Customer login failing [SOLVED]

ianatschool · Post by **ianatschool** » 03 Apr 2013, 16:07

I have my config file configured for ldap and the customer list is populated with the correct people from the folder I specified in my config file. They can't login to the customer portal though. When they try to login the log says "CustomerUser: [userid] authentication failed, no ldap group entry foundGroupDN='OU=Staff Members, OU=Company, DC=domain, DC=local, Filter......". I set it so everyone in the staff members OU would have a customer record which they do but they can't login. Config below

package Kernel::Config;

use utf8;

sub Load {
my $Self = shift;
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# #
# Start of your own config options!!! #
# #
# ---------------------------------------------------- #
# ---------------------------------------------------- #

# ---------------------------------------------------- #
# database settings #
# ---------------------------------------------------- #
$Self->{'DatabaseHost'} = 'localhost';
$Self->{'Database'} = 'otrs';
$Self->{'DatabaseUser'} = 'otrs';
$Self->{'DatabasePw'} = 'databasepassword';
$Self->{DatabaseDSN} = "DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost};";

# ---------------------------------------------------- #
# fs root directory
# ---------------------------------------------------- #
$Self->{Home} = 'D:/PROGRA~1/OTRS/OTRS';
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# data inserted by installer #
# ---------------------------------------------------- #

$Self->{LogModule} = 'Kernel::System::Log::File';
$Self->{LogModule::LogFile} = 'D:/PROGRA~1/OTRS/OTRS/var/log/otrs.log';
# $DIBI$

#Authentication for Customers - Custom
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'domaincontroller.domain.local';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=domain, dc=local';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'CN=User\, OTRS,OU=IT,OU=Staff Members,OU=Company,DC=domain,DC=local';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'userpassword';
$Self->{'Customer::AuthModule::LDAP::Params'} = {
port => '389',
Host => 'domaincontroller.domain.local',
BaseDN => 'OU=Staff Members,OU=Company,DC=domain,DC=local',
SSCOPE => 'sub',
UserDN => 'CN=User\, OTRS,OU=IT,OU=Staff Members,OU=Company,DC=domain,DC=local',
UserPw => 'userpassword'
};

$Self->{CustomerUser} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'domaincontroller.domain.local',
BaseDN => 'OU=Staff Members,OU=Company,DC=domain,DC=local',
SSCOPE => 'sub',
UserDN => 'CN=user\, OTRS,OU=IT,OU=Staff Members,OU=Company,DC=domain,DC=local',
UserPw => 'userpassword',
},
CustomerKey => 'sAMAccountName',
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
CustomerUserSearchListLimit => 400,
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
# [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
# [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
# [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
# [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};

#Add the following lines when only users are allowed to login if they reside in the specified security group
#Remove these lines if you want to provide login to all users specified in the User Base DN
#example: $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=BaseOU, dc=example, dc=com';
#$Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'OU=Staff Members,OU=Company,DC=domain,DC=local';
#$Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
#$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN'

# End of your own config options!!! #

}

# ---------------------------------------------------- #
# needed system stuff (don't edit this) #
# ---------------------------------------------------- #
use strict;
use warnings;

use vars qw(@ISA $VERSION);
$VERSION = qw($Revision: 1.25 $)[1];

use Kernel::Config::Defaults;
push (@ISA, 'Kernel::Config::Defaults');

# -----------------------------------------------------#

1;

Post by **crythias** » 03 Apr 2013, 16:27

ianatschool wrote:OU=IT,OU=Staff Members,OU=Company,DC=domain,DC=local

ianatschool wrote:BaseDN => 'OU=Staff Members,OU=Company,DC=domain,DC=local',

Make sure this makes sense in your object

ianatschool · Post by **ianatschool** » 03 Apr 2013, 16:43

I just replaced those so you wouldn't see company specific stuff so my config file does contain the correct lines (or so I thought)

ianatschool · Post by **ianatschool** » 03 Apr 2013, 17:03

Just found the issue.

Even though in my config file I had commented out the parts about only users being members of a group when looking at the config setting within OTRS itself, it had this section ticked. I unticked it and it works. Perhaps a bug.

Znuny Open Source Ticketsystem

Customer login failing [SOLVED]

Customer login failing [SOLVED]

Re: Customer login failing

Re: Customer login failing

Re: Customer login failing