Customer can't connect to OTRS

[EvaggelosK]

Hello all,

nice to be a member of your community and I hope someone has some helpful information’s to solve my problem.
I'm a beginner so don't be so hard on me.

We have Znuny OTRS ticket system (6.0.43) where it is connected to the active directory.
In the customer user list, we have 106 customer users. Most of them does not have any problems to connect to the ticket system. On some of the customer user there is no CustomerID assigned to them (field is empty) so they can't connect to the OTRS ticket system. The error is:

ERROR: OTRS-CGI-53 Perl: 5.16.3 OS: linux Time: Mon Sep 4 08:51:11 2023

Message: Need CustomerID!

RemoteAddress: 172.32.12.48
RequestURI: /otrs/customer.pl?Action=CustomerTicketOverview;Subaction=MyTickets

Traceback (16215):
Module: Kernel::Output::HTML::Layout::CustomerError Line: 4739
Module: Kernel::Modules::CustomerTicketOverview::Run Line: 56
Module: Kernel::System::Web::InterfaceCustomer::Run Line: 1320
Module: ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_customer_2epl::handler Line: 39
Module: (eval) (v1.99) Line: 207
Module: ModPerl::RegistryCooker::run (v1.99) Line: 207
Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 173
Module: ModPerl::Registry::handler (v1.99) Line: 32



Our Config.pm is as following:

# Customer authentication #
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = '172.32.32.32';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=comp,dc=local';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'mail';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'CN=SearchUser,OU=ServiceAccounts,DC=comp,DC=local';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'password';

#Check if user is a member of Group GRP_otrs_customer
$Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'CN=GRP_otrs_customer,OU=OTRSGruppen,OU=Gruppen,OU=DSA,DC=comp,DC=local';
$Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
...

ReadOnly => 1,
# customer unique id
CustomerKey => 'mail',
# customer #
CustomerID => 'mail',
CustomerUserListFields => ['cn', 'mail'],
CustomerUserSearchFields => ['cn', 'givenname', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
# show not own tickets in customer panel, CompanyTickets
CustomerUserExcludePrimaryCustomerID => 0,
# add an ldap filter for valid users (expert setting)
CustomerUserValidFilter => '(&(objectClass=user)(memberOf=CN=GRP_otrs_customer,OU=OTRSGruppen,OU=Gruppen,OU=COMP,DC=comp,DC=local))',
# administrator can't change customer preferences
AdminSetPreferences => 0,
# cache time to live in sec. - cache any database queries
CacheTTL => 120,
Map => [
# note: Login, Email and CustomerID are mandatory!
# if you need additional attributes from AD, just map them here.
# var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly
# [ 'UserSalutation', 'Title', 'title', 1, 0, 'var', '', 0 ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var', '', 0 ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var', '', 0 ],
[ 'UserLogin', 'Username', 'mail', 1, 1, 'var', '', 0 ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var', '', 0 ],
[ 'UserCustomerID', 'CustomerID', 'OTRSCustomerID', 0, 1, 'var', '', 0 ],
# [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1, 0, 'var', '', 0 ],
[ 'UserPhone', 'Phone', 'telephoneNumber', 1, 0, 'var', '', 0 ],
# [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var', '', 0 ],
# [ 'UserComment', 'Comment', 'description', 1, 0, 'var', '', 0 ],
[ 'UserMobile', 'Mobile', 'mobile', 1, 0, 'var', '', 0 ],
[ 'UserRoom', 'Room', 'physicalDeliveryOfficeName', 1, 0, 'var', '', 0 ],
],

The 'CustomerID' is mapped to the AD attribute 'OTRSCustomerID' (the schema of the attributes list is extended in AD)
[ 'UserCustomerID', 'CustomerID', 'OTRSCustomerID', 0, 1, 'var', '', 0 ],
The customer have also the group 'GRP_otrs_customer' in the memberOf assigned.

I also noticed the following:
- All customer user which can't connect to OTRS does not have filled the firstname, lastname and CustomerID in the dialog.
- Some of the customer which have the problem are listed in the table customer_user_customer.

Does someone had the same issue or knows what is the problem?

[skullz]

1. Why not just use mail as customer id?

2. And from the config, not sure this correct or not.

One point to mail, another point to OTRSCustomerID

Code: Select all

CustomerID => 'mail',

[ 'UserCustomerID', 'CustomerID', 'OTRSCustomerID', 0, 1, 'var', '', 0 ],

[alexus]

Hello,

You need change

Code: Select all

CustomerID => 'mail',

to proper AD attribute at least

[EvaggelosK]

Thank you for the replies.

@skullz, alexus: To what value should I replace it, to 'OTRSCustomerID'?

The mapping of "[ 'UserCustomerID', 'CustomerID', 'OTRSCustomerID', 0, 1, 'var', '', 0 ],"
was created befor I was involved into this project and this I am not allowed to changed.
The value in the attribute of the AD is the 'customer_id' of the table 'customer_company'.

But why over 100 customer user does not have problem with the mapping "CustomerID => 'mail',", but a few one have?

[skullz]

But why over 100 customer user does not have problem with the mapping "CustomerID => 'mail',", but a few one have?

1. I would check the mail field in the AD for these user..is it empty?

2. Then, perhaps

Code: Select all

- CustomerID => 'mail',
+ CustomerID => 'OTRSCustomerID',

[EvaggelosK]

Hi,
hope you had a nice weekend.

@skullz:
1. I would check the mail field in the AD for these user..is it empty?
Yes, all fields are filled with a correct email.

- CustomerID => 'mail',
+ CustomerID => 'OTRSCustomerID',
You mean here to remove the first one and add the second one, correct?

Is it enough to call the SysConfig dialog in OTRS to reload the changes in Config.pm or should I call some command lines to force reloading?

Sorry, if I am asking stupid questions, but I am a newbe.

[EvaggelosK]

Are there any news for me how to resolve the problem?
Do you need any other information's which I can post here?

Maybe I can give you some more details.
We currently have two OTRS systems running, one is OTRS version 5.0.18 (our old) and the other is Znuny LTS version 6.0.43 (our new).
Both Config.pm are identically except that in the new one there is a "return 1;" at the end of the sub Load.
The old one does not have any problems to synchronise the customeruser with the active directory. The new one has sporadically problems with some customeruser.

Are there any settings in the SysConfig which must be set?
How can I force the synchronisation with the AD again?

[EvaggelosK]

Hi,

yesterday I could finally change the setting
from CustomerID => 'mail',
to CustomerID => 'OTRSCustomerID'

I also cleared the cache with "bin/otrs.Console.pl Maint::Cache::Delete"

The result is the same. This customeruser who does not had the CustomerID in the data still remain without it. OTRS seems to not to reload data from AD or still continiue with the wrong data.

Also as I mentioned some of the customeruser which have the problem are listed in the table customer_user_customer.

Can I force anything that OTRS reloads or actualizes the data from AD?

[jojo]

Data in the Database Table does not come from the AD and is only local. So you may delete the table content.

[EvaggelosK]

I deleted the content in the table customer_user_customer but behaviour still the same.
Missing data are not filled in the customer users dialog.
I'm a bit at loss what to do.

[EvaggelosK]

Hi community.

My problem with the customer user still exists and I could not find anything to resolve it. In the meantime I tried to find a reason why this happens, but without success. Deleting customer user in active directory and add them again does not solve the problem.

Does someone has a good idea what can I check?

[skullz]

try to filter it

Code: Select all

$Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = 'OTRSCustomerID';
..............
..............
$Self->{CustomerUser} = {
   AlwaysFilter => 'OTRSCustomerID',
..............
}

**only customer user data that has 'OTRSCustomerID' can be auth and sync

[root]

@Skullz, this is not a valid LDAP filter

- Roy