Custustomer Frontend multiple AuthModules

[drivechip]

Hello everybody:

I try to configure OTTRS for multiple AuthModules and CustomerUsers. Unfortunately it seems not to work similar than for the agent interface.

Code: Select all

$Self->{'Customer::AuthModule1'} = 'Kernel::System::Auth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host1'} = '<ip>';
$Self->{'Customer::AuthModule::LDAP::BaseDN1'} = '<basedn>';
$Self->{'Customer::AuthModule::LDAP::UID1'} = 'sAMAccountName';

# The following is valid but would only be necessary if the
# anonymous user do NOT have permission to read from the LDAP tree
$Self->{'Customer::AuthModule::LDAP::SearchUserDN1'} = '<user>';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw1'} = '<geheim>';
$Self->{'Customer::AuthModule::LDAP::Params1'} = {
   port => 389,
   timeout => 60,
   async => 0,
   version => 3,
 };
 $Self->{'Csustomer::AuthModule::LDAP::Die1'} = 1;

$Self->{CustomerUser1} = {
   Name => 'LDAP Source',
   Module => 'Kernel::System::CustomerUser::LDAP',
   Params => {
      Host => '<ip>',
      BaseDN => '<basedn>',
      SSCOPE => 'sub',
      UserDN => '<user>',
      UserPw => '<geheim>',
      AlwaysFilter => '(objectclass=user)',
      port => 389,
      timeout => 60,
      async => 0,
      version => 3,
    },
   CustomerKey => 'sAMAccountName',
   CustomerID => '[customer_id]',
   CustomerUserListFields => ['sAMAccountName', 'sn', 'givenname', 'company',  'mail'],
   CustomerUserSearchFields => ['sAMAccountName', 'sn', 'givenname', 'company', 'mail'],
   CustomerUserPostMasterSearchFields => ['mail'],
   CustomerUserNameFields => ['givenname', 'sn'],
   CustomerUserValidFilter => '(company=*)',
   AdminSetPreferences => 0,
   Map => [
        [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
        [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
        [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
        [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
        [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
        [ 'UserCustomerID', 'CustomerID', 'company', 0, 1, 'var' ],
        [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
        [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
        [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
    ],
 };

 $Self->{CustomerUser2} = {
    Name => 'OTRS Database',
    Module => 'Kernel::System::CustomerUser::DB',
    Params => {
     Table => 'customer_user',
    },
    # customer unique id
    CustomerKey => 'login',
    CustomerID => 'customer_id',
    CustomerValid => 'valid_id',
    CustomerUserListFields => ['first_name', 'last_name', 'email'],
    CustomerUserSearchFields => ['login', 'last_name', 'customer_id'],
    CustomerUserSearchPrefix => '',
    CustomerUserSearchSuffix => '*',
    CustomerUserSearchListLimit => 250,
    CustomerUserPostMasterSearchFields => ['email'],
    CustomerUserNameFields => ['title','first_name','last_name'],
    CustomerUserEmailUniqCheck => 1,
    Map => [
        [ 'UserTitle',      'Title',      'title',        1, 0, 'var', '', 0 ],
        [ 'UserFirstname',  'Firstname',  'first_name',   1, 1, 'var', '', 0 ],
        [ 'UserLastname',   'Lastname',   'last_name',    1, 1, 'var', '', 0 ],
        [ 'UserLogin',      'Username',   'login',        1, 1, 'var', '', 0 ],
        [ 'UserPassword',   'Password',   'pw',           0, 0, 'var', '', 0 ],
        [ 'UserEmail',      'Email',      'email',        1, 1, 'var', '', 0 ],
        [ 'UserCustomerID', 'CustomerID', 'customer_id',  0, 1, 'var', '', 0 ],
        [ 'UserPhone',      'Phone',      'phone',        1, 0, 'var', '', 0 ],
        [ 'UserFax',        'Fax',        'fax',          1, 0, 'var', '', 0 ],
        [ 'UserMobile',     'Mobile',     'mobile',       1, 0, 'var', '', 0 ],
        [ 'UserStreet',     'Street',     'street',       1, 0, 'var', '', 0 ],
        [ 'UserZip',        'Zip',        'zip',          1, 0, 'var', '', 0 ],
        [ 'UserCity',       'City',       'city',         1, 0, 'var', '', 0 ],
        [ 'UserCountry',    'Country',    'country',      1, 0, 'var', '', 0 ],
        [ 'UserComment',    'Comment',    'comments',     1, 0, 'var', '', 0 ],                                                 [ 'ValidID',        'Valid',      'valid_id',     0, 1, 'int', '', 0 ],
    ],
    Selections => {
       UserTitle => {
          'Mr.' => 'Mr.',
          'Mrs.' => 'Mrs.',
       },
    },
 };

$Self->{'Customer::AuthModule2'} = 'Kernel::System::Auth::DB';
$Self->{'Customer::AuthModule::DB::CryptType2'} = 'crypt';

OTRS always tries to authenticate against the otrs db.
Futhermore the following errror is show in log:

Code: Select all

Need AuthModule::LDAP::Host1 in Kernel/Config.pm

Using just one AuthModule and CustomerUser works for both LDAP and otrs db.

[Wolfgangf]

Hi,

to my mind the prefix "Customer::" is wrong; see a working config below

Code: Select all

    $Self->{'AuthModule1'}  = 'Kernel::System::Auth::DB';

    my $adfilter = '(&(objectCategory=person)(objectclass=user)(mail=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))';

    $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
    $Self->{'AuthModule::LDAP::Host'} = <ip>;
    $Self->{'AuthModule::LDAP::BaseDN'} = 'DC=holding,DC=ah';
    $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
    $Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
    $Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=...';
    $Self->{'AuthModule::LDAP::SearchUserPw'} = 'secret';
    $Self->{'AuthModule::LDAP::AlwaysFilter'} = $adfilter;
    $Self->{'AuthModule::LDAP::Params'} = {
       # port => 389,
       port => 3268,
       timeout => 10, #--> activate LDAP 120,
       async => 0,
       version => 3,
    };

[drivechip]

Sorry, I don't get it. Without Customer:: Prefix the Options are for Backend Authentication, aren't they? Ist there no differentiation possible like in older OTRS versions?

[crythias]

$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
http://doc.otrs.org/3.1/en/html/auth-ba ... ckend-ldap

The issue is because you told CustomerAuth to authenticate using the module designed to authenticate users/agents. Because of that, it seeks the config items related to Auth::LDAP, not CustomerAuth::LDAP

[drivechip]

Thanks.

I changed the following lines

Code: Select all

$Self->{'Customer::AuthModule1'} = 'Kernel::System::CustomerAuth::LDAP';
...
$Self->{'Customer::AuthModule2'} = 'Kernel::System::CustomerAuth::DB';

Thanks for the hint. Know OTRS writes the following error into the log:

Code: Select all

Need CustomerAuthModule::DB::CustomerKey2 in Kernel/Config.pm! at /opt/otrs//Kernel/System/CustomerAuth/DB.pm line 40.\n

[crythias]

same problem, only db instead of ldap
$Self->{'Customer::AuthModule2'} = 'Kernel::System::Auth::DB';
$Self->{'Customer::AuthModule2'} = 'Kernel::System::CustomerAuth::DB';

[drivechip]

Sorry for my late answer, I was out of town.
I already changed the setting, see my previous post.

Code: Select all

$Self->{'Customer::AuthModule2'} = 'Kernel::System::CustomerAuth::DB';

[crythias]

you'll need to copy the CustomerAuth::DB section from Defaults.pm to Config.pm -- all of the uncommented section at least, and add the index 2.

[drivechip]

Thanks, it works.