[SOLVED] - LDAP Agent Authentication Error

retro2707 · Post by **retro2707** » 17 Oct 2014, 15:47

Hi and thanks for reading,

Since I have implemented the LDAP Agent authentication and sync I have been setting this error in the logs. I dont understand why as the AD account it links to has a last name field.

Code: Select all

Oct 17 14:35:45 mfg-ky-otrs-s02 OTRS-CGI-01[8489]: [Error][Kernel::System::User::UserUpdate][Line:510]: Need UserLastname!

Additionally, I have also found that to authenticate I need to have already created the user in OTRS prior to the user logging on. Is this correct? If I dont, i get the following error.

Code: Select all

Oct 17 13:19:45 mfg-ky-otrs-s02 OTRS-CGI-01[8483]: [Notice][Kernel::System::User::GetUserData] Panic! No UserData for user: 'testOTRSuser'!!!

Please see my LDAP settings below. Have you got any ideas please?

Code: Select all


#authenticate agents via LDAP

$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'mfg-ps-pdc-s01.dal.local';
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=dal,dc=local';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';

$Self->{'AuthModule::LDAP::GroupDN'} = 'CN=OTRS Agents,OU=Domain Local Groups,OU=Security_Groups,OU=Global AD Management,OU=Mitchell Farrar Group,DC=DAL,DC=local';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';

$Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=otrs,CN=Users,DC=DAL,DC=local';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'blah';
$Self->{'AuthModule::LDAP::AlwaysFilter'} = '(mail=*)';

$Self->{'AuthModule::LDAP::Params'} = {
    port => 389,
    timeout => 120,
    async => 0,
    version => 3,
};

####LDAP sync with OTRS DB ####

# agent data sync against ldap
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = 'mfg-ps-pdc-s01.dal.local';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=dal,dc=local';
$Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'CN=otrs,CN=Users,DC=DAL,DC=local';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'blah';
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
    UserFirstname => 'givenName',
    UserLastname  => 'sn',
    UserEmail     => 'mail',
};

$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
    'users',
];

reneeb · Post by **reneeb** » 17 Oct 2014, 15:57

1st error: This comes from a customer where the 'sn' field is empty..

2nd: If the sync works, you do not need to have an existing DB entry in advance. Set the 'sn' field for testOTRSuser in your LDAP and it should work.

retro2707 · Post by **retro2707** » 17 Oct 2014, 16:14

Thanks reneeb, your reply got me thinking on the right lines.

What I did to fix it (and also fix the Panic! error) was to change the code to the following

Code: Select all

$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
    UserFirstname => 'givenName',
    UserLastname  => 'givenName',
    UserEmail     => 'mail',
};

This then worked with a new user and didnt generate any errors. Obviously the user then had 2 first names. So I changed it back to its old value:

Code: Select all

$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
    UserFirstname => 'givenName',
    UserLastname  => 'sn',
    UserEmail     => 'mail',
};

I tried to create another user and this worked too! With exactly the same settings as before. Go figure, I dont know if the act of me changing it and getting it working once fixed something but hey ho. Issue fixed.

Thanks for your help

Znuny Open Source Ticketsystem

[SOLVED] - LDAP Agent Authentication Error

[SOLVED] - LDAP Agent Authentication Error

Re: LDAP Agent Authentication Error

[Solved] LDAP Agent Authentication Error