different LDAP for users and customers

[JochnyWoo]

HI,

I just migrate OTRS from one server to another (to a vm).
Now I must set it to sync agents from ldap1 and customers from ldap2 (both of them on diffirent machines).

When I try to log as a client (with good credentials) otrs lokk up for that user in agents ldap instead of customers ldap.
Can somebody take an eye on my Config pm. and told me what I have wrong?

Code: Select all

# --
# Kernel/Config.pm - Config file for OTRS kernel
# Copyright (C) 2001-2006 OTRS GmbH, http://otrs.org/
# --
# $Id: Config.pm.dist,v 1.18 2006/09/07 16:15:41 mh Exp $
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (GPL). If you
# did not receive this file, see http://www.gnu.org/licenses/gpl.txt.
# --
#  Note:
#
#  -->> OTRS does have a lot of config settings. For more settings
#       (Notifications, Ticket::ViewAccelerator, Ticket::NumberGenerator,
#       LDAP, PostMaster, Session, Preferences, ...) see
#       Kernel/Config/Defaults.pm and copy your wanted lines into "this"
#       config file. This file will not be changed on update!
#
# --

package Kernel::Config;

BEGIN {
    if (-f '/etc/otrs/database.pm') {
      require '/etc/otrs/database.pm';
      if ($dbtype eq 'pgsql') {
          $dbport ||= '5432';
          our $dsn = "DBI:Pg:dbname";
      }
      else {
          $dbport ||= '3306';
          our $dsn = "DBI:mysql:database";
      }
    }
}

sub Load {
    my $Self = shift;
    # ---------------------------------------------------- #
    # ---------------------------------------------------- #
    #                                                      #
    #         Start of your own config options!!!          #
    #                                                      #
    # ---------------------------------------------------- #
    # ---------------------------------------------------- #

    # ---------------------------------------------------- #
    # database settings                                    #
    # ---------------------------------------------------- #
    # DatabaseHost
    # (The database host.)
    $Self->{DatabaseHost} = $dbserver || 'localhost';
    # Database
    # (The database name.)
    $Self->{Database} = $dbname || 'otrs2';
    # DatabaseUser
    # (The database user.)
    $Self->{DatabaseUser} = $dbuser || 'otrs';
    # DatabasePw
    # (The password of database user. You also can use bin/CryptPassword.pl
    # for crypted passwords.)
    #$Self->{DatabasePw} = $dbpass;
    $Self->{DatabasePw} = 'xxxxxxxxxxxxxxxxx';
    #$Self->{DatabasePw} = '{xxxxxxxxxxxxxxxxxxxxxxxxxxx}';
    # DatabaseDSN
    # (The database DSN for MySQL ==> more: "man DBD::mysql")
    $Self->{DatabaseDSN} = "$dsn=$Self->{Database};host=$Self->{DatabaseHost};port=$dbport;";

    # (The database DSN for PostgreSQL ==> more: "man DBD::Pg")
    # if you want to use a local socket connection
#    $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};";
    # if you want to use a tcpip connection
#    $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};host=$Self->{DatabaseHost};";

    # ---------------------------------------------------- #
    # fs root directory
    # ---------------------------------------------------- #
    $Self->{Home} = '/usr/share/otrs';

    # ---------------------------------------------------- #
    # insert your own config settings "here"               #
    # config settings taken from Kernel/Config/Defaults.pm #
    # ---------------------------------------------------- #
    # $Self->{SessionUseCookie} = 0;
    # $Self->{CheckMXRecord} = 0;

    # ---------------------------------------------------- #
    # switch off the web based installer for the Debian package
    $Self->{SecureMode} = 1;

    # ---------------------------------------------------- #
    # data inserted by installer                           #
    # ---------------------------------------------------- #
    # $DIBI$

    # ---------------------------------------------------- #
    # Customer Panel Settings                              #
    # ---------------------------------------------------- #
    $Self->{'CustomerPanelOwnSelection'} =  {
          'Customer' => 'Customer',
          'Customer Silver' => 'Customer Silver',
          'Customer Gold' => 'Customer Gold',
          'Customer Platinum' => 'Customer Platinum'
    };


############################################## LDAP AGENTS SYNCHRONIZATION ##########################################

#Admin passwords
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'agent_ldap_ip';
$Self->{'AuthModule::LDAP::BaseDN'} = 'ou=People,ou=POSIX Accounts,ou=groups,dc=fancyfon,dc=com';
$Self->{'AuthModule::LDAP::UID'} = 'uid';
$Self->{'AuthModule::LDAP::AlwaysFilter'} = '(!(employeeType=disabled))';
$Self->{'AuthModule::LDAP::Params'} = { port => 389, timeout => 120, async => 0, version => 3,};
#$Self->{'AuthModule::LDAP::GroupDN'} = 'cn=IM,cn=FancyFon Groups,ou=groups,dc=fancyfon,dc=com';
#$Self->{'AuthModule::LDAP::AccessAttr'} = 'memberUid';

$Self->{'UserSyncLDAPMap'} = {
# DB -> LDAP
    UserFirstname => 'givenName',
    UserLastname  => 'sn',
    UserEmail     => 'mail',
    };


# Now sync data with OTRS DB
$Self->{'AuthModule::UseSyncBackend'} = 'AuthSyncBackend';

    $Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
    $Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=companyname, dc=local';
    $Self->{'AuthSyncModule::LDAP::Host'} = 'agent_ldap_ip';
    $Self->{'AuthSyncModule::LDAP::BaseDN'} = 'ou=People,ou=POSIX Accounts,ou=groups,dc=fancyfon,dc=com';
    $Self->{'AuthSyncModule::LDAP::UID'} = 'uid';
    $Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'cn=famoc-admin,ou=groups,dc=fancyfon,dc=com';
    $Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'xxxxxxxxxxxxxxxxxxxxxx';

    $Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
        # DB -> LDAP
        UserFirstname => 'givenName',
        UserLastname  => 'sn',
        UserEmail     => 'mail',
        UserLogin       => 'uid'
        };

    # AuthSyncModule::LDAP::UserSyncInitialGroups
    # (sync following group with rw permission after initial create of first agent
    # login)
    $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
        'users',
    ];


############################################## LDAP AGENTS SYNCHRONIZATION ##########################################




##############################################   CUSTOMERS LDAP SYNCHRONIZATION ##########################################


#Customers authentication

$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'customer_ldap_ip';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=FancyFon Partners,dc=fancyfon,dc=com';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'uid';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = '';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = '';



$Self->{CustomerUser1} = {
Name => 'LDAP FancyFon Partners',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'customer_ldap_ip',
BaseDN => 'ou=FancyFon Partners,dc=fancyfon,dc=com',
SSCOPE => 'sub',
UserDN => '',
UserPw => '',
AlwaysFilter => '',
Params => {
port => 389, timeout => 120,
async => 0, version => 3,
},
},

# customer
CustomerKey => 'uid',
CustomerID => 'fancyCustomerNumber',
CustomerUserListFields => ['uid', 'cn', 'mail'],
CustomerUserSearchFields => ['uid', 'cn', 'mail'],
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
[ 'UserSalutation', 'Title', 'businessCategory', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'uid', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'uid', 'employeeNumber', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephoneNumber', 1, 0, 'var' ],
[ 'UserAddress', 'Address', 'postalAddress', 1, 0, 'var' ],
[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
# var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly
[ 'UserCustomerIDs', 'CustomerIDs', 'o', 1, 0, 'var',  ],
],
};


##############################################   CUSTOMERS LDAP SYNCHRONIZATION ##########################################


    # ---------------------------------------------------- #
    # ---------------------------------------------------- #
    #                                                      #
    #           End of your own config options!!!          #
    #                                                      #
    # ---------------------------------------------------- #
    # ---------------------------------------------------- #
}

# ---------------------------------------------------- #
# needed system stuff (don't edit this)                #
# ---------------------------------------------------- #
use strict;
use vars qw(@ISA $VERSION);
use Kernel::Config::Defaults;
push (@ISA, 'Kernel::Config::Defaults');
$VERSION = '$Revision: 1.18 $';
$VERSION =~ s/^\$.*:\W(.*)\W.+?$/$1/;
# -----------------------------------------------------#

[crythias]

customers are logging in at /customer.pl or /index.pl?

[JochnyWoo]

I wish they log in at: customer.pl
And there I tried to do this with the result described above.

[crythias]

assuming that there isn't any other overriding information in sysconfig, and that the customer is logging in at /customer.pl, they customer will be logged in against:

$Self->{'Customer::AuthModule::LDAP::Host'} = 'customer_ldap_ip';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=FancyFon Partners,dc=fancyfon,dc=com';
and then information looked up against:
Host => 'customer_ldap_ip',
BaseDN => 'ou=FancyFon Partners,dc=fancyfon,dc=com',

If you say differently, please present the OTRS logs for the customer login.

[JochnyWoo]

Yes it says difrrent - It looks like OTRS search for te test17 user in agents ldap instead of customers ldap.

Code: Select all

May  7 15:34:35 partners OTRS-CGI-10[3053]: [Notice][Kernel::System::Auth::LDAP::Auth] User: test17 authentication failed, no LDAP entry found!BaseDN='ou=People,ou=POSIX Accounts,ou=groups,dc=fancyfon,dc=com', Filter='(&(uid=test17)(!(employeeType=disabled)))', (REMOTE_ADDR: xx.xxx.xx.xxx).
May  7 15:34:35 partners OTRS-CGI-10[3053]: [Error][Kernel::System::User::UserLookup][Line:746]: No UserID found for 'test17'!

[crythias]

The only way this is going to happen is if the customer is logging in at /index.pl
unless you customized something ... Kernel::System::Auth is for /index.pl

[JochnyWoo]

I tried to login on /customer.pl - thats for sure.
Maybe I should taka a look on other configuration files?

So can anybody help me with my issue?

[JochnyWoo]

I still have this problem.
Can anybody help me with that case? Maybe the problem is that somehow customer.pl redirects to index.pl and then tries to login..

[JochnyWoo]

Can anybody give me a helping hand?

[JochnyWoo]

I cannot find where the error is, but what I do to make it works:
1. Uninstall otrs
2 Clean install of version that I migrated from.
3. Import only configuration file and database
4. Upgrade OTRS to most actual version.

And then: All works..

I really don't know why before there wasn't any chance to make it works.
So mod can close this topic.
(I must say that I am disappointed with the lack of support from the community of this forum.)