Different interfaces for Customer & Agent -- how to do it?

[quaver]

Hi all,

I've managed to get OTRS talking to Active Directory for Agent logins at least -- I believe the issue with Customer logins is tied to the problem I'm going outline here ...
Basically, the agents can log into the system and see the agent interface, but customer logins still give a 'User: username authentication failed, no LDAP group entry found'. I believe this is because I need to add all users that are not agents to an OTRS_CUSTOMERS group. Is this the way it should be done, or is there a better way to do this?
If this is the best way to do it, how would I then go about specifying that customers get a different interface to agents? I've searched the forums, but annoyingly 'customer' and 'agent' are forbidden search terms!

Thanks,
Dan

[jojo]

the customer frontend can be reached via customer.pl instead of index.pl

[sweenig]

I've been able to configure OTRS with LDAP back end for agents and customers. It's two different sections of the config.pm. There should be a section for agent authentication, in which you'll specify the DN of the agents. Then another for the customers where you can specify a more lenient DN on the BaseDN definition.

[quaver]

I've been able to configure OTRS with LDAP back end for agents and customers. It's two different sections of the config.pm. There should be a section for agent authentication, in which you'll specify the DN of the agents. Then another for the customers where you can specify a more lenient DN on the BaseDN definition.

Thanks for your input guys -- I have a question about this particular part though. When a more lenient DN is supplied, which will take precedence? As if I say all 'Domain Users' will be customers, but all members of 'OTRS_AGENTS' will be agents, which would take precedence, as OTRS_AGENTS is within Domain Users.

Furthermore, would you be able to supply an (anonymised) section of your Config.pm to show the Customer login setup?

Thanks,
Dan

[crythias]

check the wiki.

Also, Customers are completely independent of Agents. There is no "win", there is only "WYAFIWYG" (What you ask for is what you get).

[sweenig]

When someone is logging into the agent portal, OTRS will look for that user only within OTRS_Agents. When someone logs into the customer portal, OTRS will look for the account to exist anywhere in the domain. crythias is right, there would be no win, because there would be no competition.

[quaver]

Hi all, I think we're mostly there with the customer logon ... I'd forgotten that customers get a completely different interface through customer.pl ... when I try and log in through there using our testing user (Jim Bloggs), I get the following error in otrs.log:

Code: Select all

[Thu Sep 30 15:25:13 2010][Error][Kernel::System::CustomerAuth::LDAP::Auth][280] Search failed! base='CN=Domain Users,OU=Users,DC=DOMAIN,DC=LOCAL', filter='(DN=username)', Success

The relevant section of my Config.pm is:

Code: Select all

$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
    $Self->{'Customer::AuthModule::LDAP::Host'} = 'nova.LTMUSEUM.LOCAL';
    $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'DC=LTMUSEUM,DC=LOCAL';
    $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
    $Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'CN=Domain Users,OU=Users,DC=LTMUSEUM,DC=LOCAL';
    $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'member';
    $Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'DN';
    $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'CN=OTRS,OU=Helpdesk,OU=LTM,DC=LTMUSEUM,DC=LOCAL';
    $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'secret007';
    $Self->{'Customer::AuthModule::LDAP::Params'} = {
        port => 389,
        timeout => 120,
        async => 0,
        version => 3,
    };

     $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
        'customer_users', # Testing
    ];
    
    $Self->{CustomerUser} = {
        Name => 'LDAP Communicator',
        Module => 'Kernel::System::CustomerUser::LDAP',
        Params => {
            Host => 'nova.LTMUSEUM.LOCAL',
            BaseDN => 'DC=LTMUSEUM,DC=LOCAL',
            SSCOPE => 'sub',
            UserDN => 'CN=OTRS,OU=Helpdesk,OU=LTM,DC=LTMUSEUM,DC=LOCAL',
            UserPw => 'secret007',
            AlwaysFilter => '(objectclass=user)',
            Die => 1,
            Params => {
                 raw => qr/(?i:^jpegPhoto|;binary)/,
            },
        },
        CustomerKey => 'cn',
        CustomerID => 'mail',
        CustomerUserListFields => ['sAMAccountName', 'mail'],
        CustomerUserSearchFields => ['sAMAccountName', 'sn', 'mail'],
        CustomerUserPostMasterSearchFields => ['mail', 'cn', 'sn'],
        CustomerUserNameFields => ['givenname', 'sn'],
        Map => [
            [ 'UserSalutation', 'Title',      'title',           1, 0, 'var', 
'', 0 ],
            [ 'UserFirstname',  'Firstname',  'givenname',       1, 1, 'var', 
'', 0 ],
            [ 'UserLastname',   'Lastname',   'sn',              1, 1, 'var', 
'', 0 ],
            [ 'UserLogin',      'Login',      'sAMAccountName',              1, 1, 'var', 
'', 0 ],
            [ 'UserEmail',      'Email',      'mail',            1, 1, 'var', 
'', 0 ],
            [ 'UserCustomerID', 'CustomerID', 'mail',            0, 1, 'var', 
'', 0 ],
            [ 'UserPhone',      'Phone',      'telephonenumber', 1, 0, 'var', 
'', 0 ],
            [ 'UserAddress',    'Address',    'postaladdress',   1, 0, 'var', 
'', 0 ],
            [ 'UserComment',    'Comment',    'description',     1, 0, 'var', 
'', 0 ],
            [ 'UserLocation',   'Location',   'l',               1, 0, 'var', 
'', 0 ],
        ],
    }; 

This is probably something quite simple, but I've hit a brick wall on what I can solve! Any help would be greatly appreciated!

Thanks,
Dan