Authentication succeeded, but no customer record is found in

[Dark000]

I get this error when i try to login. What am I doing wrong. I just changed host data to example, so I can show it here. And this is for customers login only.

Authentication succeeded, but no customer record is found in the customer backend. Please contact your administrator.

Here is the code.

Code: Select all

#Enable LDAP authentication for Customers / Users
  $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
  $Self->{'Customer::AuthModule::LDAP::Host'} = 'host.example.si';
  $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'OU=example,OU=example,DC=example,DC=example,DC=example';
  $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';

#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
  $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrs_ldap';
  $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'PASSWORD';

#CustomerUser
#(customer user database backend and settings)
    $Self->{CustomerUser} = {
      Module => 'Kernel::System::CustomerUser::LDAP',
      Params => {
      Host => 'host.example',
      BaseDN => 'cn=otrs_ldap,cn=Users,dc=example,dc=example',
      SSCOPE => 'sub',
      UserDN =>'otrs_ldap',
      UserPw => 'PASSWORD',
    },
# customer unique id
    CustomerKey => 'sAMAccountName',
    # customer #
    CustomerID => 'mail',
    CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserSearchPrefix => '',
    CustomerUserSearchSuffix => '*',
    CustomerUserSearchListLimit => 250,
    CustomerUserPostMasterSearchFields => ['mail'],
    CustomerUserNameFields => ['givenname', 'sn'],
    Map => [
      # note: Login, Email and CustomerID needed!
      # var, frontend, storage, shown, required, storage-type
      #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
      [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
      [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
      [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
      [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
      [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
      [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
      #[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
      #[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
    ],
  };

thank you

[jojo]

your Base DNs are not the same?

[Dark000]

Ok, i thought it had to be one for otrs_ldap user. So i changed basedns to be the same:

OU=example,OU=example,DC=example,DC=example,DC=example

and i get this error now:

Error: Need CustomerID!!! Comment: Traceback: ERROR: OTRS-CGI-10 Perl: 5.12.2 OS: MSWin32 Time: Mon Dec 6 10:50:45 2010

Message: Need CustomerID!!!

Traceback (3164):
Module: Kernel::Output::HTML::Layout::CustomerError (v1.334) Line: 3467
Module: Kernel::Modules::CustomerTicketOverView::Run (v1.65) Line: 68
Module: Kernel::System::Web::InterfaceCustomer::Run (v1.55) Line: 956
Module: ModPerl::ROOT::ModPerl::Registry::C_3a_Program_20Files_OTRS_OTRS_bin_cgi_2dbin_customer_2epl::handler (unknown version) Line: 51
Module: (eval) (v1.42) Line: 204
Module: ModPerl::RegistryCooker::run (v1.42) Line: 204
Module: ModPerl::RegistryCooker::default_handler (v1.42) Line: 170
Module: ModPerl::Registry::handler (v1.99) Line: 31

and this is in the log

[Mon Dec 6 10:53:46 2010][Error][Kernel::Output::HTML::Layout::CustomerError][3467] Need CustomerID!!!

[jojo]

The base DN is the DN where all your customers are located. Your one seems to be to deep...

[Dark000]

To deep. I have four users and some groups. Is that the problem. How can i set base dn to a group. Or what should i do.
So the configuration is ok; and i only have to figure out my users/groups settings in AD?

[jojo]

Base DN should be the DN containing the different Groups then

[Dark000]

Ok, error was about certain users not having email writen in AD so there was no custom ID. The one who had could login normaly. That is easy fixable.

I have just one more question. Currently my setup is giving rights to login to all users in AD. I can narrow it down to Organizational-Unit but not to a Group. How can i do that, so that only members of a certain group would have the rights to login.

Thank's for all your help.

[crythias]

In the auth, I believe you would be able to use CN= (common name) for the group.

[Dark000]

I tried that, but in customers I only get one entry and that one is a Group. No users from the group.

[crythias]

$Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '';

Source: http://doc.otrs.org/3.0/en/html/x2358.h ... h-backends