[SOLVED] LDAP Customer Backend

Moderator: crythias

Locked
aph
Znuny superhero
Posts: 646
Joined: 20 Jun 2014, 12:11
Znuny Version: 3.3.9, 4.x, 5.x

[SOLVED] LDAP Customer Backend

Post by aph »

Hi all,

I have the following situation. I would like our customers to authenticate against an LDAP backend. The good news is, it works with the following settings:

Code: Select all

# CustomerUser
# (customer user ldap backend and settings)
    $Self->{CustomerUser} = {
        Name => 'LDAP Backend',
        Module => 'Kernel::System::CustomerUser::LDAP',
        Params => {
#            # ldap host
            Host => 'otrsserver.xxxx.local',
#            # ldap base dn
            BaseDN => 'dc=xxxx,dc=local',
#            # search scope (one|sub)
            SSCOPE => 'sub',
#            # The following is valid but would only be necessary if the
#            # anonymous user does NOT have permission to read from the LDAP tree
            UserDN => 'CN=otrs search,CN=Users,DC=xxxx,DC=local',
            UserPw => 'xxxx',
#            # in case you want to add always one filter to each ldap query, use
#            # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
#            AlwaysFilter => '',
#            # if both your frontend and your LDAP are unicode, use this:
#            SourceCharset => 'utf-8',
#            DestCharset   => 'utf-8',
#            # if your frontend is unicode and the charset of your
#            # ldap server is iso-8859-1, use these options.
#            # SourceCharset => 'iso-8859-1',
#            # DestCharset => 'utf-8',
#            # die if backend can't work, e. g. can't connect to server
#            Die => 0,
#            # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
            Params => {
#                port    => 389,
#                timeout => 120,
#                async   => 0,
#                version => 3,
		 inet4 => 1,
            },
        },
#        # customer unique id
        CustomerKey => 'userPrincipalName',
#        # customer #
        CustomerID => 'userPrincipalName',
#      CustomerUserListFields => ['cn', 'mail'],
#     CustomerUserSearchFields => ['uid', 'cn', 'mail'],
#        CustomerUserSearchPrefix => '',
#        CustomerUserSearchSuffix => '*',
        CustomerUserSearchListLimit => 250,
#    CustomerUserPostMasterSearchFields => ['mail'],
#   CustomerUserNameFields => ['givenname', 'sn'],
#        # show now own tickets in customer panel, CompanyTickets
#        CustomerUserExcludePrimaryCustomerID => 0,
#        # add a ldap filter for valid users (expert setting)
#        # CustomerUserValidFilter => '(!(description=gesperrt))',
#        # admin can't change customer preferences
#        AdminSetPreferences => 0,
#        # cache time to live in sec. - cache any ldap queries
#        CacheTTL => 0,
        Map => [
#            # note: Login, Email and CustomerID needed!
#            # var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly
#        [ 'UserTitle',      'Title',      'title',           1, 0, 'var', '', 0 ],
          [ 'UserFirstname',  'Firstname',  'givenname',       1, 1, 'var', '', 0 ],
           [ 'UserLastname',   'Lastname',   'sn',              1, 1, 'var', '', 0 ],
           [ 'UserLogin',      'Username',   'userPrincipalName',             1, 1, 'var', '', 0 ],
           [ 'UserEmail',      'Email',      'userPrincipalName',            1, 1, 'var', '', 0 ],
           [ 'UserCustomerID', 'CustomerID', 'userPrincipalName',            0, 1, 'var', '', 0 ],
#            # [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1, 0, 'var', '', 0 ],
#           [ 'UserPhone',      'Phone',      'telephonenumber', 1, 0, 'var', '', 0 ],
#          [ 'UserAddress',    'Address',    'postaladdress',   1, 0, 'var', '', 0 ],
#         [ 'UserComment',    'Comment',    'description',     1, 0, 'var', '', 0 ],
        ],
    };
The Customer::AuthModule parameter in SysConfig is set to DB. If I click on 'Customers' -> 'Customer Company Administration' I see 'Database backend' in the drop down list on the left. However, when I click on 'Customer'-> 'Customer User Administration', I get a 'script failed to send data' error. If I understand it right, the error occurs since customer users just authenticate against LDAP and there is no sync as in case of agents. What I would like, is to be able to manage customer users using the web frontend. In order to achieve this I appended the variables with 1, thinking the LDAP backend will be used as the second authentication instance, the SQL DB being the first instance. However, I get the 'script failed to send data' and can neither see the agent login page nor the customer login page. The corresponding log entries are:

Code: Select all

[Thu Jul 10 11:25:27 2014][Error][Kernel::System::Main::Require][100] Need module!
[Thu Jul 10 11:25:27 2014][Error][Kernel::System::CustomerUser::new][100] Can't load backend module !
What am I missing or is it not possible to configure OTRS the way I intend to?

Thanks a lot!
Last edited by aph on 11 Jul 2014, 13:19, edited 1 time in total.
OTRS 3.3.x (private/testing) on Windows Server 2008 with MSSQL database.
OTRS 3.3.x (private/testing) on CentOS with MySQL database and apache
Top
crythias
Moderator
Posts: 10170
Joined: 04 May 2010, 18:38
Znuny Version: 5.0.x
Location: SouthWest Florida, USA
Contact:
Contact crythias

Re: LDAP Customer Backend

Post by crythias »

aph wrote:the SQL DB being the first instance.
assume that the default backend is being managed by Defaults.pm/Config.pm/SysConfig and is the DB. It works. Let's ignore it.

Then we need an additional backend ...
Just like LDAP Troubleshooting

You'll need a Customer Authentication (are you allowed?) and a Customer User (tell me about yourself).

But since this is *additional* to DB, we'll need to append a number index for those things we're setting up for LDAP:

$Self->{CustomerUser1} = {

etc.

(Please click the links above for documentation.)
OTRS 6.0.x (private/testing/public) on Linux with MySQL database.
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
Top
aph
Znuny superhero
Posts: 646
Joined: 20 Jun 2014, 12:11
Znuny Version: 3.3.9, 4.x, 5.x

Re: LDAP Customer Backend

Post by aph »

Are you allowed:
Customers authenticate against an LDAP backend. Here, a number index (1) is appended to attributes (AuthModuel1, Host1 and so on)

Code: Select all

# This is an example configuration for an LDAP auth. backend.
    # (take care that Net::LDAP is installed!)
    $Self->{'Customer::AuthModule1'} = 'Kernel::System::CustomerAuth::LDAP';
    $Self->{'Customer::AuthModule::LDAP::Host1'} = 'otrsserver.xxxx.local';
    $Self->{'Customer::AuthModule::LDAP::BaseDN1'} = 'dc=xxxx,dc=local';
    $Self->{'Customer::AuthModule::LDAP::UID1'} = 'userPrincipalName';

    # Check if the user is allowed to auth in a posixGroup
    # (e. g. user needs to be in a group xyz to use otrs)
    $Self->{'Customer::AuthModule::LDAP::GroupDN1'} = 'CN=OTRS_CUSTOMERS,CN=Users,DC=xxxx,DC=local';
    $Self->{'Customer::AuthModule::LDAP::AccessAttr1'} = 'member'; #Default is 'memberUid'; but nicht festgelegt in AD'
    # for ldap posixGroups objectclass (just uid)
#    $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID';
    # for non ldap posixGroups objectclass (full user dn)
#    $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN';

    # The following is valid but would only be necessary if the
    # anonymous user do NOT have permission to read from the LDAP tree
    $Self->{'Customer::AuthModule::LDAP::SearchUserDN1'} = 'CN=otrs search,CN=Users,DC=xxxx,DC=local';
    $Self->{'Customer::AuthModule::LDAP::SearchUserPw1'} = 'xxxx';

    # in case you want to add always one filter to each ldap query, use
    # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
#   $Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '';

    # in case you want to add a suffix to each customer login name, then
    # you can use this option. e. g. user just want to use user but
    # in your ldap directory exists user@domain.
#    $Self->{'Customer::AuthModule::LDAP::UserSuffix'} = '@domain.com';

    # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
    $Self->{'Customer::AuthModule::LDAP::Params1'} = {
#        port    => 389,
#        timeout => 120,
#        async   => 0,
#        version => 3,
		inet4 => 1,
    };
Tell me about yourself.
Below is my customer user. As you had suggested, I appended a number index (1) to 'CustomerUser':

Code: Select all

$Self->{CustomerUser1} = {
        Name1 => 'LDAP Backend',
        Module1 => 'Kernel::System::CustomerUser::LDAP',
        Params1 => {
#            # ldap host
            Host1 => 'otrsserver.xxxx.local',
#            # ldap base dn
            BaseDN1 => 'dc=xxxx,dc=local',
#            # search scope (one|sub)
            SSCOPE1 => 'sub',
#            # The following is valid but would only be necessary if the
#            # anonymous user does NOT have permission to read from the LDAP tree
            UserDN1 => 'CN=otrs search,CN=Users,DC=xxxx,DC=local',
            UserPw1 => 'xxxx',
#            # in case you want to add always one filter to each ldap query, use
#            # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
#            AlwaysFilter => '',
#            # if both your frontend and your LDAP are unicode, use this:
#            SourceCharset => 'utf-8',
#            DestCharset   => 'utf-8',
#            # if your frontend is unicode and the charset of your
#            # ldap server is iso-8859-1, use these options.
#            # SourceCharset => 'iso-8859-1',
#            # DestCharset => 'utf-8',
#            # die if backend can't work, e. g. can't connect to server
#            Die => 0,
#            # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
            Params1 => {
#                port    => 389,
#                timeout => 120,
#                async   => 0,
#                version => 3,
				 inet4 => 1,
            },
        },
#        # customer unique id
        CustomerKey1 => 'userPrincipalName',
#        # customer #
        CustomerID1 => 'userPrincipalName',
  #      CustomerUserListFields => ['cn', 'mail'],
   #     CustomerUserSearchFields => ['uid', 'cn', 'mail'],
#        CustomerUserSearchPrefix => '',
#        CustomerUserSearchSuffix => '*',
        CustomerUserSearchListLimit1 => 250,
    #    CustomerUserPostMasterSearchFields => ['mail'],
     #   CustomerUserNameFields => ['givenname', 'sn'],
#        # show now own tickets in customer panel, CompanyTickets
#        CustomerUserExcludePrimaryCustomerID => 0,
#        # add a ldap filter for valid users (expert setting)
#        # CustomerUserValidFilter => '(!(description=gesperrt))',
#        # admin can't change customer preferences
#        AdminSetPreferences => 0,
#        # cache time to live in sec. - cache any ldap queries
#        CacheTTL => 0,
        Map1 => [
#            # note: Login, Email and CustomerID needed!
#            # var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly
    #        [ 'UserTitle',      'Title',      'title',           1, 0, 'var', '', 0 ],
            [ 'UserFirstname',  'Firstname',  'givenname',       1, 1, 'var', '', 0 ],
            [ 'UserLastname',   'Lastname',   'sn',              1, 1, 'var', '', 0 ],
            [ 'UserLogin',      'Username',   'userPrincipalName',             1, 1, 'var', '', 0 ],
            [ 'UserEmail',      'Email',      'userPrincipalName',            1, 1, 'var', '', 0 ],
            [ 'UserCustomerID', 'CustomerID', 'userPrincipalName',            0, 1, 'var', '', 0 ],
#            # [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1, 0, 'var', '', 0 ],
 #           [ 'UserPhone',      'Phone',      'telephonenumber', 1, 0, 'var', '', 0 ],
  #          [ 'UserAddress',    'Address',    'postaladdress',   1, 0, 'var', '', 0 ],
   #         [ 'UserComment',    'Comment',    'description',     1, 0, 'var', '', 0 ],
        ],
    };
But it leads to the error 'script failed to send data' when I try to load customer.pl (not to mention index.pl)

Code: Select all

[Thu Jul 10 15:35:41 2014][Error][Kernel::System::Main::Require][100] Need module!
[Thu Jul 10 15:35:41 2014][Error][Kernel::System::CustomerUser::new][100] Can't load backend module !
I can get my users to authenticate against AD if I do not use the number index (CustomerUser1....), but then I can no more manage customer users via the web interface. So I have the 'either or' situation. Either I can have user authenticate against the AD or against the OTRS database but not both.

I do understand that by appending a number index to attributes, LDAP will be an additional backend for customer authentication just as in case of agents, where agents can log in using their AD credentials *and* I can create agents manually using the web frontend. I want to achieve the same with customer users.
OTRS 3.3.x (private/testing) on Windows Server 2008 with MSSQL database.
OTRS 3.3.x (private/testing) on CentOS with MySQL database and apache
Top
crythias
Moderator
Posts: 10170
Joined: 04 May 2010, 18:38
Znuny Version: 5.0.x
Location: SouthWest Florida, USA
Contact:
Contact crythias

Re: LDAP Customer Backend

Post by crythias »

Name1 => 'LDAP Backend',
Module1 => 'Kernel::System::CustomerUser::LDAP',
Params1 => {
# # ldap host
Host1 => 'otrsserver.xxxx.local',
# # ldap base dn
BaseDN1 => 'dc=xxxx,dc=local',
# # search scope (one|sub)
SSCOPE1 => 'sub',
# # The following is valid but would only be necessary if the
# # anonymous user does NOT have permission to read from the LDAP tree
UserDN1 => 'CN=otrs search,CN=Users,DC=xxxx,DC=local',
UserPw1 => 'xxxx',
# # in case you want to add always one filter to each ldap query, use
# # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
# AlwaysFilter => '',
# # if both your frontend and your LDAP are unicode, use this:
# SourceCharset => 'utf-8',
# DestCharset => 'utf-8',
# # if your frontend is unicode and the charset of your
# # ldap server is iso-8859-1, use these options.
# # SourceCharset => 'iso-8859-1',
# # DestCharset => 'utf-8',
# # die if backend can't work, e. g. can't connect to server
# Die => 0,
# # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
Params1 => {

no need to use 1 here. only the things in braces {}
OTRS 6.0.x (private/testing/public) on Linux with MySQL database.
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
Top
aph
Znuny superhero
Posts: 646
Joined: 20 Jun 2014, 12:11
Znuny Version: 3.3.9, 4.x, 5.x

Re: LDAP Customer Backend

Post by aph »

Sorry but I'm little confused. Do you mean appending 1 only to things inside the braces like here:

Code: Select all

# CustomerUser
# (customer user ldap backend and settings)
    $Self->{CustomerUser1} = {
        Name => 'LDAP Backend',
        Module => 'Kernel::System::CustomerUser::LDAP',
        Params => {
#            # ldap host
            Host1 => 'otrsserver.aphajco.local',
#            # ldap base dn
            BaseDN1 => 'dc=aphajco,dc=local',
#            # search scope (one|sub)
            SSCOPE1 => 'sub',
#            # The following is valid but would only be necessary if the
#            # anonymous user does NOT have permission to read from the LDAP tree
            UserDN1 => 'CN=otrs search,CN=Users,DC=aphajco,DC=local',
            UserPw1 => 'AjcoAm0l',
#            # in case you want to add always one filter to each ldap query, use
#            # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
#            AlwaysFilter => '',
#            # if both your frontend and your LDAP are unicode, use this:
#            SourceCharset => 'utf-8',
#            DestCharset   => 'utf-8',
#            # if your frontend is unicode and the charset of your
#            # ldap server is iso-8859-1, use these options.
#            # SourceCharset => 'iso-8859-1',
#            # DestCharset => 'utf-8',
#            # die if backend can't work, e. g. can't connect to server
#            Die => 0,
#            # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
            Params => {
#                port    => 389,
#                timeout => 120,
#                async   => 0,
#                version => 3,
		  inet4 => 1,
            },
        },
#        # customer unique id
        CustomerKey => 'userPrincipalName',
#        # customer #
        CustomerID => 'userPrincipalName',
  #      CustomerUserListFields => ['cn', 'mail'],
   #     CustomerUserSearchFields => ['uid', 'cn', 'mail'],
#        CustomerUserSearchPrefix => '',
#        CustomerUserSearchSuffix => '*',
        CustomerUserSearchListLimit => 250,
    #    CustomerUserPostMasterSearchFields => ['mail'],
     #   CustomerUserNameFields => ['givenname', 'sn'],
#        # show now own tickets in customer panel, CompanyTickets
#        CustomerUserExcludePrimaryCustomerID => 0,
#        # add a ldap filter for valid users (expert setting)
#        # CustomerUserValidFilter => '(!(description=gesperrt))',
#        # admin can't change customer preferences
#        AdminSetPreferences => 0,
#        # cache time to live in sec. - cache any ldap queries
#        CacheTTL => 0,
        Map => [
#            # note: Login, Email and CustomerID needed!
#            # var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly
    #        [ 'UserTitle',      'Title',      'title',           1, 0, 'var', '', 0 ],
            [ 'UserFirstname',  'Firstname',  'givenname',       1, 1, 'var', '', 0 ],
            [ 'UserLastname',   'Lastname',   'sn',              1, 1, 'var', '', 0 ],
            [ 'UserLogin',      'Username',   'userPrincipalName',             1, 1, 'var', '', 0 ],
            [ 'UserEmail',      'Email',      'userPrincipalName',            1, 1, 'var', '', 0 ],
            [ 'UserCustomerID', 'CustomerID', 'userPrincipalName',            0, 1, 'var', '', 0 ],
#            # [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1, 0, 'var', '', 0 ],
 #           [ 'UserPhone',      'Phone',      'telephonenumber', 1, 0, 'var', '', 0 ],
  #          [ 'UserAddress',    'Address',    'postaladdress',   1, 0, 'var', '', 0 ],
   #         [ 'UserComment',    'Comment',    'description',     1, 0, 'var', '', 0 ],
        ],
    };
I get the error

Code: Select all

[Thu Jul 10 16:39:57 2014][Error][Kernel::System::CustomerUser::LDAP::new][64] Need CustomerUser->Params->Host in Kernel/Config.pm
[Thu Jul 10 16:39:57 2014][Error][Kernel::System::CustomerUser::LDAP::new][64] Need CustomerUser->Params->Host in Kernel/Config.pm
[Thu Jul 10 16:39:57 2014][Error][Kernel::System::CustomerUser::LDAP::new][64] Need CustomerUser->Params->Host in Kernel/Config.pm
[Thu Jul 10 16:39:57 2014][Error][Kernel::System::CustomerUser::LDAP::new][64] Need CustomerUser->Params->Host in Kernel/Config.pm
[Thu Jul 10 16:39:57 2014][Error][Kernel::System::CustomerUser::LDAP::new][64] Need CustomerUser->Params->Host in Kernel/Config.pm
[Thu Jul 10 16:39:57 2014][Notice][Kernel::System::CustomerAuth::DB::Auth] CustomerUser: No auth record in 'customer_user' for 'xxxx.xxxx@xxxx.local' (REMOTE_ADDR: ::1)
[Thu Jul 10 16:39:57 2014][Notice][Kernel::System::CustomerAuth::LDAP::Auth] CustomerUser: customer.four@xxxx.local (CN=xxxx xxxx,CN=Users,DC=xxxx,DC=local) authentication ok (REMOTE_ADDR: ::1).
[Thu Jul 10 16:39:57 2014][Error][Kernel::System::CustomerUser::SetPreferences][587] No such user 'xxxx.xxxx@xxxx.local'!
Thanks.
OTRS 3.3.x (private/testing) on Windows Server 2008 with MSSQL database.
OTRS 3.3.x (private/testing) on CentOS with MySQL database and apache
Top
crythias
Moderator
Posts: 10170
Joined: 04 May 2010, 18:38
Znuny Version: 5.0.x
Location: SouthWest Florida, USA
Contact:
Contact crythias

Re: LDAP Customer Backend

Post by crythias »

no. only the things that are in braces immediately after $Self-> . nothing else.
OTRS 6.0.x (private/testing/public) on Linux with MySQL database.
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
Top
aph
Znuny superhero
Posts: 646
Joined: 20 Jun 2014, 12:11
Znuny Version: 3.3.9, 4.x, 5.x

Re: LDAP Customer Backend

Post by aph »

Well that gives me the same result as when I do not append '1' to things immediately $Self (i.e. CustomerUser to be explicit). Customers are able to log in (authenticate against AD) but when I want to manage customers using the web interface, I get the 'script failed to send data error'. My purpose is to have both options.
Proabably I did not understand what you meant by 'things in braces immediatly after $Self->'

Thanks
OTRS 3.3.x (private/testing) on Windows Server 2008 with MSSQL database.
OTRS 3.3.x (private/testing) on CentOS with MySQL database and apache
Top
crythias
Moderator
Posts: 10170
Joined: 04 May 2010, 18:38
Znuny Version: 5.0.x
Location: SouthWest Florida, USA
Contact:
Contact crythias

Re: LDAP Customer Backend

Post by crythias »

I don't know how to help you.
When I say, "things in braces immediately after $Self->" I mean, literally,
if you need to append a 1, because you're adding an additional back end, you only need to append the one in the entries in braces {} immediately after $Self->, with all other components as stated. It stops requiring the number 1 (or 2, 3, ...) when you reach the equals = sign.

$Self->{CustomerUser1} = {
#everything here is listed as copied from documentation, with values appropriate to your setup. Do not append numbers to keys.
}
aph wrote:I want to manage customers using the web interface, I get the 'script failed to send data error'. My purpose is to have both options.
I don't know what "manage customers using the web interface" means. You can't make changes to LDAP customers as they are read only.
I don't know what "script failed to send data error" comes from. I don't have this problem.
OTRS 6.0.x (private/testing/public) on Linux with MySQL database.
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
Top
aph
Znuny superhero
Posts: 646
Joined: 20 Jun 2014, 12:11
Znuny Version: 3.3.9, 4.x, 5.x

[SOLVED] Re: LDAP Customer Backend

Post by aph »

I get it. A number index is to be appended to only 'CustomerUser' (i.e. $Self-> {CustomerUser1}.

The 'script failed to send data' error does not occur anymore. On clicking 'Customers->Customer User Administration', I see a list of customer users - those in the first backend (i.e. Database Backend) as well as those in AD. I can 'mange customers using web interface', i.e. add a customer user to Database backend, set password etc. Similarly I can 'manage customers using AD', i.e. I can create a customer user in AD. The customer users can log in via customer login page.

When a customer user who is present in the database backend logs in via customer login page, he/she is authenticated against the database backend. The log message is:

Code: Select all

[Fri Jul 11 09:49:57 2014][Notice][Kernel::System::CustomerAuth::DB::Auth] CustomerUser: xxxx.xxxx@xxxx.local Authentication ok (REMOTE_ADDR: ::1).
When a customer user who is present in AD logs in via customer login page, he/she is first authenticated against the database backend. The authentication fails. The customer user is the authenticated against AD and the login is successful.

Code: Select all

[Fri Jul 11 09:48:26 2014][Notice][Kernel::System::CustomerAuth::DB::Auth] CustomerUser: No auth record in 'customer_user' for 'xxxx.xxxx@xxxx.local' (REMOTE_ADDR: ::1)
[Fri Jul 11 09:48:26 2014][Notice][Kernel::System::CustomerAuth::LDAP::Auth] CustomerUser: xxxx.xxxx@xxxx.local (CN=xxxx xxxx,CN=Users,DC=xxxx,DC=local) authentication ok (REMOTE_ADDR: ::1).
This is exactly how I intended it to be! Thanks
OTRS 3.3.x (private/testing) on Windows Server 2008 with MSSQL database.
OTRS 3.3.x (private/testing) on CentOS with MySQL database and apache
Top
Locked

Return to “Help”