Re: [otrs] Login not creating a DB entry for a new LDAP agent

Hi Alvaro, thanks for your help. I am not sure if I undesrtand. I walked arround sysconfig, without success. CustomerInformationCenter 1 Framework Frontend::Admin 4 Framework Frontend::Admin::AdminCustomerCompany 1 Framework Frontend::Admin::AdminCustomerUser 1 Framework Frontend::Admin::AdminSelectBox 1 Framework Frontend::Admin::ModuleRegistration 28 Framework Frontend::Agent 29 Framework Frontend::Agent::Auth::TwoFactor 4 Framework Frontend::Agent::Dashboard 11 Framework Frontend::Agent::LinkObject 1 Framework Frontend::Agent::ModuleMetaHead 1 Framework Frontend::Agent::ModuleNotify 7 Framework Frontend::Agent::ModuleRegistration 15 Framework Frontend::Agent::NavBarModule 2 Framework Frontend::Agent::Preferences 13 Framework Frontend::Agent::SearchRouter 1 Framework Frontend::Agent::Stats 10 Framework Frontend::Customer 28 Framework Frontend::Customer::Auth 26 Framework Frontend::Customer::Auth::TwoFactor 4 Framework Frontend::Customer::ModuleMetaHead I have: * Frontend::Customer::Auth I do not have: * Frontend::Agent::Auth Why? I am using LDAP with memberof. My idea is: * Do not use root@localhost in normal operation. * LDAP Auth is suppressing DB Auth. I have no problems If i create, manually, an account and log AFTER. This is a part of my Config.pm ... # OpenLDAP # authenticate agents against ldap $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self->{'AuthModule::LDAP::Host'} = '127.0.0.1'; $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=aaa,dc=bb'; $Self->{'AuthModule::LDAP::UID'} = 'uid'; # Check if the user is allowed to auth in a posixGroup # (e. g. user needs to be in a group clerks to use otrs) $Self->{'AuthModule::LDAP::GroupDN'} = 'cn=clerks,ou=Group,dc=aaa,dc=bb'; # $Self->{'AuthModule::LDAP::AccessAttr'} = 'memberUid'; $Self->{'AuthModule::LDAP::AccessAttr'} = 'member'; $Self->{'AuthModule::LDAP::UserAttr'} = 'DN'; # defines AuthSyncBackend (AuthSyncModule) for AuthModule # if this key exists and is empty, there won't be a sync. # example values: AuthSyncBackend, AuthSyncBackend2 $Self->{'AuthModule::UseSyncBackend'} = 'AuthSyncBackend'; # sync agents from ldap to mysql $Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP'; $Self->{'AuthSyncModule::LDAP::Host'} = '127.0.0.1'; # $Self->{'AuthSyncModule::LDAP::BaseDN'} = 'ou=People,dc=aaa,dc=bb'; $Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=aaa,dc=bb'; $Self->{'AuthSyncModule::LDAP::UID'} = 'uid'; $Self->{'AuthSyncModule::LDAP::UserSyncMap'} = { # DB -> LDAP UserFirstname => 'givenName', UserLastname => 'sn', UserEmail => 'mail', UserMobile => 'mobile', # UserComment => 'description', }; # AuthSyncModule::LDAP::UserSyncInitialGroups # (sync following group with rw permission after initial create of first agent # login) $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [ 'users', ]; # Attributes needed for group syncs # (attribute name for group value key) # $Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'memberUid'; $Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'member'; # (attribute for type of group content UID/DN for full ldap name) # $Self->{'AuthSyncModule::LDAP::UserAttr'} = 'UID'; $Self->{'AuthSyncModule::LDAP::UserAttr'} = 'DN'; # AuthSyncModule::LDAP::UserSyncGroupsDefinition # (If "LDAP" was selected for AuthModule and you want to sync LDAP # groups to otrs groups, define the following.) $Self->{'AuthSyncModule::LDAP::UserSyncGroupsDefinition'} = { # # ldap group 'cn=netadmins,ou=Group,dc=aaa,dc=bb' => { # # otrs group 'admin' => { # # permission rw => 1, ro => 1, }, }, 'cn=users,ou=Group,dc=aaa,dc=bb' => { 'users' => { rw => 1, ro => 1, }, } }; ... Could you help me? I will appreciate any kind of directions or examples. TIA On 28/01/16 11:15, Alvaro Cordero wrote:

Hello,

That means that the user cannot be sync to the database, you need to verify the user mapping in sysconfig, to match the fields from ldap into OTRS.

Regards

2016-01-28 9:59 GMT-06:00 Cosme Faria Corrêa mailto:cosmefc@canalsac.com.br>:

Hi,

my interface message is that: Panic, user authenticated but no user data can be found in OTRS DB!! Perhaps the user is invalid.

My log says: [Thu Jan 28 10:45:40 2016][Error][Kernel::System::User::UserLookup][922] No UserID found for 'johndoe'! [Thu Jan 28 10:45:40 2016][Error][Kernel::System::User::UserLookup][922] No UserID found for 'johndoe'! [Thu Jan 28 10:45:40 2016][Error][Kernel::System::User::UserAdd][348] Need UserEmail! [Thu Jan 28 10:45:40 2016][Error][Kernel::System::Auth::Sync::LDAP::Sync][281] Can't create user 'johndoe' (uid=johndoe,ou=People,dc=aaa,dc=bb) in RDBMS! [Thu Jan 28 10:45:40 2016][Error][Kernel::System::User::UserLookup][922] No UserID found for 'johndoe'!

The point is, Why? Why it can't? [Thu Jan 28 10:45:40 2016][Error][Kernel::System::Auth::Sync::LDAP::Sync][281] Can't create user 'johndoe' (uid=johndoe,ou=People,dc=aaa,dc=bb) in RDBMS!

-- Cosme Corrêa +55 21 4042-6606 tel:%2B55%2021%204042-6606 CanalSAC O Nosso Negócio é Relacionamento

--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

-- /Alvaro Cordero Retana Consultor de Tecnologias/ /Tel: 22585757 ext 123/ /Email:/ alvaro@gridshield.net mailto:alvaro@gridshield.net

--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

-- Cosme Corrêa +55 21 4042-6606 CanalSAC O Nosso Negócio é Relacionamento