Customer LDAP - Can login and create tickets but not in list

Moderator: crythias

Locked
halcycon
Znuny newbie
Posts: 2
Joined: 19 Jun 2014, 16:41
Znuny Version: 3.3.4
Real Name: Adam Camp
Company: Comms Network Ltd

Customer LDAP - Can login and create tickets but not in list

Post by halcycon »

Hi All,

Hoping someone can help - I've set up OTRS with LDAP authentication (Active Directory) for both agents and customers. Agents and agent roles are working perfectly. Customers are able to login to the frontend, and can create tickets. However, when I search for customers in the agent interface, I get "No data found."

Here is my Config.pm - please note that as the user accounts are for external customers, we are using the customer e-mail address to login with, rather than sAMAccountName. The users' sAMAccountName is quite a complex username that the customers will never remember! However for troubleshooting purposes I have tried using that instead of 'mail'. I'm hoping I've overlooked something obvious here...
(I have obviously obfuscated some details, and have tried with all the map fields present, including the ones I've commented, to no avail)

We use a unique identifier for each customer company, which is stored in the 'Office' attribute.

Code: Select all

# --
# Kernel/Config.pm - Config file for OTRS kernel
# Copyright (C) 2001-2013 xxx, http://otrs.org/
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (AGPL). If you
# did not receive this file, see http://www.gnu.org/licenses/agpl.txt.
# --
#  Note:
#
#  -->> Most OTRS configuration should be done via the OTRS web interface
#       and the SysConfig. Only for some configuration, such as database
#       credentials and customer data source changes, you should edit this
#       file. For changes do customer data sources you can copy the definitions
#       from Kernel/Config/Defaults.pm and paste them in this file.
#       Config.pm will not be overwritten when updating OTRS.
# --

package Kernel::Config;

use strict;
use warnings;
use utf8;

sub Load {
    my $Self = shift;

    # ---------------------------------------------------- #
    # database settings                                    #
    # ---------------------------------------------------- #

    # The database host
    $Self->{'DatabaseHost'} = '127.0.0.1';
$Self->{Debug} = 1000;
    # The database name
    $Self->{'Database'} = "otrs";

    # The database user
    $Self->{'DatabaseUser'} = "otrs";

    # The password of database user. You also can use bin/otrs.CryptPassword.pl
    # for crypted passwords
    $Self->{'DatabasePw'} = 'f6xmQB9JDPu35kR9';

    # The database DSN for MySQL ==> more: "perldoc DBD::mysql"
    $Self->{'DatabaseDSN'} = "DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost}";

    # The database DSN for PostgreSQL ==> more: "perldoc DBD::Pg"
    # if you want to use a local socket connection
#    $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};";
    # if you want to use a TCP/IP connection
#    $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};host=$Self->{DatabaseHost};";
    # if you have PostgresSQL 8.1 or earlier, activate the legacy driver with this line:
#    $Self->{DatabasePostgresqlBefore82} = 1;

    # The database DSN for Microsoft SQL Server - only supported if OTRS is
    # installed on Windows as well
#    $Self->{DatabaseDSN} = "DBI:ODBC:driver={SQL Server};Database=$Self->{Database};Server=$Self->{DatabaseHost},1433";

    # The database DSN for Oracle ==> more: "perldoc DBD::oracle"
#    $ENV{ORACLE_HOME} = '/u01/app/oracle/product/10.2.0/client_1';
#    $ENV{NLS_DATE_FORMAT} = 'YYYY-MM-DD HH24:MI:SS';
#    $ENV{NLS_LANG} = "american_america.utf8";

#    $Self->{DatabaseDSN} = "DBI:Oracle:sid=OTRS;host=$Self->{DatabaseHost};port=1522;";

    # ---------------------------------------------------- #
    # fs root directory
    # ---------------------------------------------------- #
    $Self->{Home} = '/opt/otrs';

    # ---------------------------------------------------- #
    # insert your own config settings "here"               #
    # config settings taken from Kernel/Config/Defaults.pm #
    # ---------------------------------------------------- #
    # $Self->{SessionUseCookie} = 0;
    # $Self->{CheckMXRecord} = 0;

    # ---------------------------------------------------- #

    # ---------------------------------------------------- #
    # LDAP Integration for our_domain.local                   #
    # ---------------------------------------------------- #

    # Enable LDAP lookups for Agent logins. User must be a member of OTRS Agents group.
    $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
    $Self->{'AuthModule::LDAP::Host'} = 'x.x.x.x';
    $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=our_domain,dc=local';
    $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
    $Self->{'AuthModule::LDAP::SearchUserDN'} = 'cn=otrs,cn=Users,dc=our_domain,dc=local';
    $Self->{'AuthModule::LDAP::SearchUserPw'} = 'some-password';
    $Self->{'AuthModule::LDAP::AlwaysFilter'} = '(objectclass=user)';
    $Self->{'AuthModule::LDAP::GroupDN'} = 'cn=OTRS Agents,ou=Groups,dc=our_domain,dc=local';
    $Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
    $Self->{'AuthModule::LDAP::UserAttr'} = 'DN';



# Enable LDAP lookups of Agent account informations and default roles.
    $Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
    $Self->{'AuthSyncModule::LDAP::Host'} = 'x.x.x.x';
    $Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=our_domain,dc=local';
    $Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
    $Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'cn=otrs,cn=Users,dc=our_domain,dc=local';
    $Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'some-password';
    $Self->{'AuthSyncModule::LDAP::AlwaysFilter'} = '(objectclass=user)';
    $Self->{'AuthSyncModule::LDAP::GroupDN'} = 'cn=OTRS Agents,ou=Groups,dc=our_domain,dc=local';
    $Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'member';
    $Self->{'AuthSyncModule::LDAP::UserAttr'} = 'DN';
    $Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
        UserFirstname => 'givenName',
        UserLastname  => 'sn',
        UserEmail     => 'mail',
    };
    $Self->{'AuthSyncModule::LDAP::UserSyncRolesDefinition'} = {
        'cn=OTRS Agents,ou=Groups,dc=our_domain,dc=local' => {
            'Company Agents' => 1,
        },
        'cn=Domain Admins,cn=Users,dc=our_domain,dc=local' => {
            'Tech Support Agents' => 2,
        }
    };

    # Enable LDAP lookups for Customer logins.
    $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
    $Self->{'Customer::AuthModule::LDAP::Host'} = 'x.x.x.x';
    $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=our_domain,dc=local';
    $Self->{'Customer::AuthModule::LDAP::UID'} = 'mail';
    $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=otrs,cn=Users,dc=our_domain,dc=local';
    $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'some-password';
    $Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '(objectclass=user)';
#    $Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'ou=Customers,ou=People,dc=our_domain,dc=local';
    $Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'cn=OTRS Customers,ou=Groups,dc=our_domain,dc=local';
    $Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
    $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN';

    # Enable LDAP lookups for Customer account information.
    $Self->{CustomerUser} = {
      Name => 'Active Directory',
      Module => 'Kernel::System::CustomerUser::LDAP',
      Params => {
        Host => 'x.x.x.x',
        BaseDN => 'dc=our_domain,dc=local',
        SSCOPE => 'sub',
        UserDN => 'cn=otrs,cn=Users,dc=our_domain,dc=local',
        UserPw => 'some-password',
        AlwaysFilter => '(objectclass=user)',
#        GroupDN => 'ou=Customers,ou=People,dc=our_domain,dc=local',
        GroupDN => 'cn=OTRS Customers,cn=Groups,dc=our_domain,dc=local',
        AccessAttr => 'member',
        UserAttr => 'DN',
      },
      CustomerKey => 'mail',
      CustomerID => 'office',
      CustomerUserListSearchLimit => '1000',
      CustomerUserListFields => ['mail', 'cn', 'company', 'office'],
      CustomerUserSearchFields => ['mail', 'cn', 'office'],
      CustomerUserSearchPrefix => '',
      CustomerUserSearchSuffix => '*',
      CustomerUserPostMasterSearchFields => ['mail'],
      CustomerUserNameFields => ['givenname', 'sn'],
#      CustomerUserValidFilter => '(company=*)',
      Map => [
#        [ 'UserTitle', 'Title', 'title', 1, 0, 'var' ],
        [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
        [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
        [ 'UserLogin', 'Login', 'mail', 1, 1, 'var' ],
        [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
        [ 'UserCustomerID', 'CustomerID', 'office', 0, 1, 'var' ],
#        [ 'UserCustomerIDs', 'CustomerIDs', '', 1, 0, 'var' ],
#        [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
#        [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
#        [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
      ],
    };

    # ---------------------------------------------------- #
    # data inserted by installer                           #
    # ---------------------------------------------------- #
    # $DIBI$

    # ---------------------------------------------------- #
    # ---------------------------------------------------- #
    #                                                      #
    # end of your own config options!!!                    #
    #                                                      #
    # ---------------------------------------------------- #
    # ---------------------------------------------------- #
}

# ---------------------------------------------------- #
# needed system stuff (don't edit this)                #
# ---------------------------------------------------- #

use base qw(Kernel::Config::Defaults);

# -----------------------------------------------------#

1;
Top
crythias
Moderator
Posts: 10170
Joined: 04 May 2010, 18:38
Znuny Version: 5.0.x
Location: SouthWest Florida, USA
Contact:
Contact crythias

Re: Customer LDAP - Can login and create tickets but not in

Post by crythias »

Please ask a question. "How do I fix this?" Is not a valid question.
OTRS 6.0.x (private/testing/public) on Linux with MySQL database.
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
Top
halcycon
Znuny newbie
Posts: 2
Joined: 19 Jun 2014, 16:41
Znuny Version: 3.3.4
Real Name: Adam Camp
Company: Comms Network Ltd

Re: Customer LDAP - Can login and create tickets but not in

Post by halcycon »

I do apologise -

Am I missing something obvious that would make the search return "no data found"?

I have looked in the logs and see no obvious errors. Where specifically do I "turn up" the debug level in order to see any errors related to a customer search against LDAP backend?

Many thanks for any help, it is gratefully received.
Top
crythias
Moderator
Posts: 10170
Joined: 04 May 2010, 18:38
Znuny Version: 5.0.x
Location: SouthWest Florida, USA
Contact:
Contact crythias

Re: Customer LDAP - Can login and create tickets but not in

Post by crythias »

> CustomerUserSearchFields => ['mail', 'cn', 'office'],
Search results come from within these fields.
OTRS 6.0.x (private/testing/public) on Linux with MySQL database.
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
Top
Locked

Return to “Help”