LDAP Agent Auth: Have to login twice to see tickets/queues/stats (Solved)

[murdo]

Hi,

I've just upgraded from version 4 to 5 and everything seems to work ok but we are seeing strange behaviour when logging in as agents.

We authenticate against our AD and have AD groups mapped to OTRS group to control r/w access to queues, but the 1st time we login we are presented with an empty dashboard with no visible tickets or 7 day stats.

2nd time we log OTRS works correctly and wee see the queues we should, the tickets and the 7 day stats.

I've enabled logging and checking otrs.log I see that each time I authenticate I appear to be correctly assigned the correct groups but my group membership doesn't seem to match empty dashboard.

I've tried all the usual stuff like clearing cache, sessions etc, there are no errors in the apache errror logs so was wondering if anyone can help shed some light on this

--
Many thanks
Murdo

[murdo]

I'm having same problem as this post by alexrbebs in the german forum
viewtopic.php?f=35&t=30617

Or following for google english translation
https://translate.google.com/translate? ... 6t%3D30617

Same issues LDAP -> Group sync appears to be working and logs show it but have to log in twice for permissions to work and queues to be visible

Am going to try last advice and do a clean install of 5 in a test system

[Mondra]

Hi,

I found something in the code that I changed and is working now for me, I'm still testing this to see if works fine, but if you want to try here it is:

The file I modified is /opt/otrs/Kernel/System/Auth/Sync/LDAP.pm

Code: Select all

    # compare group permissions from ldap with current user group permissions
    my %GroupPermissionsChanged;
    if (%GroupPermissionsFromLDAP) {
        PERMISSIONTYPE:
        for my $PermissionType ( @{ $ConfigObject->Get('System::Permission') } ) {

            # get current permission for type
            my %GroupPermissions = $GroupObject->PermissionUserGroupGet(
                UserID => $UserID,
                Type   => $PermissionType,
            );

            GROUPID:
            for my $GroupID ( sort keys %SystemGroups ) {

#                my $OldPermission = $GroupPermissions{$GroupID};
                my $NewPermission = $GroupPermissionsFromLDAP{$GroupID}->{$PermissionType};

                # if old and new permission for group/type match, do nothing
#                if (
#                    ( $OldPermission && $NewPermission )
#                    ||
#                    ( !$OldPermission && !$NewPermission )
#                    )
#                {
#                    next GROUPID;
#                }

                # permission for group/type differs - remember
                $GroupPermissionsChanged{$GroupID}->{$PermissionType} = $NewPermission;
            }
        }
    }

I just commented the above lines, and get the same behavior I had in OTRS 4.

Also I found this bug is already reported: http://bugs.otrs.org/show_bug.cgi?id=11614

Regards,
Eric

[murdo]

Thank you very much for this fix, i can confirm that the LDAP group sync in OTRS5 is now working for us.

--
Many thanks
Murdo