[SOLVED] LDAP: No userData for user

[aph]

Hi all,

I'm facing the same problem. Adding the line as suggested in the previous post does not solve my problem.

Code: Select all

$Self->{'AuthModule::UseSyncBackend'} = 'AuthSyncBackend';

Here is my config.pm

Config.pm.txt

Thanks a lot for your help.

mod note: References this post.

[aph]

As a matter of fact adding the line gives 'script failed to send data' error

Code: Select all

    $Self->{'AuthModule::UseSyncBackend'} = 'AuthSyncBackend';

[aph]

The script failed to send data error does not occur anymore. I changed:

Code: Select all

$Self->{'AuthModule::UseSyncBackend'} = 'AuthSyncBackend';

to:

Code: Select all

$Self->{'AuthModule::UseSyncBackend'} = 'AuthSyncBackend1';

But still there is the error

Panic, user authenticated but no user data can be found in OTRS DB!! Perhaps the user is invalid.

When I log in with root@localhost. I get

Code: Select all

[Tue Jul  8 13:47:13 2014][Notice][Kernel::System::Auth::DB::Auth] User: root@localhost authentication ok (Method: sha256, REMOTE_ADDR: ::1).
[Tue Jul  8 13:47:13 2014][Notice][Kernel::System::Auth::Sync::LDAP::Sync] User: root@localhost sync failed, no LDAP entry found!BaseDN='dc=xxxx,dc=local', Filter='(userPrincipalName=root@localhost)', (REMOTE_ADDR: ::1)

From the message it seems the sync does take place but does not succeed, which is understandable because root is not in AD (authentication is successful against the OTRS database which is the first authentication instance).

When I log in with a user which is in AD as well as in OTRS databse I get:

Code: Select all

[Tue Jul  8 13:51:56 2014][Notice][Kernel::System::Auth::DB::Auth] User: otrs.search@xxxx.local authentication with wrong Pw!!! (Method: sha256, REMOTE_ADDR: ::1)
[Tue Jul  8 13:51:56 2014][Notice][Kernel::System::Auth::LDAP::Auth] User: otrs.search@xxxx.local (CN=otrs search,CN=Users,DC=xxxx,DC=local) authentication ok (REMOTE_ADDR: ::1).

Here the user is first authenticated against the OTRS DB and login fails, but when authenticated against the AD the authentication is successful.

However, when I log in with a user which is only in AD but not in OTRS DB I get

Code: Select all

[Tue Jul  8 13:55:17 2014][Notice][Kernel::System::Auth::DB::Auth] User: xxxx.xxxx@xxxx.local doesn't exist or is invalid!!! (REMOTE_ADDR: ::1)
[Tue Jul  8 13:55:17 2014][Notice][Kernel::System::Auth::LDAP::Auth] User: xxxx.xxxx@xxxx.local (CN=xxxx xxxx,CN=Users,DC=xxxx,DC=local) authentication ok (REMOTE_ADDR: ::1).
[Tue Jul  8 13:55:17 2014][Error][Kernel::System::User::UserLookup][834] No UserID found for 'xxxx.xxxx@xxxx.local'!
[Tue Jul  8 13:55:17 2014][Error][Kernel::System::User::UserLookup][834] No UserID found for 'xxxx.xxxx@xxxx.local'!
[Tue Jul  8 13:55:17 2014][Error][Kernel::System::User::UserLookup][834] No UserID found for 'xxxx.xxxx@xxxx.local'!
[Tue Jul  8 13:55:17 2014][Notice][Kernel::System::User::GetUserData] Panic! No UserData for user: 'xxxx.xxxx@xxxx.local'!!!

Here the user can be authenticated against the AD, but no sync takes place.

As far as I can see from the following section, users can be created after log in and there is no need to manually add users into OTRS Database before they can authenticate against the AD

Code: Select all

# AuthSyncModule::LDAP::UserSyncMap
    # (map if agent should create/synced from LDAP to DB after successful login)
    # you may specify LDAP-Fields as either
    #  * list, which will check each field. first existing will be picked ( ["givenName","cn","_empty"] )
    #  * name of an LDAP-Field (may return empty strings) ("givenName")
    #  * fixed strings, prefixed with an underscore: "_test", which will always return this fixed string
    $Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
        #DB -> 'LDAP',
        UserFirstname => 'givenName',
        UserLastname  => 'sn',
        UserEmail     => 'mail',
   };

The values for 'givenName', 'sn' and 'mail' are filled in AD. CheckMXRecord is set to 0 as the email address is not a valid one.

I have attached my latest config.pm

Config.pm.txt

What could be the reason that a sync either doesn't take place at all or is unsuccessful?

Your help is appreciated. Thanks!

[crythias]

The script failed to send data error does not occur anymore. I changed:
$Self->{'AuthModule::UseSyncBackend'} = 'AuthSyncBackend';
to:
$Self->{'AuthModule::UseSyncBackend'} = 'AuthSyncBackend1';

uploaded Config.pm:
$Self->{'AuthModule::UseSyncBackend'} = 'AuthSyncBackend';

All available backends are going to be parsed for authentication, so they'll fail unless/until they pass.

User: xxxx.xxxx@xxxx.local doesn't exist or is invalid!!! (REMOTE_ADDR: ::1)
note that it's also looking like it's trying IPv6 so you might either try IP address or add

Code: Select all

inet4 => 1,

into params (currently commented)

[aph]

Sorry about the incorrect config.pm! Uploading the correct one.

Config.pm.txt

If I change otrsserver.xxxx.local to the IP address and add inet4 => 1, to params I get the following error

Login failed! Your user name or password was entered incorrectly.

The corresponding log entry is

Code: Select all

[Tue Jul  8 15:58:21 2014][Error][Kernel::System::Auth::LDAP::Auth][182] First bind failed! Bad file descriptor

Thus, neither the user which is only in AD nor the user which is in both AD as well as OTRS DB are able to log in.

If I use otrsserver.xxxx.local instead of ip and add inet4 => 1, to params the user which is in both AD as well as OTRS DB is able to log in but not the user which is only in AD. I get the following error

Code: Select all

[Tue Jul  8 16:07:43 2014][Notice][Kernel::System::Auth::DB::Auth] User: xxxx.xxxx@xxxx.local doesn't exist or is invalid!!! (REMOTE_ADDR: ::1)
[Tue Jul  8 16:07:43 2014][Notice][Kernel::System::Auth::LDAP::Auth] User: xxxx.xxxx@xxxx.local (CN=xxxx xxxx,CN=Users,DC=xxxx,DC=local) authentication ok (REMOTE_ADDR: ::1).
[Tue Jul  8 16:07:43 2014][Error][Kernel::System::User::UserLookup][834] No UserID found for 'xxxx.xxxx@xxxx.local'!
[Tue Jul  8 16:07:43 2014][Error][Kernel::System::User::UserLookup][834] No UserID found for 'xxxx.xxxx@xxxx.local'!
[Tue Jul  8 16:07:43 2014][Error][Kernel::System::User::UserLookup][834] No UserID found for 'xxxx.xxxx@xxxx.local'!
[Tue Jul  8 16:07:43 2014][Notice][Kernel::System::User::GetUserData] Panic! No UserData for user: 'xxxx.xxxx@xxxx.local'!!!

The search user is a standard user in AD.

[crythias]

[Tue Jul 8 16:07:43 2014][Error][Kernel::System::User::UserLookup][834] No UserID found for 'xxxx.xxxx@xxxx.local'!
[Tue Jul 8 16:07:43 2014][Error][Kernel::System::User::UserLookup][834] No UserID found for 'xxxx.xxxx@xxxx.local'!
[Tue Jul 8 16:07:43 2014][Error][Kernel::System::User::UserLookup][834] No UserID found for 'xxxx.xxxx@xxxx.local'!
[Tue Jul 8 16:07:43 2014][Notice][Kernel::System::User::GetUserData] Panic! No UserData for user: 'xxxx.xxxx@xxxx.local'!!!

Code: Select all

#    $Self->{'AuthSyncModule::LDAP::AlwaysFilter'} = '';

    # AuthSyncModule::LDAP::UserSyncMap
    # (map if agent should create/synced from LDAP to DB after successful login)
    # you may specify LDAP-Fields as either
    #  * list, which will check each field. first existing will be picked ( ["givenName","cn","_empty"] )
    #  * name of an LDAP-Field (may return empty strings) ("givenName")
    #  * fixed strings, prefixed with an underscore: "_test", which will always return this fixed string
    $Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
        #DB -> 'LDAP',
        UserFirstname => 'givenName',
        UserLastname  => 'sn',
        UserEmail     => 'mail',
   };
   # defines AuthSyncBackend (AuthSyncModule) for AuthModule
    # if this key exists and is empty, there won't be a sync.
    # example values: AuthSyncBackend, AuthSyncBackend2
    $Self->{'AuthModule::UseSyncBackend'} = 'AuthSyncBackend1';

    # In case you need to use OTRS in iso-charset, you can define this
    # by using this option (converts utf-8 data from LDAP to iso).
#    $Self->{'AuthSyncModule::LDAP::Charset'} = 'iso-8859-1';

    # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
    $Self->{'AuthSyncModule::LDAP::Params'} = {
       # port    => 389,
       # timeout => 120,
       # async   => 0,
      #  version => 3,
		inet4 => 1,
    };

This doesn't have 1 appended to keys.

[aph]

You mean 1 appended to the following keys?

Code: Select all

UserFirstname
UserLastname
UserEmail

I tried that, but errors continue. With IP address I get

Code: Select all

[Tue Jul  8 17:44:36 2014][Notice][Kernel::System::Auth::DB::Auth] User: xxxx.xxxx@xxxx.local doesn't exist or is invalid!!! (REMOTE_ADDR: ::1)
[Tue Jul  8 17:44:36 2014][Error][Kernel::System::Auth::LDAP::Auth][182] First bind failed! Bad file descriptor
[Tue Jul  8 17:44:36 2014][Error][Kernel::System::User::UserLookup][834] No UserID found for 'xxxx.xxxx@xxxx.local'!

with server name otrsserver.xxxx.local I get

Code: Select all

[Tue Jul  8 17:52:31 2014][Notice][Kernel::System::Auth::DB::Auth] User: xxxx.xxxx@xxxx.local doesn't exist or is invalid!!! (REMOTE_ADDR: ::1)
[Tue Jul  8 17:52:32 2014][Error][Kernel::System::Auth::LDAP::Auth][167] Can't connect to otrsserver.xxxx.local: IO::Socket::INET6: connect: 10061
[Tue Jul  8 17:52:32 2014][Error][Kernel::System::User::UserLookup][834] No UserID found for 'xxxx.xxxx@aphajco.local'!

I have disabled IP6 in Ethernet properties.

Thank you

[crythias]

$Self->{'AuthSyncModule::LDAP::UserSyncMap'}
should be
$Self->{'AuthSyncModule::LDAP::UserSyncMap1'}

etc...

[aph]

It worked! Yay!

Thanks a lot for your patience crythias!