Hello, My config : Linux CentOS 7 - otrs-5.0.13-01 (from rpm) - OpenLDAP 2.4 I have configured OTRS to use LDAP for the Agents authentification. It is OK. I want to do the same for the Consumers. I read many examples, but without success. 1/ in the Administration/Consumers panel, I see all my LDAP users like : jjma2 jma2 jma2 jma2@jma2.com jma2@jma2.com 2/ when I try to login with an LDAP id, I get these message Panic, user authenticated but no user data can be found in OTRS DB!! Perhaps the user is invalid. 3/ and in /var/log/httpd/error.log, I get ERROR: OTRS-CGI-38 Perl: 5.16.3 OS: linux Time: Fri Nov 4 10:40:31 2016 Message: No UserID found for 'jjma2'! RemoteAddress: 109.190.22.197 RequestURI: /otrs/index.pl Traceback (19414): Module: Kernel::System::User::UserLookup Line: 935 Module: Kernel::System::Auth::Auth Line: 206 Module: Kernel::System::Web::InterfaceAgent::Run Line: 228 Module: ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_index_2epl::handler Line: 40 Module: (eval) (v1.99) Line: 207 Module: ModPerl::RegistryCooker::run (v1.99) Line: 207 Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 173 Module: ModPerl::Registry::handler (v1.99) Line: 32 ERROR: OTRS-CGI-38 Perl: 5.16.3 OS: linux Time: Fri Nov 4 10:40:31 2016 Message: No UserID found for 'jjma2'! RemoteAddress: 109.190.22.197 RequestURI: /otrs/index.pl Traceback (19414): Module: Kernel::System::User::UserLookup Line: 935 Module: Kernel::System::Auth::Auth Line: 305 Module: Kernel::System::Web::InterfaceAgent::Run Line: 228 Module: ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_index_2epl::handler Line: 40 Module: (eval) (v1.99) Line: 207 Module: ModPerl::RegistryCooker::run (v1.99) Line: 207 Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 173 Module: ModPerl::Registry::handler (v1.99) Line: 32 My config is below. Where is my mistake ? Thanks a lot for any suggestion. Joel Marchand $Self->{CustomerUser} = { Name => 'LDAP Backend', Module => 'Kernel::System::CustomerUser::LDAP', Params => { # ldap host Host => 'ldaps://ldapr1.huma-num.fr:636/', # ldap base dn BaseDN => 'dc=huma-num,dc=fr', # search scope (one|sub) SSCOPE => 'sub', # The following is valid but would only be necessary if the # anonymous user does NOT have permission to read from the LDAP tree UserDN => 'cn=otrs,ou=dsa,dc=huma-num,dc=fr', UserPw => 'xxxx', # in case you want to add always one filter to each ldap query, use # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)' AlwaysFilter => '(objectclass=posixAccount)', # if the charset of your ldap server is iso-8859-1, use this: # SourceCharset => 'iso-8859-1', # die if backend can't work, e. g. can't connect to server Die => 1, # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP) Params => { port => 636, timeout => 120, async => 0, version => 3, cafile => '/etc/ssl/certs/star_huma-num_fr-intermediate.pem', clientcert => '/etc/ssl/certs/star_huma-num_fr.pem', clientkey => '/etc/ssl/private/star_huma-num_fr.key', }, }, # customer unique id CustomerKey => 'uid', # customer # CustomerID => 'mail', CustomerUserListFields => ['cn', 'mail'], CustomerUserSearchFields => ['uid', 'cn', 'mail'], CustomerUserSearchPrefix => '', CustomerUserSearchSuffix => '*', CustomerUserSearchListLimit => 250, CustomerUserPostMasterSearchFields => ['mail'], CustomerUserNameFields => ['givenname', 'sn'], # show now own tickets in customer panel, CompanyTickets CustomerUserExcludePrimaryCustomerID => 0, # add a ldap filter for valid users (expert setting) # CustomerUserValidFilter => '(!(description=gesperrt))', # admin can't change customer preferences AdminSetPreferences => 0, # cache time to live in sec. - cache any ldap queries CacheTTL => 0, Map => [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly [ 'UserTitle', 'Title', 'title', 1, 0, 'var', '', 0 ], [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var', '', 0 ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var', '', 0 ], [ 'UserLogin', 'Username', 'uid', 1, 1, 'var', '', 0 ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var', '', 0 ], [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var', '', 0 ], # [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1, 0, 'var', '', 0 ], [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var', '', 0 ], [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var', '', 0 ], [ 'UserComment', 'Comment', 'description', 1, 0, 'var', '', 0 ], ], }; PS : I try also $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=otrs,ou=dsa,dc=huma-num,dc=fr'; $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'xxx'; $Self->{'Customer::AuthModule::LDAP::Host'} = ['ldaps://ldapr1.huma-num.fr:636/','ldaps://ldapr2.huma-num.fr:636/']; $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=huma-num,dc=fr'; $Self->{'Customer::AuthModule::LDAP::UID'} = 'uid'; $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID'; $Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '(objectclass=posixAccount)'; $Self->{'Customer::AuthModule::LDAP::Params'} = { port => 636, timeout => 120, async => 0, version => 3, cafile => '/etc/ssl/certs/star_huma-num_fr-intermediate.pem', clientcert => '/etc/ssl/certs/star_huma-num_fr.pem', clientkey => '/etc/ssl/private/star_huma-num_fr.key', }; -> with this configuration, I don't see the LDAP accounts in the Administration/Customers panel. -- Très Grande Infrastructure de Recherche Huma-Num - CNRS UMS 3598 3ème étage - bureau 303 - CS n°71345 196 avenue de France - 75648 PARIS CEDEX 13 Tél : 01 49 54 83 09 - http://www.huma-num.fr/personne/joel-marchand