OTRS Active directory Intigration through LDAP Problem

[ssrinivasu]

Dear Sir,

I am using OTRS Version 4.

LDAP integration with Windows 2012 R2 Server Active Directory.

I am not able to login as a root@local host into OTRS/index.pl after AD integration through LDAP, but i can able to login as a customer.

Before AD integration i have created one Agent so i am able to login through that agent name in to otrs/index.pl

When i am trying to login as a agent otrsldap which is used for AD Sync, i am getting this error Panic, user authenticated but no user data can be found in OTRS DB!! Perhaps the user is invalid.

same user otrsldap I am able to login as a customer.

i have tried more options and i read docs, but still i am not able to understand.

Sir can you help me on below topics,

1) how to add Agents through LDAP Sync?
2) Do i must need to login as a root@local host?
3) I need to edit Config file for Agent Sync LDAP?
4) Can i recover root@localhost user?

Sir can you please help me on this issue because i am trying to fix this issue from past one month still problem not resolved.

Please tell me some tips.

Here is my config.pm file... Please check once...

Code: Select all

# This is an example configuration for using an MS AD backend
    $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
    $Self->{'AuthModule::LDAP::Host'} = 'ad.ssv.in';
    $Self->{'AuthModule::LDAP::BaseDN'} = 'DC=ad,DC=ssv,DC=in';
    $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
 
    # Check if the user is allowed to auth in a posixGroup
    # (e. g. user needs to be in a group OTRS_Agents to use otrs)
    #$Self->{'AuthModule::LDAP::GroupDN'} = 'cn=OTRS_Agents,ou=OTRS_Groups,dc=companyname,dc=local';
    #$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
    #$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
 
    # Bind credentials to log into AD
    $Self->{'AuthModule::LDAP::SearchUserDN'} = 'otrsldap';
    $Self->{'AuthModule::LDAP::SearchUserPw'} = 'Abcd_123';
 
    # in case you want to add always one filter to each ldap query, use
    # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
    $Self->{'AuthModule::LDAP::AlwaysFilter'} = '';
 
    # in case you want to add a suffix to each login name,  then
    # you can use this option. e. g. user just want to use user but
    # in your ldap directory exists user@domain.
    #$Self->{'AuthModule::LDAP::UserSuffix'} = '';
 
    # Net::LDAP new params (if needed - for more info see perldoc
Net::LDAP)
    $Self->{'AuthModule::LDAP::Params'} = {
        port => 389,
        timeout => 120,
        async => 0,
        version => 3,
		sscope => 'sub'
    };
 
    # Now sync data with OTRS DB
    $Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
    $Self->{'AuthSyncModule::LDAP::Host'} = 'ad.ssv.in';
    $Self->{'AuthSyncModule::LDAP::BaseDN'} = 'DC=ad,DC=ssv,DC=in';
    $Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
    $Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'otrsldap';
    $Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'Abcd_123';
 
    $Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
        # DB -> LDAP
        UserFirstname => 'givenName',
        UserLastname  => 'sn',
        UserEmail     => 'mail',
    };
 
    # AuthSyncModule::LDAP::UserSyncInitialGroups
    # (sync following group with rw permission after initial create of first agent
    # login)
    $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
        'customer_user',
    ];
	
	#Enable LDAP authentication for Customers / Users
    $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
    $Self->{'Customer::AuthModule::LDAP::Host'} = 'ad.ssv.in';
    $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'DC=ad,DC=ssv,DC=in';
    $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';

    # The following is valid but would only be necessary if the
    # anonymous user do NOT have permission to read from the LDAP tree
    $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrsldap';
    $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'Abcd_123';

    # CustomerUser
    # (customer user database backend and settings)
    $Self->{CustomerUser} = {
       Module => 'Kernel::System::CustomerUser::LDAP',
       Params => {
          Host => 'ad.ssv.in',
          BaseDN => 'DC=ad,DC=ssv,DC=in',
          SSCOPE => 'sub',
          UserDN =>'otrsldap',
          UserPw => 'Abcd_123',
       },

	   # customer unique id
       CustomerKey => 'sAMAccountName',
       # customer #
       CustomerID => 'mail',
       CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
       CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
       CustomerUserSearchPrefix => '',
       CustomerUserSearchSuffix => '*',
       CustomerUserSearchListLimit => 250,
       CustomerUserPostMasterSearchFields => ['mail'],
       CustomerUserNameFields => ['givenname', 'sn'],
       Map => [
          # note: Login, Email and CustomerID needed!
          # var, frontend, storage, shown, required, storage-type
          #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
          [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
          [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
          [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
          [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
          [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
          [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
          #[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
          #[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
       ],
    };

Thanks & Regards
S Srinivasu

[crythias]

Usually, agents will need to be established in the web interface before they can be authenticated. Even with sync.