I have again a problem and already found some threads on this matter - but I never realy saw what exactly was the solution... So I hope you can help me here once again...
Code: Select all
$Self->{CustomerUser} = {
Name => 'SCD',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
# ldap host
Host => 'server.net',
# ldap base dn
BaseDN => 'c=DE',
# search scope (one|sub)
SSCOPE => 'sub',
# The following is valid but would only be necessary if the
# anonymous user does NOT have permission to read from the LDAP tree
UserDN => '',
UserPw => '',
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
AlwaysFilter => '',
# if your frontend is e. g. iso-8859-1 and the charset of your
# ldap server is utf-8, use these options.
# SourceCharset => 'utf-8',
# DestCharset => 'iso-8859-1',
# if both your frontend and your LDAP are unicode, use this:
# SourceCharset => 'utf-8',
# DestCharset => 'utf-8',
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
Params => {
port => 389,
timeout => 120,
async => 0,
version => 3,
},
},
# customer unique id
CustomerKey => 'scdId',
# customer #
CustomerID => 'tcgid',
CustomerUserListFields => ['cn', 'ou', 'department', 'mail'],
CustomerUserSearchFields => ['cn', 'mail', 'phoneNumbers'],
CustomerUserSearchPrefix => '*',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 10,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
# show not own tickets in customer panel, CompanyTickets
CustomerUserExcludePrimaryCustomerID => 0,
# add an ldap filter for valid users (expert setting)
# CustomerUserValidFilter => '(!(description=locked))',
# administrator can't change customer preferences
AdminSetPreferences => 0,
# # cache time to live in sec. - cache any database queries
CacheTTL => 0,
ReadOnly => 1,
Map => [
# note: Login, Email and CustomerID are mandatory!
# var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly
[ 'UserTitle', 'Title', 'gender', 1, 0, 'var', '', 0 ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var', '', 0 ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var', '', 0 ],
[ 'UserLogin', 'Username', 'tcgid', 1, 1, 'var', '', 0 ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var', 'mailto:$Data{"UserEmail"}', 0 ],
[ 'UserCustomerID', 'CustomerID', 'tcgid', 1, 1, 'var', '', 0 ],
# [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1, 0, 'var', '', 0 ],
[ 'UserPhone', 'Phone', 'telephoneNumber', 1, 0, 'var', '', 0 ],
[ 'UserFax', 'Fax', 'faxNumber', 1, 0, 'var', '', 0 ],
[ 'UserMobile', 'Mobile', 'mobile', 1, 0, 'var', '', 0 ],
[ 'UserAddress', 'Address', 'l', 1, 0, 'var', '', 0 ],
[ 'UserBuilding', 'Building', 'building', 1, 0, 'var', '', 0 ],
[ 'UserRoom', 'Room', 'roomNumber', 1, 0, 'var', '', 0 ],
# [ 'UserComment', 'Comment', 'description', 1, 0, 'var', '', 0 ],
],
# default selections
Selections => {
UserTitle => {
'M' => 'Herr',
'F' => 'Frau',
},
},
};
# ---------------------------------------------------- #
# Customer LDAP Authentication #
#------------------------------------------------------#
# This is an example configuration for an LDAP auth. backend.
# (take care that Net::LDAP is installed!)
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'domain.server.net';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'DC=WW002,DC=COMPANY,DC=NET';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group xyz to use otrs)
#$Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'cn=otrsAgent,cn=Users,dc=domain,dc=com';
#$Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
# The following is valid but would only be necessary if the
# anonymous user do NOT have permission to read from the LDAP tree
# Absolutely needed for active directory
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'ww002\user; # Needs to be fully qualified active directory domain name (user at domain.com)
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'password';
But when I try to login via the customer-interface, things are not working so smooth anymore...
While on the login-page I'm told "Authentication succeeded, but no customer record is found in the customer backend. Please contact your administrator.", otrslog shows the following:
Code: Select all
[Tue Jan 18 14:06:09 2011][Notice][Kernel::System::CustomerAuth::LDAP::Auth] CustomerUser: z12345abc (CN=xxx,OU=xxx,OU=xxx,OU=xxx,OU=DE,DC=ww002,DC=xxx,DC=net) authentication ok (REMOTE_ADDR: 127.0.0.1).
[Tue Jan 18 14:06:09 2011][Error][Kernel::System::CustomerUser::SetPreferences][493] No such user 'z12345abc'!
I think, this could be one possible source of the problem, but I'm not realy shure... Another thing could be that the usernames from the created tickets is in uppercase, from the authentification in lowercase... But I'm not shure here either...
Perhaps someone can give me a clue, what I'm missing...
Thanks a lot,
Martin