[SOLVED]Authentication succeeded, but no customer record

Moderator: crythias

Locked
kool_kid
Znuny newbie
Posts: 86
Joined: 13 Feb 2011, 13:51
Znuny Version: 3

[SOLVED]Authentication succeeded, but no customer record

Post by kool_kid »

Hi,

I have already integrated my agents authentication with AD now I'm trying to integrate my AD with Customer authentication. My target is to enable customer authentication for all AD users on customer login. I do not want to put AD users in a group for authentication. Below is my current customer backend configuration, when I try to login with valid AD credentials it is throwing an error "Authentication succeeded, but no customer record is found in the customer backend. Please contact your administrator."

Code: Select all

  $Self->{'Customer :: AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
  $Self->{'Customer :: AuthModule :: LDAP :: Host'} = 'expl.d0dm.com';
  $Self->{'Customer :: AuthModule :: LDAP :: BaseDN'} = 'dc=d0dm,dc=com';
  $Self->{'Customer :: AuthModule :: LDAP :: UID'} = 'sAMAccountName';

  $Self->{'Customer :: AuthModule :: LDAP :: SearchUserDN'} = 'cn=test User,cn=users,dc=d0dm,dc=com';
  $Self->{'Customer :: AuthModule :: LDAP :: SearchUserPw'} = 'secret';
  $Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} => '(memberOf=OU=Users,OU=Head,dc=d0dm,dc=com)';

  $ Self-> {'Customer :: AuthModule :: LDAP :: UserSuffix'} = '@ d0dm.com';
  $Self->{'Customer :: AuthModule :: LDAP :: Params'} = {
    port => 389,
    timeout => 120,
    async => 0,
    version => 3,
};
Appreciate your help to resolve the problem. Let me know if im missing any config entries.
Last edited by kool_kid on 28 Jan 2013, 09:00, edited 1 time in total.
OTRS 3.1.10
Top
jojo
Znuny guru
Posts: 15020
Joined: 26 Jan 2007, 14:50
Znuny Version: Git Master
Contact:
Contact jojo

Re: Authentication succeeded, but no customer record is foun

Post by jojo »

there is no CustomerUser Database connected, just the Auth part...
"Production": OTRS™ 8, OTRS™ 7, STORM powered by OTRS
"Testing": ((OTRS Community Edition)) and git Master

Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
Top
kool_kid
Znuny newbie
Posts: 86
Joined: 13 Feb 2011, 13:51
Znuny Version: 3

Re: Authentication succeeded, but no customer record is foun

Post by kool_kid »

Jojo,

Thanks for reply. Yes I realized and changed my config to what looks like below. Is this correct?, becuz i still get an error in logs

[Notice][Kernel::System::CustomerAuth::LDAP::Auth] CustomerUser: Test.test (CN=Test Test,OU=IT,,DC=d0dm,DC=com) authentication ok (REMOTE_ADDR: 192.168.158.142).
[Error][Kernel::System::CustomerUser::SetPreferences][506] No such user 'Test.test'

Customer webpage continues to throw error "Authentication succeeded, but no customer record is found in the customer backend. Please contact your administrator."

Code: Select all

$Self->{CustomerUser} = {
    Name => 'LDAP Data Source',
    Module => 'Kernel::System::CustomerUser::LDAP',
    Params => {
        # ldap host
        Host => 'expl.d0dm.com',
        # ldap base dn
        BaseDN => 'dc=d0dm,dc=com',
        # search scope (one|sub)
        SSCOPE => 'sub',
        # The following is valid but would only be necessary if the
        # anonymous user does NOT have permission to read from the LDAP tree
        UserDN => 'cn=test User,cn=users,dc=d0dm,dc=com',
        UserPw => 'secret',
        # in case you want to add always one filter to each ldap query, use
        # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
#        AlwaysFilter => '(mail=*)',
#        AlwaysFilter => '(memberOf=dc=d0dm,dc=com)',
            # if both your frontend and your LDAP are unicode, use this:
            SourceCharset => 'utf-8',
            DestCharset   => 'utf-8',
            # if your frontend is unicode and the charset of your
            # ldap server is iso-8859-1, use these options.
            # SourceCharset => 'iso-8859-1',
            # DestCharset => 'utf-8',
            # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
            Params => {
                port => 389,
                timeout => 120,
                async => 0,
                version => 3,
            },
    },
    # customer unique id
    CustomerKey => 'sAMAccountName',
    # customer #
    CustomerID => 'mail',
    CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
#    CustomerUserSearchPrefix => '',
#    CustomerUserSearchSuffix => '*',
    #   CustomerUserSearchListLimit => 250,
    CustomerUserPostMasterSearchFields => ['mail'],
    CustomerUserNameFields => ['givenname', 'sn'],
    # show not own tickets in customer panel, CompanyTickets
#    CustomerUserExcludePrimaryCustomerID => 0,
    # add an ldap filter for valid users (expert setting)
#    CustomerUserValidFilter => '(!(description=locked))',
    # administrator can't change customer preferences
#    AdminSetPreferences => 0,
#    # cache time to live in sec. - cache any database queries
#    CacheTTL => 0,
    Map => [
        # note: Login, Email and CustomerID are mandatory!
        # var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly
        [ 'UserTitle',      'Title',      'title',           1, 0, 'var', '', 0 ],
        [ 'UserFirstname',  'Firstname',  'givenname',       1, 1, 'var', '', 0 ],
        [ 'UserLastname',   'Lastname',   'sn',              1, 1, 'var', '', 0 ],
        [ 'UserLogin',      'Username',   'uid',             1, 1, 'var', '', 0 ],
        [ 'UserEmail',      'Email',      'mail',            1, 1, 'var', '', 0 ],
        [ 'UserCustomerID', 'CustomerID', 'mail',            0, 1, 'var', '', 0 ],
#        [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1, 0, 'var', '', 0 ],
        [ 'UserPhone',      'Phone',      'telephonenumber', 1, 0, 'var', '', 0 ],
        [ 'UserAddress',    'Address',    'postaladdress',   1, 0, 'var', '', 0 ],
        [ 'UserComment',    'Comment',    'description',     1, 0, 'var', '', 0 ],
    ],
};
OTRS 3.1.10
Top
kool_kid
Znuny newbie
Posts: 86
Joined: 13 Feb 2011, 13:51
Znuny Version: 3

Re: Authentication succeeded, but no customer record is foun

Post by kool_kid »

I have resolved the issue, Thanks for help.

I was able to get the config from below thread, posted by ksbuchanan

viewtopic.php?f=61&t=7082

For reference I have pasted ksbuchanan's working config below. I'm using Windows 2008 R2 with MSSQL DB, OTRS version 3.1

Code: Select all

# ---------------------------------------------------- #
# OTRS Active Directory Integration Customers#
# ---------------------------------------------------- #

#Enable LDAP authentication for Customers / Users
  $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
  $Self->{'Customer::AuthModule::LDAP::Host'} = 'xxxxx';
  $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=xxxxx,dc=xxxxx';
  $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';

#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
  $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'CN=xxxxx,OU=Administrative-Generic Accounts,OU=MIS,DC=lmh,DC=cc';
  $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'xxxxx';

# ----------------------------------------------------   #
# OTRS Active Directory Integration Backed DB Customers  #
# ----------------------------------------------------   #

    $Self->{CustomerUser} = {
        Name => 'LMH Users',
        Module => 'Kernel::System::CustomerUser::LDAP',
        Params => {
            Host => 'xxxxx',
            BaseDN => 'dc=xxxxx,dc=xxxxx',
            SSCOPE => 'sub',
            UserDN => 'CN=xxxxx,OU=Administrative-Generic Accounts,OU=MIS,DC=lmh,DC=cc',
            UserPw => 'xxxxx',
            AlwaysFilter => '',
            Params => {
                port => 389,
                timeout => 120,
                async => 0,
                version => 3,
            },
        },
        CustomerKey => 'sAMAccountName',
        CustomerID => 'mail',
        CustomerUserListFields => ['cn', 'mail'],
        CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
        CustomerUserSearchListLimit => 250,
        CustomerUserPostMasterSearchFields => ['mail'],
        CustomerUserNameFields => ['givenname', 'sn'],
        CustomerUserExcludePrimaryCustomerID => 0,
        AdminSetPreferences => 0,
        Map => [
           [ 'UserSalutation', 'Title',      'title',           1, 0, 'var', '', 0 ],
            [ 'UserFirstname',  'Firstname',  'givenname',       1, 1, 'var', '', 0 ],
            [ 'UserLastname',   'Lastname',   'sn',              1, 1, 'var', '', 0 ],
            [ 'UserLogin',      'Username',   'sAMAccountName',             1, 1, 'var', '', 0 ],
            [ 'UserEmail',      'Email',      'mail',            1, 1, 'var', '', 0 ],
            [ 'UserCustomerID', 'CustomerID', 'mail',            0, 1, 'var', '', 0 ],
            [ 'UserPhone',      'Phone',      'telephonenumber', 1, 0, 'var', '', 0 ],
            [ 'UserAddress',    'Address',    'postaladdress',   1, 0, 'var', '', 0 ],
            [ 'UserComment',    'Comment',    'description',     1, 0, 'var', '', 0 ],
        ],
    };
OTRS 3.1.10
Top
Locked

Return to “Help”