LDAP CustomerUser Integration works on index.pl but fails on customer.pl in Znuny 7.1.6

[mfilhobsb]

Hello everyone,

I'm working on integrating Znuny 7.1.6 (installed manually in `/opt/znuny`, running on Debian 12 with Apache 2.4 and mod_perl) with our Active Directory using LDAP.

Our environment:
- Znuny 7.1.3 (manual install)
- Debian 12
- Apache 2.4.62 with mod_perl
- MariaDB backend
- Active Directory functional (confirmed with `ldapsearch`)
- Customer accounts should authenticate via AD (with optional fallback to local DB)

What is working:
- Agent login (`index.pl`) works perfectly via LDAP.
- When an agent logs in for the first time, their account is auto-created in the database and linked correctly.
- Customer login (`customer.pl`) works **only** if authentication is set to DB-only.
- LDAP queries (via `ldapsearch`) return correct attributes for `sAMAccountName`, `givenName`, `sn`, and `mail`.
- We’ve tested fallback authentication successfully — it works as expected with local DB if LDAP fails.

What is NOT working:
- When `customer.pl` is configured with `Customer::AuthModule = LDAP` and a proper `CustomerUser` backend (LDAP), authentication succeeds, **but the user is not found in the backend**, even though `ldapsearch` confirms the data is present.
- We receive the message:
“Authentication OK but no customer record found in the backend. Please contact the administrator.”
- Log messages like the following appear:
No such user 'mauro.filho'!
- We created test scripts (using `$Kernel::OM`) and confirmed that `CustomerUser->CustomerUserDataGet()` returns empty for the same user.

We have thoroughly reviewed:
- The LDAP `BaseDN`, filters, and credentials
- `CustomerKey` and `CustomerID` fields
- UTF-8 compatibility (OU has special characters like `serviço`)
- Different combinations of fallback, syncing, and direct DB entries
- Using `CustomerUser::CreateAfterAuth = 1`
- Minimal `Config.pm` with only `CustomerUser::LDAP` active

But still: authentication is successful, yet `customer.pl` cannot match the user in the LDAP backend.

I’ve also confirmed that the LDAP entry for the user contains:
- `sAMAccountName: mauro.filho`
- `givenName`, `sn`, `mail`, and even `company`

My question is:
Has anyone successfully configured `customer.pl` in Znuny 7.x to authenticate via LDAP AND retrieve user data using `CustomerUser::LDAP`?
Is there a known limitation or trick needed for this to work properly in customer login?

I'll be happy to share my full `Config.pm` or any logs if needed.

Thanks in advance!

Best regards,
Mauro

[root]

Hi,

The LDAP configuration for Znuny 7.x is the same as for Znuny LTS 6.5. You have already shared your configuration, and multiple posts are not necessary.

- Roy

[lis9]

According to your questions, the answers are:
1) Yes, it works seamlessly, even on multiple backends (local DB and LDAP).
2) No tricks needed

Just make an effort and look into the Kernel/Config/Defaults.pm for available options, and just read the documentation. LDAP configuration on customer side stands for 2 parts:
a) authorization and synchronization https://doc.znuny.org/legacy/manual/adm ... h-backends
b) customer datasource https://doc.znuny.org/legacy/manual/adm ... er-backend

For authenticating Agents you should probably create a group on AD side (here->znuny.user), and use filter on this group on znuny/Config.pm side
$Self->{'AuthModule::LDAP::GroupDN'} = 'cn=znuny.user,ou=_Groups,ou=_Users,ou=_Company,dc=domain,dc=local';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
and proper $Self->{'AuthModule::LDAP::Params'}

Additionaly you should also configure agent sync backend $Self->{'AuthSyncModule'} to download data changes on agents AD accounts to Znuny.

But read carefully Defaults.pm there's a lot of knowledge!

Daniel Lisiecki