Re: [otrs] AD Synch

5 Feb 2010

      Ok i went back and tried the customer login and I get an error that says... Error: Need CustomerID!!!  I'm sure this is common. 

I think i found my answer here: http://lists.otrs.org/pipermail/otrs/2004-October/006523.html

I'll report back if I did i'm sure i can't be the only one looking for this... or i'm a moron and i AM the only one :)

Thanks Sune and David, i've seen your post throughout my search and i do appreciate such knowledgeable admins helping us out. 

 -Troy

________________________________
From: Sune T. Tougaard 
To: User questions and discussions about OTRS. 
Sent: Thu, February 4, 2010 6:46:41 PM
Subject: Re: [otrs] AD Synch

If this by any chance
is for the customer part (it’s a big install if you have 3000 agents, I think),
perhaps the following may be helpful.

By “No user data”
it could mean that some info that is required in the OTRS DB is not available
in the AD/LDAP lookup. So one thing to check, I guess, would be if the AD is
populated with the needed data.
In my setup I think
that the only parts “required” for the customer part are Login, Email
and CustomerID.

In my Customer
Authentication part of the config, I have those
fields mapped as follows:

# 'var',
'frontend', 'storage', shown, required, 'storage-type'
[ 'UserLogin',
'Login', 'sAMAccountName', 1, 1, 'var'
],
[ 'UserEmail',
'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID',
'CustomerID', 'mail', 0, 1, 'var'
],

So, in my AD, if I have
empty “sAMAccountName” or “mail”
fields, I would get the “No user data” error when logging in.
Also, I believe that
the UID must be set to “sAMAccountName”,
the default is UPN as far as I recall.

Your otrs log may give your hints to what may be missing or
going wrong.
Perhaps you could show
us the authen part of your config,
that could help.

It’s been a
while since I was last deep in otrs, so I may be
using an older version. Dunno if all this applies to
yours.
I may also be totally
off track, it was setup years ago.

-- 
/Sune T.

From:otrs-bounces@otrs.org
[mailto:otrs-bounces@otrs.org] On Behalf Of David
Holder
Sent: 05 February 2010 00:16
To: User questions and discussions
about OTRS.
Subject: Re: [otrs] AD Synch

Hi Troy,

AFAIK agents are authenticated against OTRS's database, but the information for
those accounts is first probed in the LDAP directory. If you're getting a
"panic no user data!" when logging in as a agent, the information
isn't being synced to OTRS's database. Have you implemented the following code:
    # agent data sync against ldap
    $Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
    $Self->{'AuthSyncModule::LDAP::Host'} = 'ldap://ldap.example.com/';
    $Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=otrs, dc=org';
    $Self->{'AuthSyncModule::LDAP::UID'} = 'uid';
    $Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'uid=sys, ou=user, dc=otrs, dc=org';
    $Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'some_pass';
    $Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
        # DB -> LDAP
        UserFirstname => 'givenName',
        UserLastname  => 'sn',
        UserEmail     => 'mail',
    };
    [...]

    # AuthSyncModule::LDAP::UserSyncInitialGroups
    # (sync following group with rw permission after initial create of first agent
    # login)
    $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
        'users',
    ];

If you haven't
implemented the above, do so and let us know how you get on. If you get
compeltely stuck I can send you a blank config from my current OTRS setup,
which I have e-mailed to several people already to help them resolve their AD
sync/access issues.

Regards,

David

Troy Shafer wrote: 
I
have searched and searched but can't seem to find the answer. 

So i setup the Config.pm to use AD authentication.. then of course i got the
Panic! No user data! error.  We have over 3,000 employees.  I'm not
going to sit here and create an account for each of them.  I do have it
searching AD successfully and autheniticating against AD. 

I've seen examples of user synchronization on the web and everytime i try those
code in the config file and restart apache i can't login to otrs with an AD
account or root@localhost.

Essentially i'm looking for the code that will allow authentication against AD
without the user needing to be in the otrs db... or..

When authenticated against AD the user is automatically created in the OTRS DB..

or some variation that doesn't need me to create 3000 accounts by hand. 

-Troy 

________________________________

---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/