Allow agent login to customer

rtorres · Post by **rtorres** » 21 Jun 2012, 18:48

As title states, how do we allow the agents to login to the customer portal?

jojo · Post by **jojo** » 21 Jun 2012, 19:07

they need to be in customer database

rtorres · Post by **rtorres** » 25 Jul 2012, 20:19

And I do this by adding another ldap connection in the customer authentication settings for the AD groups the agents are currently assigned to right?

rtorres · Post by **rtorres** » 31 Jul 2012, 00:31

Alright I have tried adding a second ldap connection and cannot get the admins to log into the customer page. Any one ever do this successfully and if so, how?

Post by **crythias** » 31 Jul 2012, 00:38

rtorres wrote: Any one ever do this successfully and if so, how?

Yes, multiple times, and there are multiple setups throughout the forum.

Please present your Config.pm with passwords redacted so we might troubleshoot your install.

rtorres · Post by **rtorres** » 31 Jul 2012, 01:09

Please feel free to edit out what does not need to be there to help cleanup the amount of text in config.pm. Sadly I have tried so much that I am not even sure what is supposed to be there anymore

Code: Select all


# --
# Kernel/Config.pm - Config file for OTRS kernel
# Copyright (C) 2001-2011 xxx, http://otrs.org/
# --
# $Id: Config.pm.dist,v 1.25 2011/09/16 10:58:28 mg Exp $
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (AGPL). If you
# did not receive this file, see http://www.gnu.org/licenses/agpl.txt.
# --
#  Note:
#
#  -->> OTRS does have a lot of config settings. For more settings
#       (Notifications, Ticket::ViewAccelerator, Ticket::NumberGenerator,
#       LDAP, PostMaster, Session, Preferences, ...) see
#       Kernel/Config/Defaults.pm and copy your wanted lines into "this"
#       config file. This file will not be changed on update!
#
# --

package Kernel::Config;

use utf8;

sub Load {
    my $Self = shift;
    # ---------------------------------------------------- #
    # ---------------------------------------------------- #
    #                                                      #
    #         Start of your own config options!!!          #
    #                                                      #
    # ---------------------------------------------------- #
    # ---------------------------------------------------- #

    # ---------------------------------------------------- #
    # database settings                                    #
    # ---------------------------------------------------- #
    # DatabaseHost
    # (The database host.)
    $Self->{'DatabaseHost'} = 'localhost';
    # Database
    # (The database name.)
    $Self->{'Database'} = 'otrs';
    # DatabaseUser
    # (The database user.)
    $Self->{'DatabaseUser'} = 'xxxxxxxxxx';
    # DatabasePw
    # (The password of database user. You also can use bin/otrs.CryptPassword.pl
    # for crypted passwords.)
    $Self->{'DatabasePw'} = 'xxxxxxxxxxxxxxxxxxx';
    # DatabaseDSN
    # (The database DSN for MySQL ==> more: "man DBD::mysql")
    $Self->{DatabaseDSN} = "DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost};";

    # (The database DSN for PostgreSQL ==> more: "man DBD::Pg")
    # if you want to use a local socket connection
#    $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};";
    # if you want to use a tcpip connection
#    $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};host=$Self->{DatabaseHost};";
    # if you have PostgresSQL 8.1 or earlier, activate the legacy driver with this line:
#    $Self->{DatabasePostgresqlBefore82} = 1;

    # ---------------------------------------------------- #
    # fs root directory
    # ---------------------------------------------------- #
    $Self->{Home} = 'C:/PROGRA~1/OTRS/OTRS';

    # ---------------------------------------------------- #
    # insert your own config settings "here"               #
    # config settings taken from Kernel/Config/Defaults.pm #
    # ---------------------------------------------------- #
    # $Self->{SessionUseCookie} = 0;
    # $Self->{CheckMXRecord} = 0;

    # ---------------------------------------------------- #

    # ---------------------------------------------------- #
    # data inserted by installer                           #
    # ---------------------------------------------------- #

    $Self->{LogModule}          = 'Kernel::System::Log::File';
    $Self->{LogModule::LogFile} = 'C:/PROGRA~1/OTRS/OTRS/var/log/otrs.log';
    # $DIBI$

  # This is an example configuration for an LDAP auth. backend.
    # (take care that Net::LDAP is installed!)
   $Self->{'AuthModule::UseSyncBackend'} = 'AuthSyncBackend';
   $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
   $Self->{'AuthModule::LDAP::Host'} = 'xxxxxxxxxx';
   $Self->{'AuthModule::LDAP::BaseDN'} = 'xxxxxxxxxx';
   $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';

    # The following is valid but would only be necessary if the
    # anonymous user do NOT have permission to read from the LDAP tree
   $Self->{'AuthModule::LDAP::SearchUserDN'} = 'xxxxxxxxxx';
   $Self->{'AuthModule::LDAP::SearchUserPw'} = 'xxxxxxxxxx';

       # In case you need to use OTRS in iso-charset, you can define this
    # by using this option (converts utf-8 data from LDAP to iso).
#    $Self->{'AuthModule::LDAP::Charset'} = 'iso-8859-1';

    # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
   $Self->{'AuthModule::LDAP::Params'} = {
       port    => 389,
       timeout => 120,
       async   => 0,
       version => 3,
   };
   # --------------------------------------------------- #
    # authentication sync settings                        #
    # (enable agent data sync. after succsessful          #
    # authentication)                                     #
    # --------------------------------------------------- #
    # This is an example configuration for an LDAP auth sync. backend.
    # (take care that Net::LDAP is installed!)
   $Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
   $Self->{'AuthSyncModule::LDAP::Host'} = 'xxxxxxxxxx';
   $Self->{'AuthSyncModule::LDAP::BaseDN'} = 'xxxxxxxxxx';
   $Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
   

    # The following is valid but would only be necessary if the
    # anonymous user do NOT have permission to read from the LDAP tree
   $Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'xxxxxxxxxx';
   $Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'xxxxxxxxxx';

    # in case you want to add always one filter to each ldap query, use
    # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
#    $Self->{'AuthSyncModule::LDAP::AlwaysFilter'} = '';

    # AuthSyncModule::LDAP::UserSyncMap
    # (map if agent should create/synced from LDAP to DB after successful login)
	$Self->{'AuthModule::UseSyncBackend'} = 'AuthSyncBackend';
   $Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
       # DB -> LDAP
       UserFirstname => 'givenName',
       UserLastname  => 'sn',
       UserEmail     => 'mail',
   };

    # In case you need to use OTRS in iso-charset, you can define this
    # by using this option (converts utf-8 data from LDAP to iso).
#    $Self->{'AuthSyncModule::LDAP::Charset'} = 'iso-8859-1';

    # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
#    $Self->{'AuthSyncModule::LDAP::Params'} = {
#        port    => 389,
#        timeout => 120,
#        async   => 0,
#        version => 3,
#    };

    # Die if backend can't work, e. g. can't connect to server.
#    $Self->{'AuthSyncModule::LDAP::Die'} = 1;
    # Die if backend can't work, e. g. can't connect to server.
#    $Self->{'AuthModule::LDAP::Die'} = 1;
# --------------------------------------------------- #
    # customer authentication settings                    #
    # (enable what you need, auth against otrs db,        #
    # against a LDAP directory, against HTTP basic        #
    # authentication and against Radius server)           #
    # --------------------------------------------------- #
# This is an example configuration for an LDAP auth. backend.
    # (take care that Net::LDAP is installed!)
   $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
   $Self->{'Customer::AuthModule::LDAP::Host'} = 'xxxxxxxxxx';
   $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'xxxxxxxxxx';
   $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
   $Self->{CustomerUser} = {
    Module => 'Kernel::System::CustomerUser::LDAP',
    Params => {
      Host => 'xxxxxxxxxx',
      BaseDN => 'xxxxxxxxxx',
      SSCOPE => 'sub',
      UserDN => 'xxxxxxxxxx',
      UserPw => 'xxxxxxxxxx',
    },
    CustomerKey => 'sAMAccountName',
    CustomerID => 'mail',
    CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserPostMasterSearchFields => ['mail'],
    CustomerUserNameFields => ['givenname', 'sn'],
    Map => [
      # note: Login, Email and CustomerID needed!
      # var, frontend, storage, shown, required, storage-type
#       [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
      [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
      [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
      [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
      [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
      [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
#       [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
#       [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
#       [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
    ],
  };
  
 
#    $Self->{'Customer::AuthModule::LDAP::Die'} = 1;
    # ---------------------------------------------------- #
    # ---------------------------------------------------- #
    #                                                      #
    #           End of your own config options!!!          #
    #                                                      #
    # ---------------------------------------------------- #
    # ---------------------------------------------------- #
}

# ---------------------------------------------------- #
# needed system stuff (don't edit this)                #
# ---------------------------------------------------- #
use strict;
use warnings;

use vars qw(@ISA $VERSION);
$VERSION = qw($Revision: 1.25 $)[1];

use Kernel::Config::Defaults;
push (@ISA, 'Kernel::Config::Defaults');

# -----------------------------------------------------#

1;

Post by **crythias** » 31 Jul 2012, 03:01

Removed the majority of comments:

Code: Select all

package Kernel::Config;

use utf8;

sub Load {
    my $Self = shift;
    $Self->{'DatabaseHost'} = 'localhost';
    $Self->{'Database'} = 'otrs';
    $Self->{'DatabaseUser'} = 'xxxxxxxxxx';
    $Self->{'DatabasePw'} = 'xxxxxxxxxxxxxxxxxxx';
    $Self->{DatabaseDSN} = "DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost};";
    $Self->{Home} = 'C:/PROGRA~1/OTRS/OTRS';
    $Self->{LogModule}          = 'Kernel::System::Log::File';
    $Self->{LogModule::LogFile} = 'C:/PROGRA~1/OTRS/OTRS/var/log/otrs.log';
   $Self->{'AuthModule::UseSyncBackend'} = 'AuthSyncBackend';
   $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
   $Self->{'AuthModule::LDAP::Host'} = 'xxxxxxxxxx';
   $Self->{'AuthModule::LDAP::BaseDN'} = 'xxxxxxxxxx';
   $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
   $Self->{'AuthModule::LDAP::SearchUserDN'} = 'xxxxxxxxxx';
   $Self->{'AuthModule::LDAP::SearchUserPw'} = 'xxxxxxxxxx';
   $Self->{'AuthModule::LDAP::Params'} = {
       port    => 389,
       timeout => 120,
       async   => 0,
       version => 3,
   };
   $Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
   $Self->{'AuthSyncModule::LDAP::Host'} = 'xxxxxxxxxx';
   $Self->{'AuthSyncModule::LDAP::BaseDN'} = 'xxxxxxxxxx';
   $Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
   $Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'xxxxxxxxxx';
   $Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'xxxxxxxxxx';
   $Self->{'AuthModule::UseSyncBackend'} = 'AuthSyncBackend';
   $Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
       # DB -> LDAP
       UserFirstname => 'givenName',
       UserLastname  => 'sn',
       UserEmail     => 'mail',
   };
   $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
   $Self->{'Customer::AuthModule::LDAP::Host'} = 'xxxxxxxxxx';
   $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'xxxxxxxxxx';
   $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
   $Self->{CustomerUser} = {
    Module => 'Kernel::System::CustomerUser::LDAP',
    Params => {
      Host => 'xxxxxxxxxx',
      BaseDN => 'xxxxxxxxxx',
      SSCOPE => 'sub',
      UserDN => 'xxxxxxxxxx',
      UserPw => 'xxxxxxxxxx',
    },
    CustomerKey => 'sAMAccountName',
    CustomerID => 'mail',
    CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserPostMasterSearchFields => ['mail'],
    CustomerUserNameFields => ['givenname', 'sn'],
    Map => [
      [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
      [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
      [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
      [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
      [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
    ],
  };
}

# ---------------------------------------------------- #
# needed system stuff (don't edit this)                #
# ---------------------------------------------------- #
use strict;
use warnings;

use vars qw(@ISA $VERSION);
$VERSION = qw($Revision: 1.25 $)[1];

use Kernel::Config::Defaults;
push (@ISA, 'Kernel::Config::Defaults');

# -----------------------------------------------------#

1;

So you don't have another entry for Customers for agents.

Code: Select all

   $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
   $Self->{'Customer::AuthModule::LDAP::Host'} = 'xxxxxxxxxx';
   $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'xxxxxxxxxx';
   $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';

You're missing about half of the required attributes for CustomerAuth see: http://doc.otrs.org/3.1/en/html/auth-ba ... h-backends (LDAP)

To add one for Agents, copy the Agent Auth as Customer Auth with appended index number (1-9?)

$Self->{'Customer::AuthModule1'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host1'} = 'agent host';
$Self->{'Customer::AuthModule::LDAP::BaseDN1'} = 'dn=agent,dn=domain,dn=org';
... (and so on for all the required entries)
(I'm using "agent" as a placeholder. The values should be identical to what is being used in "Auth" for agents)

That's authentication, then you need a user list:
http://doc.otrs.org/3.1/en/html/custome ... ckend-ldap
$Self->{CustomerUser1} = {
... Again, stuff that matches what you'd have for agent, applied to entries based upon the above documentation No need for index numbers inside the array's value. The array's CustomerUser1 key handles that.
};

rtorres · Post by **rtorres** » 01 Aug 2012, 01:41

First thanks for your help so far but I am guessing I must be stupid. I just don't understand what I am missing here..

I have the required data from ldap cause users can login and agents can login to their respective portals. If a customer tries to login to agent portal they get:

Panic, user authenticated but no user data can be found in OTRS DB!! Perhaps the user is invalid. Which does not bother me because I do not want them loggining into there anyway.

If Agent tries to login to customer they get

Login failed! Your user name or password was entered incorrectly.

I have tried using the customer1 and still get same results. Here is the code for authentication. Please advise me as to what or where things go.

Code: Select all


$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
   $Self->{'Customer::AuthModule::LDAP::Host'} = '10.x.x.x';
   $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'OU=Users,OU=xxx (xxx),DC=xxxx,DC=xxxx,DC=net';
   $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
   $Self->{CustomerUser} = {
    Module => 'Kernel::System::CustomerUser::LDAP',
    Params => {
      Host => '10.x.x.x',
      BaseDN => 'OU=Users,OU=xxx (xxxx),DC=xxxx,DC=xxxx,DC=net',
      SSCOPE => 'sub',
      UserDN => 'CN=xxxx,OU=Users,OU=xxxx (xxxx),DC=xxxxx,DC=xxxx,DC=net',
      UserPw => 'xxxxxxx',
    },
    CustomerKey => 'sAMAccountName',
    CustomerID => 'mail',
    CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserPostMasterSearchFields => ['mail'],
    CustomerUserNameFields => ['givenname', 'sn'],
    Map => [
      [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
      [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
      [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
      [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
      [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
    ],
  };
   $Self->{'Customer::AuthModule1'} = 'Kernel::System::CustomerAuth::LDAP';
   $Self->{'Customer::AuthModule::LDAP::Host1'} = '10.x.x.x';
   $Self->{'Customer::AuthModule::LDAP::BaseDN1'} = 'OU=Test,OU=xxxx (xxxx),DC=xxxxx,DC=xxxxx,DC=net';
   $Self->{'Customer::AuthModule::LDAP::UID1'} = 'sAMAccountName';
   $Self->{CustomerUser1} = {
    Module => 'Kernel::System::CustomerUser::LDAP',
    Params => {
      Host => '10.x.x.x',
      BaseDN => 'OU=Users,OU=xxxxxx (xxx),DC=xxx,DC=xxxxx,DC=net',
      SSCOPE => 'sub',
      UserDN => 'CN=xxxx,OU=Test,OU=xxxx (xxxx),DC=xxxxx,DC=xxxxxx,DC=net',
      UserPw => 'xxxxx',
    },
    CustomerKey => 'sAMAccountName',
    CustomerID => 'mail',
    CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserPostMasterSearchFields => ['mail'],
    CustomerUserNameFields => ['givenname', 'sn'],
    Map => [
      [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
      [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
      [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
      [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
      [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
    ],
  };

Post by **crythias** » 01 Aug 2012, 02:04

rtorres wrote:If Agent tries to login to customer they get

Login failed! Your user name or password was entered incorrectly.

Please post relevant log entry.
Also, (possibly) your BaseDN is too specific.
Your BaseDN should be broad, then use GroupDN and/or Filter to narrow.

rtorres · Post by **rtorres** » 01 Aug 2012, 17:41

I had to remove the customer auth1 code cause after I restarted the otrs services I get internal error 500. With it removed I get this in the log:

[Wed Aug 1 08:36:01 2012][Notice][Kernel::System::CustomerAuth::LDAP::Auth] CustomerUser: testadmin authentication failed, no LDAP entry found!BaseDN='OU=Users,OU=xxxx (xxxx),DC=xxxx,DC=xxxx,DC=net', Filter='(sAMAccountName=testadmin)', (REMOTE_ADDR: 10.x.xxx.xxx).

I have tried adding the AuthSyncModule as well to the customer section but still get the error above.

Post by **crythias** » 01 Aug 2012, 18:03

rtorres wrote:I get internal error 500

This would be poorly terminated commands. (misplaced semicolons, bad closings of quotes or other markers).

rtorres wrote:no LDAP entry found!BaseDN='OU=Users,OU=xxxx (xxxx),DC=xxxx,DC=xxxx,DC=net', Filter='(sAMAccountName=testadmin)',

This means that there is no LDAP entry with a sAMAccountName=testadmin in the BaseDN (or below, if you are using 'sub') you have provided.

rtorres · Post by **rtorres** » 01 Aug 2012, 18:12

Yes because testadmin is in the admin group not the Users group. Thats why it can't find it. That is where my problem stems from. I cannot get the system to auth agents in the customers portal. They can both login to their own portals fine.

Does anyone have a working copy of config.pm where an agent can login to customer they are willing to share so I can get some real world example where the hell I am going wrong.

Post by **crythias** » 01 Aug 2012, 20:23

If you know what the problem is related to the user, why post it and ask what to do?
I told you: change your BaseDN to be more inclusive. Then filter. Frankly, you can make your BaseDN=DC=xxxx,DC=xxxx,DC=net and EVERYONE in your domain can log into customer, and why not do that?

rtorres · Post by **rtorres** » 01 Aug 2012, 22:24

The problem is our admins (agents) are in a seperate group then the users. They do not reside in the USERS group they reside outside the USERS group. See where my problem is. If we resided int he same group it would not be a problem.

Post by **crythias** » 02 Aug 2012, 00:12

rtorres wrote:They do not reside in the USERS group they reside outside the USERS group. See where my problem is. If we resided int he same group it would not be a problem.

They are in the same domain, right?
Change your BaseDN.
No, really, change it.

If your agents aren't in your domain, then you will need to use a different active directory entry.
But you said:
BaseDN = OU=Users,OU=xxx (xxx),DC=xxxx,DC=xxxx,DC=net
BaseDN1 = OU=Test,OU=xxxx (xxxx),DC=xxxxx,DC=xxxxx,DC=net

If I can assume that the BaseDNs are the same domain name then change the BaseDN to
BaseDN = DC=xxxxx,DC=xxxxx,DC=net
It should use sub as default and find it, no matter how deep down to find the username.

Yes, it's true your agents are separate from users. How separate are they? Completely different domains? or just different OUs within a common BaseDN? All I can guess is the xxxxs match, but you're going to have to provide slightly more specific differences (I don't care if they're dc=Company1,dc=companydomain,dc=net and dc=Company2,dc=companydomain,dc=net as long as the searchuser has a reasonable ability to grab information from BaseDN=dc=companydomain,dc=net to cover both companies.

When you ask for a real world example, nobody can give you one, because it doesn't apply to you. The best I can tell you is look at the top of your ldap tree and get the dn of that entry as the BaseDN for customers. if agents and users can both be found under that top, you will find them.

rtorres · Post by **rtorres** » 02 Aug 2012, 01:01

the xxxxx are not specific. Just how many times I pushed the x button

If I set the auth to our main OU then it will include everyone as a customer. I don't want everyone as a customer unless I can set it that way and some how make it so that the agents in TEST ou are the only ones who can login to the agent portal.

Here is a example of what I am saying when they are not in the same ou.

Post by **crythias** » 02 Aug 2012, 02:06

rtorres wrote: I don't want everyone as a customer unless I can set it that way and some how make it so that the agents in TEST ou are the only ones who can login to the agent portal.

CustomerAuth affects customer.pl (customers)
Auth affects index.pl (agents)

There is generally no harm to make Customers as inclusive as possible. *EVERYONE* can be a customer.

rtorres · Post by **rtorres** » 02 Aug 2012, 02:20

So if I put it at the top level of our ou it adds the computers as users as well. Is there a way to filter that out?

Post by **crythias** » 02 Aug 2012, 02:32

you could use the ldap filter.
http://wiki.otterhub.org/index.php?titl ... _customers
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
# AlwaysFilter => '',
3.1: http://doc.otrs.org/3.1/en/html/custome ... ckend-ldap
3.1: http://doc.otrs.org/3.1/en/html/auth-ba ... ckend-ldap
3.1: http://doc.otrs.org/3.1/en/html/auth-ba ... ckend-ldap

Znuny Open Source Ticketsystem

Allow agent login to customer

Allow agent login to customer

Re: Allow agent login to customer

Re: Allow agent login to customer

Re: Allow agent login to customer

Re: Allow agent login to customer

Re: Allow agent login to customer

Re: Allow agent login to customer

Re: Allow agent login to customer

Re: Allow agent login to customer

Re: Allow agent login to customer

Re: Allow agent login to customer

Re: Allow agent login to customer

Re: Allow agent login to customer

Re: Allow agent login to customer

Re: Allow agent login to customer

Re: Allow agent login to customer

Re: Allow agent login to customer

Re: Allow agent login to customer

Re: Allow agent login to customer