backend
$Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self-{'AuthModule::LDAP::Host'} = '172.16.10.21';
$Self-{'AuthModule::LDAP::BaseDN'} = 'dc=domain,dc=com';
$Self-{'AuthModule::LDAP::UID'} = 'sAMAccountName';
# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group OTRS_Agents to use otrs)
$Self-{'AuthModule::LDAP::GroupDN'} =
'CN=Corp_Admin_MIS,OU=level2,OU=level1,DC=domain,DC=com';
$Self-{'AuthModule::LDAP::AccessAttr'} = 'member';
$Self-{'AuthModule::LDAP::UserAttr'} = 'DN';
# Bind credentials to log into AD
$Self-{'AuthModule::LDAP::SearchUserDN'} = 'CN=OTRS
Dev,OU=level2,OU=level1,DC=domain,DC=com';
$Self-{'AuthModule::LDAP::SearchUserPw'} = 'password';
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter = '(mail=*)' or AlwaysFilter =
'(objectclass=user)'
$Self-{'AuthModule::LDAP::AlwaysFilter'} = '';
# in case you want to add a suffix to each login name, then
# you can use this option. e. g. user just want to use user but
# in your ldap directory exists user@domain.
#$Self-{'AuthModule::LDAP::UserSuffix'} = '';
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self-{'AuthModule::LDAP::Params'} = {
port = 389,
timeout = 120,
async = 0,
version = 3,
};
# Now sync data with OTRS DB
$Self-{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self-{'AuthSyncModule::LDAP::Host'} = '172.16.10.21';
Re: [otrs] Authentication succeeded, but no customer record is found in the customer backend. Please contact your administrator.
Come to think of it, if it does not add the customers to the database, the
feature is pretty worthless. Why validate against LDAP/AD at all for customers
if everything has to exist in the database? That would just be adding useless
complexity.
From: otrs-boun...@otrs.org [mailto:otrs-boun...@otrs.org] On Behalf Of Marty
Hillman
Sent: Tuesday, March 19, 2013 3:00 PM
To: User questions and discussions about OTRS.
Subject: Re: [otrs] Authentication succeeded, but no customer record is found
in the customer backend. Please contact your administrator.
My Config.pm appears to be configured correctly, but it does not work. I have
looked at the articles in your links along with dozens of others. All of them
have the exact same configuration as what I posted in my initial email unless
there is a character somewhere I am missing. I copied and pasted the
configurations changing my DN, CN, OU, DC in accordance with my AD structure.
It is obviously authenticating, so I am fairly certain I did it right. The
sAMAccountName and mail settings have been changed various times to try to get
it working. Until just before I posted my message, they were both set to
'mail'.
One user wrote that the Customer::Auth page needed to be modified in SysConfig.
http://deckerix.com/blog/configura-tu-otrs-con-soporte-ldap/ I did this as
well and verified the settings in ZZZauto.pm.
From how I read your email (OTRS will not populate your customer_user
database), I am going to have to hand enter 500 user accounts for the
potential employees that can enter tickets or they will not be able to use the
system.If I understand you correctly, that is a project killer.
If the system can create the agent accounts based on settings in the Config.pm
file, why would it not be able to do so with customers?
From: otrs-boun...@otrs.org [mailto:otrs-boun...@otrs.org] On Behalf Of
Leonardo Certuche
Sent: Tuesday, March 19, 2013 2:03 PM
To: User questions and discussions about OTRS.
Subject: Re: [otrs] Authentication succeeded, but no customer record is found
in the customer backend. Please contact your administrator.
Hello Marty,
OTRS will not populate your customer_user database once integrated with an
LDAP/AD. It will check if the user exists on 'CN=OTRS
Dev,OU=level2,OU=level1,DC=domain,DC=com' and then it will confirm the
password. If it matches, it will let the customer log in.
What you are facing probably has to do with the fact that first you associate
CustomerID with one thing:
CustomerID = 'sAMAccountName',
And then you map it with another:
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
Have you tried the following entries?
https://www.google.com.co/search?q=site%3Aforums.otterhub.org+%22Authentication+succeeded%22
Leonardo Certuche
www.itconsultores.com.cohttp://www.itconsultores.com.co
Medellín, Colombia
On 19 March 2013 13:41, Marty Hillman
mhill...@equuscs.commailto:mhill...@equuscs.com wrote:
I have Googled and screwed around with Config.pm for hours. The configuration
is creating agents in the database appropriately, but it is not creating users
in the customer database. I am using this as in internal system only, so there
is no outside access. I want any user to be able to use their AD credentials
to log on. If there is not an account in OTRS, it should create one for them.
Anyone have any thoughts on what I am overlooking? Here is my
/opt/otrs/Kernel/Config.pm. I copied and pasted from several Google results
and modified for my own information. It does validate the password is correct
for the customer, but does not add them to the database if they don't exist.
# #
#
http://wiki.otterhub.org/index.php?title=Using_OTRS_with_Active_Directory_as_a_source_for_agents
#
# #
# This is an example configuration for using an MS AD backend
$Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self-{'AuthModule::LDAP::Host'} = '172.16.10.21';
$Self-{'AuthModule::LDAP::BaseDN'} = 'dc=domain,dc=com';
$Self-{'AuthModule::LDAP::UID'} = 'sAMAccountName';
# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group OTRS_Agents to use otrs)
$Self-{'AuthModule::LDAP::GroupDN'} =
'CN=Corp_Admin_MIS,OU=level2,OU=level1,DC=domain,DC=com';
$Self-{'AuthModule::LDAP::AccessAttr'} = 'member';
$Self-{'AuthModule::LDAP::UserAttr'} = 'DN';
# Bind credentials to log into AD
$Self-{'AuthModule::LDAP::SearchUserDN'} = 'CN=OTRS
Dev,OU=level2,OU=level1,DC=domain,DC=com';
$Self-{'AuthModule::LDAP::SearchUserPw'} = 'password';
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter = '(mail=*)' or AlwaysFilter =
'(objectclass=user)'
$Self-{'AuthModule::LDAP::AlwaysFilter'} = '';
# in case you want to add a suffix to each
Re: [otrs] Authentication succeeded, but no customer record is found in the customer backend. Please contact your administrator.
LDAP is a query against an external source, not a sync to the database.
Everything (customer or agent authentication or demographics) does NOT have
to exist in OTRS. That's why there is ability for external backends. What
you think should happen -- and isn't happening -- is intentional and
proper.
That's what the Map is for in CustomerUser. It tells OTRS what fields
your external back end uses for fields that OTRS uses.
On Tue, Mar 19, 2013 at 4:06 PM, Marty Hillman mhill...@equuscs.com wrote:
Come to think of it, if it does not add the customers to the database, the
feature is pretty worthless. Why validate against LDAP/AD at all for
customers if everything has to exist in the database? That would just be
adding useless complexity.
** **
*From:* otrs-boun...@otrs.org [mailto:otrs-boun...@otrs.org] *On Behalf
Of *Marty Hillman
*Sent:* Tuesday, March 19, 2013 3:00 PM
*To:* User questions and discussions about OTRS.
*Subject:* Re: [otrs] Authentication succeeded, but no customer record
is found in the customer backend. Please contact your administrator.
** **
My Config.pm appears to be configured correctly, but it does not work. I
have looked at the articles in your links along with dozens of others. All
of them have the exact same configuration as what I posted in my initial
email unless there is a character somewhere I am missing. I copied and
pasted the configurations changing my DN, CN, OU, DC in accordance with my
AD structure. It is obviously authenticating, so I am fairly certain I did
it right. The sAMAccountName and mail settings have been changed various
times to try to get it working. Until just before I posted my message,
they were both set to ‘mail’.
** **
One user wrote that the Customer::Auth page needed to be modified in
SysConfig. http://deckerix.com/blog/configura-tu-otrs-con-soporte-ldap/
I did this as well and verified the settings in ZZZauto.pm.
** **
From how I read your email (“OTRS will not populate your customer_user
database”), I am going to have to hand enter 500 user accounts for the
potential employees that can enter tickets or they will not be able to use
the system.If I understand you correctly, that is a project killer.***
*
** **
If the system can create the agent accounts based on settings in the
Config.pm file, why would it not be able to do so with customers?
** **
*From:* otrs-boun...@otrs.org [mailto:otrs-boun...@otrs.org] *On Behalf
Of *Leonardo Certuche
*Sent:* Tuesday, March 19, 2013 2:03 PM
*To:* User questions and discussions about OTRS.
*Subject:* Re: [otrs] Authentication succeeded, but no customer record
is found in the customer backend. Please contact your administrator.
** **
Hello Marty,
** **
OTRS will not populate your customer_user database once integrated with an
LDAP/AD. It will check if the user exists on 'CN=OTRS
Dev,OU=level2,OU=level1,DC=domain,DC=com' and then it will confirm the
password. If it matches, it will let the customer log in.
** **
What you are facing probably has to do with the fact that first you
associate CustomerID with one thing:
** **
CustomerID = 'sAMAccountName',
** **
And then you map it with another:
** **
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
** **
Have you tried the following entries?
** **
https://www.google.com.co/search?q=site%3Aforums.otterhub.org+%22Authentication+succeeded%22
Leonardo Certuche
www.itconsultores.com.co
Medellín, Colombia
** **
On 19 March 2013 13:41, Marty Hillman mhill...@equuscs.com wrote:
I have Googled and screwed around with Config.pm for hours. The
configuration is creating agents in the database appropriately, but it is
not creating users in the customer database. I am using this as in
internal system only, so there is no outside access. I want any user to be
able to use their AD credentials to log on. If there is not an account in
OTRS, it should create one for them.
Anyone have any thoughts on what I am overlooking? Here is my
/opt/otrs/Kernel/Config.pm. I copied and pasted from several Google
results and modified for my own information. It does validate the password
is correct for the customer, but does not add them to the database if they
don’t exist.
# #
#
http://wiki.otterhub.org/index.php?title=Using_OTRS_with_Active_Directory_as_a_source_for_agents#
# #
# This is an example configuration for using an MS AD backend
$Self-{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self-{'AuthModule::LDAP::Host'} = '172.16.10.21';
$Self-{'AuthModule::LDAP::BaseDN'} = 'dc=domain,dc=com';
$Self-{'AuthModule::LDAP::UID'} = 'sAMAccountName';
#
Re: [otrs] Authentication succeeded, but no customer record is found in the customer backend. Please contact your administrator.
http://forums.otterhub.org/viewtopic.php?f=60t=16543 Please indicate what your view of does not work means in terms that can be addressed. If does not work means it doesn't populate customer_user table, it is working. If does not work accompanies an error of some sort, please provide the error. Most commonly, the error is roughly: Customer Authentication succeeded but customer does not exist in database, which, admittedly, is confusing. If you've entered any information on how to obtain Customer demographics (CustomerUser) in SysConfig, it could possibly clobber your Config.pm settings. I will tell you that CustomerUser is missing Name = 'My Data Source' sscope should be SSCOPE the lower case Params should be with in another Params hash. http://doc.otrs.org/3.1/en/html/customer-user-backend.html#customer-backend-ldap On Tue, Mar 19, 2013 at 4:25 PM, Gerald Young cryth...@gmail.com wrote: LDAP is a query against an external source, not a sync to the database. Everything (customer or agent authentication or demographics) does NOT have to exist in OTRS. That's why there is ability for external backends. What you think should happen -- and isn't happening -- is intentional and proper. That's what the Map is for in CustomerUser. It tells OTRS what fields your external back end uses for fields that OTRS uses. On Tue, Mar 19, 2013 at 4:06 PM, Marty Hillman mhill...@equuscs.comwrote: Come to think of it, if it does not add the customers to the database, the feature is pretty worthless. Why validate against LDAP/AD at all for customers if everything has to exist in the database? That would just be adding useless complexity. ** ** *From:* otrs-boun...@otrs.org [mailto:otrs-boun...@otrs.org] *On Behalf Of *Marty Hillman *Sent:* Tuesday, March 19, 2013 3:00 PM *To:* User questions and discussions about OTRS. *Subject:* Re: [otrs] Authentication succeeded, but no customer record is found in the customer backend. Please contact your administrator. ** ** My Config.pm appears to be configured correctly, but it does not work. I have looked at the articles in your links along with dozens of others. All of them have the exact same configuration as what I posted in my initial email unless there is a character somewhere I am missing. I copied and pasted the configurations changing my DN, CN, OU, DC in accordance with my AD structure. It is obviously authenticating, so I am fairly certain I did it right. The sAMAccountName and mail settings have been changed various times to try to get it working. Until just before I posted my message, they were both set to ‘mail’. ** ** One user wrote that the Customer::Auth page needed to be modified in SysConfig. http://deckerix.com/blog/configura-tu-otrs-con-soporte-ldap/ I did this as well and verified the settings in ZZZauto.pm. ** ** From how I read your email (“OTRS will not populate your customer_user database”), I am going to have to hand enter 500 user accounts for the potential employees that can enter tickets or they will not be able to use the system.If I understand you correctly, that is a project killer.** ** ** ** If the system can create the agent accounts based on settings in the Config.pm file, why would it not be able to do so with customers? ** ** *From:* otrs-boun...@otrs.org [mailto:otrs-boun...@otrs.org] *On Behalf Of *Leonardo Certuche *Sent:* Tuesday, March 19, 2013 2:03 PM *To:* User questions and discussions about OTRS. *Subject:* Re: [otrs] Authentication succeeded, but no customer record is found in the customer backend. Please contact your administrator. ** ** Hello Marty, ** ** OTRS will not populate your customer_user database once integrated with an LDAP/AD. It will check if the user exists on 'CN=OTRS Dev,OU=level2,OU=level1,DC=domain,DC=com' and then it will confirm the password. If it matches, it will let the customer log in. ** ** What you are facing probably has to do with the fact that first you associate CustomerID with one thing: ** ** CustomerID = 'sAMAccountName', ** ** And then you map it with another: ** ** [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ], ** ** Have you tried the following entries? ** ** https://www.google.com.co/search?q=site%3Aforums.otterhub.org+%22Authentication+succeeded%22 Leonardo Certuche www.itconsultores.com.co Medellín, Colombia ** ** On 19 March 2013 13:41, Marty Hillman mhill...@equuscs.com wrote: I have Googled and screwed around with Config.pm for hours. The configuration is creating agents in the database appropriately, but it is not creating users in the customer database. I am using this as in internal system only, so there is no outside access. I want any user to be able to use their AD credentials to log on. If there is not an account in OTRS, it should create one for them.
Re: [otrs] Authentication succeeded, but no customer record is found in the customer backend. Please contact your administrator.
Authentication and authorization are two different things (one is can you access this system, the other is what are you allowed to do). I agree that on first authentication, OTRS should create a stub record in the database for the authorized entity, but I actually think the no privileges until explicitly assigned is a good thing in that you don't accidentally disclose things that that customer has no business seeing. I think the compromise approach would be to use the authorization exit to check whether the customer is in the database and then add a default entry from a site-assigned template (queue access, permissions, etc). From: otrs-boun...@otrs.org [mailto:otrs-boun...@otrs.org] On Behalf Of Marty Hillman Sent: Tuesday, March 19, 2013 4:06 PM To: User questions and discussions about OTRS. Subject: Re: [otrs] Authentication succeeded, but no customer record is found in the customer backend. Please contact your administrator. Come to think of it, if it does not add the customers to the database, the feature is pretty worthless. Why validate against LDAP/AD at all for customers if everything has to exist in the database? That would just be adding useless complexity. - OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
