Customer Authentication : sync data from LDAP into OTRS db

[amacquet]

Hi all,

I'm using LDAP authentication for OTRS customers, and I'm trying to sync data from the ldap.
When I login with a user who is in the LDAP but not in the customer_user table yet, I get the "panic ! no user data" error, and the user is not added to the table.

I've tried many things found on the web (it seems that many people had to face the same problem), but none of those tricks worked.
I'm still having the "panic ! no user data" error...

I've been searching for hours on this issue, and it drives me mad.

Here is my Config.pm :

$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = 'xxxxxxxxxx.fr';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=xxxxxxx,dc=fr';
$Self->{'AuthSyncModule::LDAP::UID'} = 'uid';
$Self->{'AuthSyncModule::LDAP::UserAttr'} = 'uid';
$Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'uid';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'uid=ldapread,ou=users,o=ldap-services,dc=xxxxxxx,dc=fr';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'ldapread';

$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
'users',
];



$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'xxxxxxxxxx.fr';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=xxxxxxx,dc=fr';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'uid';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'uid=ldapread,ou=users,o=ldap-services,dc=xxxxxxx,dc=fr';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'ldapread';

$Self->{UserSyncLDAPMap} = {
# DB -> LDAP
UserFirstname => 'givenname',
UserLastname => 'sn',
UserEmail => 'mail',
};

#CustomerUser
#(customer user database backend and settings)
$Self->{CustomerUser} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'xxxxxxxxxx.fr',
BaseDN => 'dc=xxxxxxx,dc=fr',
SSCOPE => 'sub',
UserDN => 'uid=ldapread,ou=users,o=ldap-services,dc=xxxxxxx,dc=fr',
UserPW => 'ldapread',
},

# customer unique id
CustomerKey => 'uid',
CustomerID => 'uid',
CustomerUserListFields => ['uid', 'cn', 'mail'],
CustomerUserSearchFields => ['uid', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'uid', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
],
};

$Self->{DatabaseUserTable} = 'customer_user';
$Self->{DatabaseUserTableUserID} = 'id';
$Self->{DatabaseUserTableUserPW} = 'pw';
$Self->{DatabaseUserTableUser} = 'login';



Can anymore help, please ? Thanks !

regards,

[jojo]

You are messing up agents and customers. Customers are not copied to the OTRS Database.

What kind of LDAP dou you use? Could you show an example LDIF?

[amacquet]

Hi jojo

thanks for replying.

I'm using OpenLDAP 2.4.11.

What is the point of showing an example LDIF ?

Is there a way to copy customer data into the database ? If it's possible, what's missing in my conf file ?

best regards
Antoine

[crythias]

amacquet: Customers aren't copied to the database. They're "Looked Up" from your Active Directory/OpenLDAP configuration.

Since the LDAP configuration is specific to your implementation of OpenLDAP, only you know the fields you have that would map well to OTRS' Config.

[amacquet]

Crythias,

It is possible to automatically create an agent from LDAP to DB (in users table) after login, with the "$Self->{UserSyncLDAPMap}" feature, but there's no such feature for customers ?

We can only map/sync customer data from LDAP to local DB, but anyway the customer must already exist in the DB ? There's no way to automatically create a customer after login ?

Am I Right ?

thanks for your help

[crythias]

No. Clear your mind of user (customer) database being stored in OTRS.

OTRS will transparently handle querying the information it knows about (from the Map in Config.pm) when you need to get more Customer Info.

Anything you're reading about sync is for (caching) authentication purposes, not customer lookup.

In the database, the ticket entry only stores the username and the customerID. Any links to customer information point to the data structure that holds the information WHERE LDAPusernamefield=usernamestoredinticket

Further information: a ticket will get created even if the customer does not exist in your database. ANYONE who sends an email to your otrs inbox gets a ticket.

[amacquet]

ok, thanks for your reply.

So, the only way to avoid the "panic ! no user data" error after customer authentication on customer.pl page is to fill manually the customer_table before customers try to connect to OTRS through this page.

[jojo]

no, the correct way is to create a functional Config.pm. There is no need to copy users from ldap to DB

[amacquet]

so what should I write in my Config.pm to allow my LDAP users to connect to the customer.pl page and to create tickets ?

[jojo]

As I said before, post an example LDIF of your LDAP

[crythias]

http://doc.otrs.org/3.0/en/html/x2276.html

But also you might not have sAmaccountName

Code: Select all

$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'xxxxxxxxxx.fr';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=xxxxxxx,dc=fr';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'uid';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'uid=ldapread,ou=users,o=ldap-services,dc=xxxxxxx,dc=fr';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'ldapread';

$Self->{UserSyncLDAPMap} = {
# DB -> LDAP
UserFirstname => 'givenname',
UserLastname => 'sn',
UserEmail => 'mail',
};

#CustomerUser
#(customer user database backend and settings)
$Self->{CustomerUser} = {
# ############ You forgot this ############
Name => 'LDAP Data Source',
# ######################################
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'xxxxxxxxxx.fr',
BaseDN => 'dc=xxxxxxx,dc=fr',
SSCOPE => 'sub',
UserDN => 'uid=ldapread,ou=users,o=ldap-services,dc=xxxxxxx,dc=fr',
UserPW => 'ldapread',
# ####################
AlwaysFilter => '',
# ####################
Params
},

# customer unique id
CustomerKey => 'uid',
CustomerID => 'uid',
CustomerUserListFields => ['uid', 'cn', 'mail'],
CustomerUserSearchFields => ['uid', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
# ######## Is this valid for you? ############
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
# ######################################
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'uid', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
],
};

$Self->{DatabaseUserTable} = 'customer_user';
$Self->{DatabaseUserTableUserID} = 'id';
$Self->{DatabaseUserTableUserPW} = 'pw';
$Self->{DatabaseUserTableUser} = 'login';

[amacquet]

Hi crythias,

I've added the following lines as you asked :

Name => 'LDAP Data Source',
AlwaysFilter => '',

and modified "sAMAccountName", but I still get "Panic! No UserData!!!" after authentication.

User is found in the LDAP, but the I get "No such object" and "No such user" errors in otrs logs.

[Wed Dec 22 10:32:26 2010][Notice][Kernel::System::CustomerAuth::LDAP::Auth] CustomerUser: amacquet (uid=AMACQUET,ou=xxxxxx,ou=xxxxxxxxx,dc=xxxxxxxxx,dc=fr) authentication ok (REMOTE_ADDR: xxxxxxxxx).
[Wed Dec 22 10:32:26 2010][Error][Kernel::System::CustomerUser::LDAP::CustomerUserDataGet][580] No such object
[Wed Dec 22 10:32:26 2010][Error][Kernel::System::CustomerUser::SetPreferences][493] No such user 'amacquet'!
[Wed Dec 22 10:32:26 2010][Error][Kernel::System::CustomerUser::LDAP::CustomerUserDataGet][580] No such object
[Wed Dec 22 10:32:26 2010][Error][Kernel::System::CustomerUser::LDAP::CustomerUserDataGet][580] No such object

[amacquet]

As I said before, post an example LDIF of your LDAP

hi jojo

here's one sample of my LDAP :

dn: uid=AMACQUET,ou=xxxxxxx,ou=xxxxxxxxxx,dc=xxxxxxxxxxxxxxxxxxx,dc=fr
crnpdcattasciiprenom: xxxxxxxxxxxx
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: crnpdcobjagent
crnpdcattsite: uid=SITE0054,ou=xxxxxx,dc=xxxxxxxxxxxxxxx,dc=fr
givenName: First_name
uid: Login
crnpdcattvisible: TRUE
cn: AG071754
crnpdcattfax: 6005
crnpdcattasciinom: last_name
crnpdcattetage: 1
crnpdcatthistomaj: uid=HT-AMACQUET,ou=xxxxxxxxxx,dc=xxxxxxxxxxx,dc=fr
sn: MACQUET
crnpdcattfonction: uid=FONC0002,ou=xxxxxxxxxx,dc=xxxxxxxxxxxx,dc=fr
title: M.
crnpdcatttelephone1: 666
crnpdcattservice: uid=SERV0123,ou=xxxxxxx,dc=xxxxxxxxxxxx,dc=fr
businessCategory: INTERNE
crnpdcattcreepar: COM
facsimileTelephoneNumber: 666
telephoneNumber: 666
crnpdcattvalide: TRUE
employeeNumber: xxxxx
userPassword: {SHA}jnjcXPaetY5EoyLc2Lkh/QmGy8s=
crnpdcattfonctionlibelle:: QWRtaW5pc3RyYXRldXIgQmFzZSBkZSBEb25uw6llcw==
crnpdcattsitelibelle:: U2nDqGdlIGRlIFLDqWdpb24=
crnpdcattfaxintl: xxxxxxxxxxxxxxx
crnpdcatttelephoneintl: xxxxxxxxxxx
crnpdcattbatiment: E
crnpdcattbureau: 07
crnpdcattbureauinventaire: 1 SE 25
crnpdcattdatemaj: 20090116
crnpdcattgroupe: xxxxxxxxx
crnpdcattgroupe: xxxxxxxx
mail: test@test.com
physicalDeliveryOfficeName: DSI
crnpdcattservicelibellecourt: DSI
crnpdcattservicelibellelong:: RGlyZWN0aW9uIGRlcyBTeXN0w6htZXMgZCdJbmZvcm1hdGlvbg==

[crythias]

I don't know if case sensitivity makes any difference, and I'm not sure where the problem is otherwise, but you have

telephoneNumber in ldap
and
telephonenumber in Config.pm

[amacquet]

That was a nice try crythias, but it doesn't make any difference

[jojo]

Your code should look like this:

Code: Select all

$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'xxxxxxxxxx.fr';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=xxxxxxx,dc=fr';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'uid';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'uid=ldapread,ou=users,o=ldap-services,dc=xxxxxxx,dc=fr';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'ldapread';

#CustomerUser
#(customer user database backend and settings)
$Self->{CustomerUser} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'xxxxxxxxxx.fr',
BaseDN => 'dc=xxxxxxx,dc=fr',
SSCOPE => 'sub',
UserDN => 'uid=ldapread,ou=users,o=ldap-services,dc=xxxxxxx,dc=fr',
UserPW => 'ldapread',
},

# customer unique id
CustomerKey => 'uid',
CustomerID => 'uid',
CustomerUserListFields => ['uid', 'cn', 'mail'],
CustomerUserSearchFields => ['uid', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'uid', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'uid', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
],
};

[amacquet]

Hi jojo

the only difference I see is that you removed the following sections in my Config.pm file :

$Self->{UserSyncLDAPMap} = {
# DB -> LDAP
UserFirstname => 'givenname',
UserLastname => 'sn',
UserEmail => 'mail',
};


$Self->{DatabaseUserTable} = 'customer_user';
$Self->{DatabaseUserTableUserID} = 'id';
$Self->{DatabaseUserTableUserPW} = 'pw';
$Self->{DatabaseUserTableUser} = 'login';

Am I right ?

Anyway, it still doesn't work

[jojo]

I also changed a line in the map:
[ 'UserLogin', 'Login', 'uid', 1, 1, 'var' ],

[amacquet]

That's already what's in my config file, Jojo.

After many tries, here's my actual Config.pm :

$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'xxxxxxxxxxxxxxxxxxxx.fr';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=xxxxxxxxxxxxxx,dc=fr';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'uid';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'uid=ldapread,ou=users,o=ldap-services,dc=xxxxxxxxxxx,dc=fr';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'ldapread';


#CustomerUser
#(customer user database backend and settings)
$Self->{CustomerUser} = {
Name => 'LDAP Data Source',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'xxxxxxxxxxxxxxxxxx.fr',
BaseDN => 'dc=xxxxxxxxxxxxxx,dc=fr',
SSCOPE => 'sub',
UserDN => 'uid=ldapread,ou=users,o=ldap-services,dc=xxxxxxxxxxxxx,dc=fr',
UserPW => 'ldapread',
AlwaysFilter => '',
},

# customer unique id
CustomerKey => 'uid',
CustomerID => 'uid',
CustomerUserListFields => ['uid', 'cn', 'mail'],
CustomerUserSearchFields => ['uid', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenName', 'sn'],
Map => [
[ 'UserFirstname', 'Firstname', 'givenName', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'uid', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'uid', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephoneNumber', 1, 0, 'var' ],
],
};

I've been doing a lot of research and tries, I can't find out what's wrong. I still get this "panic ! no user data" f.... error after authentication.

It drives me mad

[jojo]

Please go to Sysconfig and have a look on: Framework -> Frontend::Customer::Auth if everthing looks ok

[amacquet]

yes everything looks OK :

Customer::AuthModule: LDAP
Customer::AuthModule::DB::CryptType: MD5-Crypt
Customer::AuthModule::DB::Table: customer_user
Customer::AuthModule::DB::CustomerKey: login
Customer::AuthModule::DB::CustomerPassword: pw

Customer::AuthModule::LDAP::Host: xxxxxxxxxxxxxxxxxxxx.fr
Customer::AuthModule::LDAP::BaseDN: dc=xxxxxxxxxxx,dc=fr
Customer::AuthModule::LDAP::UID: uid
Customer::AuthModule::LDAP::SearchUserDN: uid=ldapread,ou=users,o=ldap-services,dc=xxxxxxxxxx,dc=fr
Customer::AuthModule::LDAP::SearchUserPw: ldapread
Customer::AuthModule::LDAP::Die: yes
Customer::AuthModule::Radius::Die: yes

Other options are not selected.

[amacquet]

Happy new year to everyone !

So, no one can help me on this issue ?

[amacquet]

No. Clear your mind of user (customer) database being stored in OTRS.

OTRS will transparently handle querying the information it knows about (from the Map in Config.pm) when you need to get more Customer Info.

Anything you're reading about sync is for (caching) authentication purposes, not customer lookup.

In the database, the ticket entry only stores the username and the customerID. Any links to customer information point to the data structure that holds the information WHERE LDAPusernamefield=usernamestoredinticket

Further information: a ticket will get created even if the customer does not exist in your database. ANYONE who sends an email to your otrs inbox gets a ticket.

Hi crythias

I've been reading the whole topic again. I understand what you mean. Customer information should me mapped directly from the data source, in that case the LDAP, and not stored in the OTRS DB.
So there's no reason that i still get that damn "Panic ! No user data" error...

I've noticed something else. In the administration area, if I go to the costomer page, the only source I can select in the "add a customer" section is the "LDAP Data Source" we have defined in the Config.pm. If I try to search as customer, I get the following error in the apache error log :

ERROR: OTRS-CGI-10 Perl: 5.10.0 OS: linux Time: Mon Jan 3 11:33:56 2011

Message: No such object

Traceback (9842):
Module: Kernel::System::CustomerUser::LDAP::CustomerSearch (v1.53.2.1) Line: 336
Module: Kernel::System::CustomerUser::CustomerSearch (v1.55.2.1) Line: 178
Module: Kernel::Modules::AdminCustomerUser::_Overview (v1.57.2.3) Line: 418
Module: Kernel::Modules::AdminCustomerUser::Run (v1.57.2.3) Line: 93
Module: Kernel::System::Web::InterfaceAgent::Run (v1.43.2.1) Line: 819
Module: ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_index_2epl::handler (unknown version) Line: 48
Module: (eval) (v1.88) Line: 204
Module: ModPerl::RegistryCooker::run (v1.88) Line: 204
Module: ModPerl::RegistryCooker::default_handler (v1.88) Line: 170
Module: ModPerl::Registry::handler (v1.99) Line: 31

in orts.log :

[Mon Jan 3 11:33:56 2011][Error][Kernel::System::CustomerUser::LDAP::CustomerSearch][336] No such object


Does it make any sense to you ??

Thanks for your help

regards,
Antoine

[chetannagaonkar]

Hello Amacquet,

My 2 cents:
Going thru the thread, initially it appeared that there was a confusion btwn customers in the database and LDAP. Just a suggestion - When you copied the customer section from Defaults.pm, I hope that you haven't retained "database" section of it that is used to log customers that are in the database. Check if you can remove that section and retain just the LDAP section.

Best Regards
Chetan

[Mothra]

No. Clear your mind of user (customer) database being stored in OTRS.

OTRS will transparently handle querying the information it knows about (from the Map in Config.pm) when you need to get more Customer Info.

Anything you're reading about sync is for (caching) authentication purposes, not customer lookup.

In the database, the ticket entry only stores the username and the customerID. Any links to customer information point to the data structure that holds the information WHERE LDAPusernamefield=usernamestoredinticket

Further information: a ticket will get created even if the customer does not exist in your database. ANYONE who sends an email to your otrs inbox gets a ticket.

This being the case, it seems that storing customers in LDAP is contraindicated if you wish to map Services to Customers, correct?

[chetannagaonkar]

That's correct. Let me try to jot down the appropriate options below -

1. Customers can be stored either in LDAP OR database (not in both simultaneously)
2. Agents can be stored either in LDAP OR database (not in both simultaneously)
3. Customers can be stored in LDAP and Agents can be stored in database simultaneously.
4. Customers can be stored in database and Agents can be stored in LDAP simultaneously.

HTH?

Best Regards
Chetan

[chetannagaonkar]

Mothra, I think that Services can still be mapped to Customers regardless. LDAP/Database don't seem related to this. Not sure if I understood Mothra's question correctly.

[crythias]

Mothra: The services table in the database keeps a list of (customer) usernames mapped to Service ID numbers. If the user is removed from LDAP, it probably won't (shouldn't) affect this listing.

services table:
customer_user_login service_id create_time create_by
fgu 1 2010-09-22 00:13:33 2
fgu 2 2010-10-15 20:04:04 2
<DEFAULT> 2 2010-09-22 00:13:50 2
luser 2 2010-10-15 20:04:04 2

---
To further add some fun to the conversation: chetannagaonkar's statement can be expanded to multiple back ends for both customers and users, which could potentially mean "stored in database and up to 10 additional backends" ... these are independent backends, though, *not* synced. (LDAP for two organizations, for instance).

[Mothra]

Mothra, I think that Services can still be mapped to Customers regardless. LDAP/Database don't seem related to this. Not sure if I understood Mothra's question correctly.

Indeed they can (perhaps fortunately, but see below!) and my follow-up question was going to be "how?". But I had a look in the database and discovered that Service IDs are not mapped to Customer IDs, they're mapped to Customer Login Names via a join table called service_customer_user.

This is a somewhat loose association and I feel there could be certain circumstances in which it might cause problems.

Here's an example I have encountered recently: If you change the login name of a user stored in the database (and the Admin UI lets you do this), the service_customer_user table is not updated, so you lose all Customers<->Services mappings for that user. If you haven't realised what's going on, you might reasonably re-map that customer to the appropriate services via the Admin UI, however an additional entry is created in service_customer_user and the original entry still remains. Later on, if you ever add a new user that happens to have the same login name as the one you originally had for the user above, the UI will not complain, yet they will automatically inherit all the previous service mappings.

[amacquet]

Hello Amacquet,

My 2 cents:
Going thru the thread, initially it appeared that there was a confusion btwn customers in the database and LDAP. Just a suggestion - When you copied the customer section from Defaults.pm, I hope that you haven't retained "database" section of it that is used to log customers that are in the database. Check if you can remove that section and retain just the LDAP section.

Best Regards
Chetan

Hi Chetan. Thanks for replying.

I understood that, as you said, customers can be stored in LDAP OR in DB. But I still don't understand why I'm getting that fxxxxx "panic ! no user data" message.

I don't think I'm mixing up LDAP and DB in my Config.pm, and I think I've removed the appropriate sections ("customer authentication settings" and "CustomerUser stuff") in Defauts.pm (I don't even know if it changes anything to modify Defauts.pm, I'm a real newbie to OTRS ).

I post here my whole Config.pm file, could you please have a look on it and check if you see anything wrong ?

Thanks for your help !

Config.pm :

Code: Select all

package Kernel::Config;

sub Load {
    my $Self = shift;
   
    $Self->{'DatabaseHost'} = 'localhost';
    $Self->{'Database'} = 'otrs';
    $Self->{'DatabaseUser'} = 'otrs';
    $Self->{'DatabasePw'} = 'otrs';
    $Self->{DatabaseDSN} = "DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost};";

    $Self->{Home} = '/opt/otrs';

    $Self->{'SystemID'} = 10;
    $Self->{'SecureMode'} = 1;
    $Self->{'Organization'} = '';
    $Self->{'LogModule::LogFile'} = '/var/log/otrs.log';
    $Self->{'LogModule'} = 'Kernel::System::Log::File';
    $Self->{'FQDN'} = 'joles';
    $Self->{'DefaultLanguage'} = 'fr';
    $Self->{'AdminEmail'} = 'axxxxxxxxxxxxxxxx';
    $Self->{'DefaultCharset'} = 'utf-8';

    $ self-> {debug} = 3;


     $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
   $Self->{'Customer::AuthModule::LDAP::Host'} = 'xxxxxxxxxxxxxxxxxxxxxxx';
    $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=xxxxxxxxxxxxxxxx,dc=fr';
    $Self->{'Customer::AuthModule::LDAP::UID'} = 'uid';
    $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'uid=ldapread,ou=users,o=ldap-services,dc=xxxxxxxxxxxx,dc=fr';
    $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'ldapread';


#     $Self->{UserSyncLDAPMap} = {
    # DB -> LDAP
#    UserFirstname => 'givenName',
#    UserLastname => 'sn',
#    UserEmail => 'mail',
#    };

    #CustomerUser
    #(customer user database backend and settings)
    $Self->{CustomerUser} = {
     Name => 'LDAP Data Source', 
      Module => 'Kernel::System::CustomerUser::LDAP',
      Params => {
        Host => 'xxxxxxxxxxxxxxxxxxxxxxxx',
        BaseDN => 'dc=xxxxxxxxxxxxxx,dc=fr',
        SSCOPE => 'sub',
        UserDN => 'uid=ldapread,ou=users,o=ldap-services,dc=xxxxxxxxxxxxx,dc=fr',
        UserPW => 'ldapread',
        AlwaysFilter => '',
        },

    # customer unique id
       CustomerKey => 'uid',
      CustomerID => 'uid',
      CustomerUserListFields => ['uid', 'cn', 'mail'],
      CustomerUserSearchFields => ['uid', 'cn', 'mail'],
      CustomerUserSearchPrefix => '',
      CustomerUserSearchSuffix => '*',
      CustomerUserSearchListLimit => 250,
      CustomerUserPostMasterSearchFields => ['mail'],
      CustomerUserNameFields => ['givenName', 'sn'],
      Map => [
        [ 'UserFirstname', 'Firstname', 'givenName', 1, 1, 'var' ],
        [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
        [ 'UserLogin', 'Login', 'uid', 1, 1, 'var' ],
        [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
        [ 'UserCustomerID', 'CustomerID', 'uid', 0, 1, 'var' ],
        #[ 'UserPhone', 'Phone', 'telephoneNumber', 1, 0, 'var' ],
       ],
      };
     
#       $Self->{DatabaseUserTable} = 'customer_user';
#    $Self->{DatabaseUserTableUserID} = 'id';
#    $Self->{DatabaseUserTableUserPW} = 'pw';
#    $Self->{DatabaseUserTableUser} = 'login';

}

# ---------------------------------------------------- #
# needed system stuff (don't edit this)                #
# ---------------------------------------------------- #
use strict;
use warnings;

use vars qw(@ISA $VERSION);
use Kernel::Config::Defaults;
push (@ISA, 'Kernel::Config::Defaults');

use vars qw(@ISA $VERSION);
$VERSION = qw($Revision: 1.21 $)[1];

# -----------------------------------------------------#

1;

I really don't see what I've done wrong

[chetannagaonkar]

Amacquet,

Its little late over here. I'll try to review the config.pm tomorrow, sorry. From a quick review, I think that the below script in Config.pm is NOT required since you are leveraging LDAP. The script should reflect LDAP as customer database source.

$Self->{'DatabaseHost'} = 'localhost';
$Self->{'Database'} = 'otrs';
$Self->{'DatabaseUser'} = 'otrs';
$Self->{'DatabasePw'} = 'otrs';
$Self->{DatabaseDSN} = "DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost};";

Best Regards
Chetan

[amacquet]

Its little late over here. I'll try to review the config.pm tomorrow, sorry.

No problem ! There's no hurry. Thank you very much for your help anyway.

I think that the below script in Config.pm is NOT required since you are leveraging LDAP. The script should reflect LDAP as customer database source.

This script is necessary because it's used for all features, and not only customers authentication. Nothing works anymore If I remove it.

[chetannagaonkar]

Amacquet,

Sorry, yes, you don't need to remove those lines. In a hurry yesterday, I had mistaken them for connecting with regular database. I have reviewed your Config.pm and see few things that are missing. You need to configure the following parameters too -
$Self->{UserSyncLDAPMap};
$Self->{UserSyncLDAPGroups};
$Self->{'UserSyncLDAPGroupsDefination'};
$Self->{'UserSyncLDAPRolesDefination'};
$Self->{'UserSyncLDAPAttibuteGroupsDefination'};
$Self->{'UserSyncLDAPAttibuteRolesDefination'};
$Self->{'UserSyncLDAPGroupsDefination'};

The reason you are getting that error is because you are not syncing up LDAP as OTRS database. The below link will explain and help you to understand why those parameters are required - http://62.146.52.70/otrs/public.pl?Acti ... ItemID=243

Also, you had mentioned that you had tried to change Defaults.pm. You may want to revert the changes to Defaults.pm(I think that you may be aware that you should NOT touch zzzAuto.pm and zzzAAuto.pm files either). Defaults.pm file should be used only for reference. You use the context/content from that file and copy it to Config.pm accordingly.

Specifying the above parameters correctly in your Config.pm should solve your problem. Let me know pls.

Best Regards
Chetan

[amacquet]

Hi Chetan

I've added those lines just as they are and this is still not working.

I'm always getting this in apache error log :

Code: Select all

ERROR: OTRS-CGI-10 Perl: 5.10.0 OS: linux Time: Wed Jan  5 12:01:30 2011

 Message: No such object

 Traceback (4944):
   Module: Kernel::System::CustomerUser::LDAP::CustomerUserDataGet (v1.53.2.1) Line: 580
   Module: Kernel::System::CustomerUser::CustomerUserDataGet (v1.55.2.1) Line: 283
   Module: Kernel::System::CustomerUser::SetPreferences (v1.55.2.1) Line: 491
   Module: Kernel::System::CustomerAuth::Auth (v1.29) Line: 155
   Module: Kernel::System::Web::InterfaceCustomer::Run (v1.41.2.1) Line: 195
   Module: ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_customer_2epl::handler (unknown version) Line: 48
   Module: (eval) (v1.42) Line: 204
   Module: ModPerl::RegistryCooker::run (v1.42) Line: 204
   Module: ModPerl::RegistryCooker::default_handler (v1.42) Line: 170
   Module: ModPerl::Registry::handler (v1.99) Line: 31

ERROR: OTRS-CGI-10 Perl: 5.10.0 OS: linux Time: Wed Jan  5 12:01:30 2011

 Message: No such user 'amacquet'!

 Traceback (4944):
   Module: Kernel::System::CustomerUser::SetPreferences (v1.55.2.1) Line: 493
   Module: Kernel::System::CustomerAuth::Auth (v1.29) Line: 155
   Module: Kernel::System::Web::InterfaceCustomer::Run (v1.41.2.1) Line: 195
   Module: ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_customer_2epl::handler (unknown version) Line: 48
   Module: (eval) (v1.42) Line: 204
   Module: ModPerl::RegistryCooker::run (v1.42) Line: 204
   Module: ModPerl::RegistryCooker::default_handler (v1.42) Line: 170
   Module: ModPerl::Registry::handler (v1.99) Line: 31

 Message: No such object

 Traceback (4944):
   Module: Kernel::System::CustomerUser::LDAP::CustomerUserDataGet (v1.53.2.1) Line: 580
   Module: Kernel::System::CustomerUser::CustomerUserDataGet (v1.55.2.1) Line: 283
   Module: Kernel::System::CustomerAuth::Auth (v1.29) Line: 180
   Module: Kernel::System::Web::InterfaceCustomer::Run (v1.41.2.1) Line: 195
   Module: ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_customer_2epl::handler (unknown version) Line: 48
   Module: (eval) (v1.42) Line: 204
   Module: ModPerl::RegistryCooker::run (v1.42) Line: 204
   Module: ModPerl::RegistryCooker::default_handler (v1.42) Line: 170
   Module: ModPerl::Registry::handler (v1.99) Line: 31

ERROR: OTRS-CGI-10 Perl: 5.10.0 OS: linux Time: Wed Jan  5 12:01:30 2011

 Message: No such object

 Traceback (4944):
   Module: Kernel::System::CustomerUser::LDAP::CustomerUserDataGet (v1.53.2.1) Line: 580
   Module: Kernel::System::CustomerUser::CustomerUserDataGet (v1.55.2.1) Line: 283
   Module: Kernel::System::Web::InterfaceCustomer::Run (v1.41.2.1) Line: 199
   Module: ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_customer_2epl::handler (unknown version) Line: 48
   Module: (eval) (v1.42) Line: 204
   Module: ModPerl::RegistryCooker::run (v1.42) Line: 204
   Module: ModPerl::RegistryCooker::default_handler (v1.42) Line: 170
   Module: ModPerl::Registry::handler (v1.99) Line: 31

At the bottom of your link it is written :

If you cannot sync user data then you will have to add it manually via the user section in the admin interface of OTRS.

Does that mean that in some cases it is just impossible to authenticate customers against the LDAP ?
May there be an issue with the LDAP structure that could not "fit" with OTRS ? Does it make any sense ?

regards,
Antoine

[crythias]

It isn't this hard. It really really isn't. I implemented it in a copy/paste manner from the documentation ... If you would like, talk to me off list and let's work it out.