[Solved] LDAP customers: customer_user_id & login ID

[rmstrath]

Please help!

Customers are able to authenticate and login using their LDAP Active Directory credentials. They can create tickets via the web interface and these are visible under "My Tickets".

However, any tickets submitted via email (as well as web tickets) are visible under "Company Tickets" (CompanyID is set to 'mail').

Problem is customer_user_id of email tickets is set to the email address forename.suraname@institution, but customer_user_id of webtickets is set to the login ID (sAMAccountName).

Ideally, everything should be visible under "My Tickets" rather than "Company Tickets".

I think there are two options:

1. perform an LDAP query on incoming email tickets to find sAMAccountName and set customer_user_id=sAMAccountName
2. have customers authenticate using their AD userID (sAMAccountName) but use the email address as the login ID and consequently have customer_user_id = email address for any web tickets.

But I don't know how to do either. Any help or alternative suggestions would be most appreciated.

Richard.

[crythias]

Problem is customer_user_id of email tickets is set to the email address forename.suraname@institution,

This is because your Config.pm of CustomerUser Map is referencing a field lookup for the email address that it can't find in ldap to match to a user.

What is your Config.pm?

Ideally, everything should be visible under "My Tickets" rather than "Company Tickets".

"My Tickets = current username" "Company Tickets = "customer_id""

viewtopic.php?f=60&t=16543
viewtopic.php?f=60&t=7531

[rmstrath]

This is because your Config.pm of CustomerUser Map is referencing a field lookup for the email address that it can't find in ldap to match to a user.

Are you saying that the OTRS attempts an LDAP search based on the email address for incoming tickets? When logging in via the web interface, it correctly matches a userid -> email address since I can see all the "company tickets" which have customer_id = email address (CustomerID => 'mail' in config below).

From my Config.pm

Code: Select all

      CustomerKey => 'sAMAccountName',
      CustomerID => 'mail',
      #CustomerID => '[customer_id]',
      CustomerUserListFields => ['sAMAccountName', 'sn', 'givenname', 'company',  'mail'],
      CustomerUserSearchFields => ['sAMAccountName', 'sn', 'givenname', 'company', 'mail'],
      CustomerUserPostMasterSearchFields => ['mail'],
      CustomerUserNameFields => ['givenname', 'sn'],
      CustomerUserValidFilter => '(company=*)',
      Map => [
        [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
        [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
        [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
        [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
        [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
        [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
        [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
        [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
        [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
      ],
    };

"My Tickets = current username" "Company Tickets = "customer_id""

I know, but "current username" = AD userID & "customer_id" / "customer_user_id" = incoming email address for email tickets.

I've already read both of the linked topics, but still couldn't figure it out.

Thanks.

[crythias]

Are you saying that the OTRS attempts an LDAP search based on the email address for incoming tickets?

Yes, it's practically the only user-identifying feature on a ticket.
Summary: check "from" address vs CustomerUserPostMasterSearchFields => ['mail'],

When logging in via the web interface, it correctly matches a userid -> email address since I can see all the "company tickets" which have customer_id = email address (CustomerID => 'mail' in config below).

Which makes sense, because the user asserts a login name at the web interface.

So, the real question is if the mail from address is different from LDAP mail stored attribute for given user.

[rmstrath]

So, the real question is if the mail from address is different from LDAP mail stored attribute for given user.

Don't think so. Email ticket from address:

Code: Select all

From: Archie contact <contact-archie@xxxxx.xx.xx>

LDAP query on userid:

Code: Select all

mail: contact-archie@xxxxx.xx.xx; 

Any ideas?

Many thanks.

[crythias]

any errors?

[rmstrath]

any errors?

Sorry - none.

[crythias]

Please edit your signature (see mine) so I can follow along with your OTRS Version, OS, database

Did you make changes to SysConfig as well as Config.pm for LDAP lookup?
For a ticket that is sent via email, what's the user information attached? does it look like Customer Information is there on ticket zoom or is it blank as if random person submitted it?
What's the username attached to the ticket?

[rmstrath]

Did you make changes to SysConfig as well as Config.pm for LDAP lookup?

No, but I set CustomerGroupSupport = Yes & CustomerGroupAlwaysGroups = users in Framework -> Frontend::Customer

For a ticket that is sent via email, what's the user information attached? does it look like Customer Information is there on ticket zoom or is it blank as if random person submitted it?
What's the username attached to the ticket?

There is no customer information or username visible on the ticket zoom - only the senders email address.

Customer Information reports "none"
Ticket Type reports "customer – email-external"
"From" reports the senders email address & CustomerID under the Ticket Information is the same email address.

Your help is much appreciated. Thanks.

[rmstrath]

Solved! ... but its late. Will tidy up and post solution tomorrow ...

[rmstrath]

After reading several posts, I can across one which suggested removing GroupDN from the LDAP search and changed CustomerUserValidFilter => '(company=*) to CustomerUserValidFilter => '(mail=*)'. We don't have a company tag in our user records, so that explains the null search in part. Don't know why GroupDN causes a problem.

Anyway working code is:

Code: Select all

    $Self->{CustomerUser} = {
      Name => 'LDAP Lookup',
      Module => 'Kernel::System::CustomerUser::LDAP',
      Params => {
        Host => 'XXXXXXXXXXX',
        BaseDN => 'XXXXXXXXXXXXXXXXX',
        SSCOPE => 'sub',
        UserDN => 'cn=XXXXX,ou=XXXXXXX,ou=XXXXX,dc=XX,dc=XXXX,dc=XX,dc=XX',
        UserPw => 'XXXXXXXX',
        AlwaysFilter => '',
      # GroupDN => 'ou=XXXXX,dc=XX,dc=XXXXX,dc=XX,dc=XX',
      # AccessAttr => 'member',
      # UserAttr => 'DN',
      },
      CustomerKey => 'sAMAccountName',
      CustomerID => 'mail',
      CustomerUserListFields => ['sAMAccountName', 'sn', 'givenname', 'company',  'mail'],
      CustomerUserSearchFields => ['sAMAccountName', 'sn', 'givenname', 'company', 'mail'],
      CustomerUserPostMasterSearchFields => ['mail'],
      CustomerUserNameFields => ['givenname', 'sn'],
      CustomerUserValidFilter => '(mail=*)(lockoutTime=0)',
      Map => [
        [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
        [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
        [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
        [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
        [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
        [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
        [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
        [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
        [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
      ],
    };

Now, incoming tickets are properly mapped to the LDAP userID and both email & web tickets can be viewed under "My Tickets" by the Customer. In fact, any ticket can be updated either by email or via the customer.pl interface - perfect!