Greetings, I'm new to OTRS and LDAP. I would like to implement OTRS with LDAP and have the 'agents' automatically created with AuthSyncModule. My LDAP server is the one that is packaged with Zentyal. I am running Ubuntu 10.04. I followed these instructions for the installation: http://wiki.otrs.org/index.php?title=Installation_on_Ubuntu_Lucid_Lynx_%2810... Before I configured the AuthModule/AuthSyncModule, I could login just fine with OTRS. I read the part of 3.0 manual regarding the auth and sync of Agents with LDAP directory server, and cut and paste the settings out of the manual into my Config.pm. What is happening is that when I login to OTRS with an LDAP user, it says: Panic, user authenticated but no user data can be found in OTRS DB!! Perhaps the user is invalid. It looks like AuthSync isn't working correctly. How do I troubleshoot what I'm doing wrong? This is my AuthModule and AuthSyncModule config this in my Config.pm: # This is an example configuration for an LDAP auth. backend. # (Make sure Net::LDAP is installed!) $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self->{'AuthModule::LDAP::Host'} = '192.168.2.222'; $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=zabulon,dc=casanueva,dc=com'; $Self->{'AuthModule::LDAP::UID'} = 'uid'; # Check if the user is allowed to auth in a posixGroup # (e. g. user needs to be in a group xyz to use otrs) #$Self->{'AuthModule::LDAP::GroupDN'} = 'cn=otrsallow,ou=posixGroups,dc=example,dc=com'; #$Self->{'AuthModule::LDAP::AccessAttr'} = 'memberUid'; # for ldap posixGroups objectclass (just uid) # $Self->{'AuthModule::LDAP::UserAttr'} = 'UID'; # for non ldap posixGroups objectclass (with full user dn) # $Self->{'AuthModule::LDAP::UserAttr'} = 'DN'; # The following is valid but would only be necessary if the # anonymous user do NOT have permission to read from the LDAP tree #$Self->{'AuthModule::LDAP::SearchUserDN'} = ''; #$Self->{'AuthModule::LDAP::SearchUserPw'} = ''; # in case you want to add always one filter to each ldap query, use # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)' #$Self->{'AuthModule::LDAP::AlwaysFilter'} = ''; # in case you want to add a suffix to each login name, then # you can use this option. e. g. user just want to use user but # in your ldap directory exists user@domain. # $Self->{'AuthModule::LDAP::UserSuffix'} = '@domain.com'; # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP) $Self->{'AuthModule::LDAP::Params'} = { port => 389, timeout => 120, async => 0, version => 3, }; # agent data sync against ldap $Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP'; $Self->{'AuthSyncModule::LDAP::Host'} = '192.168.2.222'; $Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=zabulon,dc=casanueva,dc=com'; $Self->{'AuthSyncModule::LDAP::UID'} = 'uid'; $Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'cn=ebox,dc=zabulon,dc=casanueva,dc=com'; $Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'some_pass'; $Self->{'AuthSyncModule::LDAP::UserSyncMap'} = { # DB -> LDAP UserFirstname => 'givenName', UserLastname => 'sn', UserEmail => 'mail', }; #[...] # AuthSyncModule::LDAP::UserSyncInitialGroups # (sync following group with rw permission after initial create of first agent # login) $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [ 'users', ]; Andy