ich habe sowohl meine Agenten als auch meine Customer auf LDAP umgestellt. Der Benutzername soll die Personalnummer sein. Da bereits ca. 20 Customer angelegt waren (in der DB), habe ich die Benutzernamen dieser angelegten Customer umbenannt in ihre Personalnummer (vorher war ein anderer Benutzername aus den ersten zwei Buchstaben von Vor- und Nachname gesetzt). Ein Login mit den LDAP-Daten war damit möglich und ich sparte mir den Weg über den GenericAgent, mit dem ich die alten Tickets auf die neuen User umschreiben hätte müssen.
Jetzt kommen aber neue Benutzer hinzu, die im LDAP existieren aber nicht in der Datenbank. Bei diesen Benutzern kommt beim Login die Meldung:
Authentifizierung erfolgreich, aber im Kunden Backend wurde kein Kunden Eintrag gefunden. Bitte kontaktieren Sie Ihren Administrator.
Ich habe folgende Config.pm:
Code: Select all
package Kernel::Config;
use strict;
use warnings;
use utf8;
sub Load {
my $Self = shift;
# ---------------------------------------------------- #
# database settings #
# ---------------------------------------------------- #
# The database host
$Self->{'DatabaseHost'} = '127.0.0.1';
# The database name
$Self->{'Database'} = "otrs";
# The database user
$Self->{'DatabaseUser'} = "otrs";
# The password of database user. You also can use bin/otrs.CryptPassword.pl
# for crypted passwords
$Self->{'DatabasePw'} = 'XXXXXXXXXX';
# The database DSN for MySQL ==> more: "perldoc DBD::mysql"
$Self->{'DatabaseDSN'} = "DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost}";
# The database DSN for Microsoft SQL Server - only supported if OTRS is
# installed on Windows as well
# $Self->{DatabaseDSN} = "DBI:ODBC:driver={SQL Server};Database=$Self->{Database};Server=$Self->{DatabaseHost},1433";
# The database DSN for Oracle ==> more: "perldoc DBD::oracle"
# $Self->{DatabaseDSN} = "DBI:Oracle://$Self->{DatabaseHost}:1521/$Self->{Database}";
#
# $ENV{ORACLE_HOME} = '/path/to/your/oracle';
# $ENV{NLS_DATE_FORMAT} = 'YYYY-MM-DD HH24:MI:SS';
# $ENV{NLS_LANG} = 'AMERICAN_AMERICA.AL32UTF8';
# ---------------------------------------------------- #
# fs root directory
# ---------------------------------------------------- #
$Self->{Home} = '/opt/otrs';
# ---------------------------------------------------- #
# insert your own config settings "here" #
# config settings taken from Kernel/Config/Defaults.pm #
# ---------------------------------------------------- #
# $Self->{SessionUseCookie} = 0;
# $Self->{CheckMXRecord} = 0;
# ---------------------------------------------------- #
###########################################################
## Agent Auth aus DB
###########################################################
#Agenten Authentifizierung DB
# Backend DB fuer Agenten
$Self->{'AuthModule1'} = 'Kernel::System::Auth::DB';
$Self->{'AuthModule1::DB::CryptType'} = 'crypt';
###########################################################
# LDAP Agent
###########################################################
# This is an example configuration for an LDAP auth. backend.
# (Make sure Net::LDAP is installed!)
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'ldaps://FIRMA.de';
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=FIRMA,dc=de';
$Self->{'AuthModule::LDAP::UID'} = 'employeeNumber';
# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group xyz to use otrs)
$Self->{'AuthModule::LDAP::GroupDN'} = 'ou=people,dc=FIRMA,dc=de';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'employeeNumber';
# for ldap posixGroups objectclass (just uid)
$Self->{'AuthModule::LDAP::UserAttr'} = 'employeeNumber';
# for non ldap posixGroups objectclass (with full user dn)
# $Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
# The following is valid but would only be necessary if the
# anonymous user do NOT have permission to read from the LDAP tree
$Self->{'AuthModule::LDAP::SearchUserDN'} = '';
$Self->{'AuthModule::LDAP::SearchUserPw'} = '';
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
$Self->{'AuthModule::LDAP::AlwaysFilter'} = '(memberOf=cn=otrs-FIRMA-agenten,ou=programme,ou=groups,dc=FIRMA,dc=de)';
# in case you want to add a suffix to each login name, then
# you can use this option. e. g. user just want to use user but
# in your ldap directory exists user@domain.
# $Self->{'AuthModule::LDAP::UserSuffix'} = '@domain.com';
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'AuthModule::LDAP::Params'} = {
port => 636,
timeout => 120,
async => 0,
version => 3,
SourceCharset => 'utf8',
#DestCharset => 'iso-8859-1',
};
###########################################################
## LDAP Sync
###########################################################
# defines AuthSyncBackend (AuthSyncModule) for AuthModule
# if this key exists and is empty, there won't be a sync.
# example values: AuthSyncBackend, AuthSyncBackend2
$Self->{'AuthModule::UseSyncBackend'} = 'AuthSyncBackend';
# agent data sync against ldap
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = 'ldaps://FIRMA.de';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=FIRMA,dc=de';
$Self->{'AuthSyncModule::LDAP::UID'} = 'employeeNumber';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'anonymous';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = '';
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
# DB -> LDAP
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
############################################################
### DB Customer
############################################################
#
## 1. Customer user backend: DB
## (customer database backend and settings)
#$Self->{CustomerUser1} = {
# Name => 'Customer Database DB',
# Module => 'Kernel::System::CustomerUser::DB',
# Params => {
# # if you want to use an external database, add the
# # required settings
## DSN => 'DBI:odbc:yourdsn',
## Type => 'mssql', # only for ODBC connections
## DSN => 'DBI:mysql:database=customerdb;host=customerdbhost',
## User => '',
## Password => '',
# #SourceCharset => 'utf-8',
# #DestCharset => 'iso-8859-1',
# Table => 'customer_user',
# },
# # customer unique id
# CustomerKey => 'login',
# # customer #
# CustomerID => 'customer_id',
# CustomerValid => 'valid_id',
# CustomerUserListFields => ['first_name', 'last_name', 'email'],
# CustomerUserSearchFields => ['login', 'last_name', 'customer_id'],
# CustomerUserSearchPrefix => '',
# CustomerUserSearchSuffix => '*',
# CustomerUserSearchListLimit => 250,
# CustomerUserPostMasterSearchFields => ['email'],
# CustomerUserNameFields => ['title','first_name','last_name'],
# CustomerUserEmailUniqCheck => 1,
## # show not own tickets in customer panel, CompanyTickets
## CustomerUserExcludePrimaryCustomerID => 0,
## # generate auto logins
## AutoLoginCreation => 0,
## AutoLoginCreationPrefix => 'auto',
## # admin can change customer preferences
## AdminSetPreferences => 1,
## # cache time to live in sec. - cache any database queries
## CacheTTL => 0,
## # just a read only source
## ReadOnly => 1,
# Map => [
#
# # note: Login, Email and CustomerID needed!
# # var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly, http-link-target
# [ 'UserTitle', 'Title', 'title', 1, 0, 'var', '', 0 ],
# [ 'UserFirstname', 'Firstname', 'first_name', 1, 1, 'var', '', 0 ],
# [ 'UserLastname', 'Lastname', 'last_name', 1, 1, 'var', '', 0 ],
# [ 'UserLogin', 'Username', 'login', 1, 1, 'var', '', 0 ],
# [ 'UserPassword', 'Password', 'pw', 0, 0, 'var', '', 0 ],
# [ 'UserEmail', 'Email', 'email', 1, 1, 'var', '', 0 ],
# [ 'UserCustomerID', 'CustomerID', 'customer_id', 0, 1, 'var', '', 0 ],
# [ 'UserPhone', 'Phone', 'phone', 1, 0, 'var', '', 0 ],
# [ 'UserFax', 'Fax', 'fax', 1, 0, 'var', '', 0 ],
# [ 'UserMobile', 'Mobile', 'mobile', 1, 0, 'var', '', 0 ],
# [ 'UserStreet', 'Street', 'street', 1, 0, 'var', '', 0 ],
# [ 'UserZip', 'Zip', 'zip', 1, 0, 'var', '', 0 ],
# [ 'UserCity', 'City', 'city', 1, 0, 'var', '', 0 ],
# [ 'UserCountry', 'Country', 'country', 1, 0, 'var', '', 0 ],
# [ 'UserComment', 'Comment', 'comments', 1, 0, 'var', '', 0 ],
# [ 'ValidID', 'Valid', 'valid_id', 0, 1, 'int', '', 0 ],
# ],
# # default selections
# Selections => {
# UserTitle => {
# #'Mr.' => 'Herr',
# #'Mrs.' => 'Frau',
# },
# },
#};
###########################################################
## LDAP Customer
###########################################################
#Enable LDAP authentication for Customers / Users
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'ldaps://oc.FIRMA.de';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=people,dc=FIRMA,dc=de';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'employeeNumber';
#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'anonymous';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = '';
#CustomerUser
#(customer user database backend and settings)
$Self->{CustomerUser} = {
Name => 'LDAP Data Source',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'ldaps://oc.FIRMA.de',
BaseDN => 'ou=people,dc=FIRMA,dc=de',
SSCOPE => 'sub',
UserDN =>'anonymous',
UserPw => '',
#SourceCharset => 'utf8',
SourceCharset => 'utf-8',
#DestCharset => 'iso-8859-1',
AlwaysFilter => '(memberOf=cn=otrs-FIRMA-customer,ou=programme,ou=groups,dc=FIRMA,dc=de)',
},
# customer unique id
CustomerKey => 'employeeNumber',
# customer #
CustomerID => 'departmentNumber',
CustomerUserListFields => ['uid', 'cn', 'mail'],
CustomerUserSearchFields => ['employeeNumber', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'employeeNumber', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'departmentNumber', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
#[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
#[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
# ---------------------------------------------------- #
# data inserted by installer #
# ---------------------------------------------------- #
# $DIBI$
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# #
# end of your own config options!!! #
# #
# ---------------------------------------------------- #
# ---------------------------------------------------- #
}
# ---------------------------------------------------- #
# needed system stuff (don't edit this) #
# ---------------------------------------------------- #
use base qw(Kernel::Config::Defaults);
# -----------------------------------------------------#
1;Edit: habe den Block "DB Customer" nochmal aktiviert, es ist die gleiche Meldung.
Edit2: Hat sich erledigt, ich weiß nicht genau warum, aber es funktioniert jetzt. Man kann den Beitrag löschen.