Authentication succeeded, but no user data record is found in the database

[scottG]

Hello All,

I am trying to get LDAP authentication working in my OTRS deployment. My config.pm file looks like the following:

$Self->{'AuthModule1'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host1'} = 'DCName.DomainName.com';
$Self->{'AuthModule::LDAP::BaseDN1'} = 'dc=domainname,dc=com'; ,
$Self->{'AuthModule::LDAP::UID1'} = 'samaccountname';
$Self->{'AuthModule::LDAP::GroupDN1'} = 'CN=OTRSAgents,ou=groups,dc=domainname,dc=com';
$Self->{'AuthModule::LDAP::AccessAttr1'} = 'member';
$Self->{'AuthModule::LDAP::UserAttr1'} = 'DN';
$Self->{'AuthModule::LDAP::SearchUserDN1'} = 'CN=otrs,ou=groups,dc=domainname,dc=com';
$Self->{'AuthModule::LDAP::SearchUserPw1'} = 'P@$$W0rd';

$Self->{'UserSyncLDAPMap1'} = {
'UserEmail' => 'mail',
'UserFirstname' => 'givenName',
'UserLastname' => 'sn',
'UserLogin' => 'sAMAccountName'
};


$Self->{'Customer::AuthModule1'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host1'} = 'DCName.DomainName.com';
$Self->{'Customer::AuthModule::LDAP::BaseDN1'} ='dc=domainname,dc=com';
$Self->{'Customer::AuthModule::LDAP::UID1'} = 'sAMAccountName';
$Self->{'Customer::AuthModule::LDAP::GroupDN1'} = 'CN=OtrsCustomer,ou=groups,dc=domainname,dc=com';
$Self->{'Customer::AuthModule::LDAP::AccessAttr1'} = 'member';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN1'} = 'CN=otrs,ou=groups,dc=domainname,dc=com';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw1'} = 'P@$$W0rd';
$Self->{'Customer::AuthModule::LDAP::Params1'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};

$Self->{'AuthModule1'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host1'} = 'DCName.DomainName.com';
$Self->{'AuthModule::LDAP::BaseDN1'} = 'dc=domainname,dc=com';
$Self->{'AuthModule::LDAP::UID1'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::SearchUserDN1'} = 'CN=otrs,ou=groups,dc=domainname,dc=com';
$Self->{'AuthModule::LDAP::SearchUserPw1'} = 'P@$$W0rd';
$Self->{'AuthModule::LDAP::Params1'} = {
'async' => '0',
'timeout' => '120',
'version' => '3',
'port' => '389'
};

$Self->{'AuthModule::LDAP::Die1'} = 1;


$Self->{'UserSyncLDAPMap1'} = {
'UserEmail' => 'mail',
'UserFirstname' => 'givenName',
'UserLastname' => 'sn',
'UserLogin' => 'sAMAccountName'
};

$Self->{CustomerUser1} = {
Name => 'my Customer',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'DCName.DomainName.com',
BaseDN => 'dc=domainname,dc=com',
SSCOPE => 'sub',
UserDN => 'CN=otrs,ou=groups,dc=domainname,dc=com',
UserPw => 'P@$$W0rd',
},

CustomerKey => 'sAMAccountName',
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],


Map => [
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
],
};


I am getting the error listed in the title on the ui when I try to login and the following error in the log:

Aug 28 14:52:34 odie OTRS-CGI-61[2138]: [Error][Kernel::System::User::UserLookup][Line:975]: No UserID found for 'username'!

I am running otrs version 6 patch 21 on a coentos 7 minimal install.

I appreciate any help with this.

Thanks,
Scott

[root]

Scott,

You have to configure the complete AuthSyncModule. I'm missing Host, FQDN, SearchUser, etc.

- Roy

[scottG]

Thanks for the reply. I was under the impression that I could put the user data into the database; however, it was not required. Is the below what I am going to need?

$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = 'ldap://ldap.example.com/';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=otrs, dc=org';
$Self->{'AuthSyncModule::LDAP::UID'} = 'uid';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'uid=sys, ou=user, dc=otrs, dc=org';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'some_pass';
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
# DB -> LDAP
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
[...]

# AuthSyncModule::LDAP::UserSyncInitialGroups
# (sync following group with rw permission after initial create of first agent
# login)
$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
'users',
];

the above will only work for agents right?

Thanks for the help.

Scott

[root]

Scott,

I was under the impression that I could put the user data into the database; however, it was not required. Is the below what I am going to need?

I suggested this because you had an incomplete AuthSync in your initial post. You could also add agents by hand via the admin interface, just the login name must match the samaccountname.

This config looks good to me.

- Roy

[scottG]

I see. So if I want customers to be populated into otrs without them loggin in can I just point my config to an AD group and have them as customers?

[root]

I see. So if I want customers to be populated into otrs without them loggin in can I just point my config to an AD group and have them as customers?

That;'s what your CustomerUser configuration is for. Just add the parameter

Code: Select all

AlwaysFilter => '',

and add the proper LDAP filter.

- Roy

[scottG]

Thanks a bunch for the help I have customer data flowing into the system.