Re: [otrs] SSO with Kernel::System::CustomerAuth::HTTPBasicAuth display Panic! No UserData!!! Error

Sorry, I thought we talk about agents auth/sync but the original question was about customers auth/sync. We don't authenticate customers through ldap so I can't help you. Regards. Jesus. Michiel Beijen Para "User questions and discussions Enviado por: about OTRS." otrs-bounces@otrs cc .org Asunto 07/04/2010 11:30 Re: [otrs] SSO with Kernel::System::CustomerAuth::HTTPB Por favor, asicAuth display Panic! No responda a UserData!!! Error "User questions and discussions about OTRS." Syncing user data when authenticating against an LDAP database is possible. The problem is, though, that if you do Single Sign On, there will be no authentication as this is handled by the webserver and not by OTRS. So if you implement SSO you would need to set up a script such as otrs/scripts/tools/sync-ldap2db.pl to synchronize users from AD to OTRS. Hope this helps, ((enjoy)) - Michiel Beijen R&D Follow me on Twitter: @otrsnl [https://twitter.com/otrsnl] OTRS AG Norsk-Data-Str 1. 61352 Bad Homburg Germany T: +31 (0) 6457 42418 F: +49 (0) 9421 56818-18 I:  http://www.otrs.com/ Business Location: Bad Homburg, Country Court: Bad Homburg, Commercial register: 10751, Tax ID: 003 240 97505 Chairman of the Board: Burchard Steinbild, Managing Board: André Mindermann (CEO), Martin Edenhofer On Wed, Apr 7, 2010 at 11:09 AM, Jesus Peña Martinez wrote:

Hi,

It is necessary to add user identifier manually but you could update remain data from AD when authenticates.

These are Config.pm changes for achieve this function:

   $Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';    $Self->{'AuthSyncModule::LDAP::Host'} = 'myldaphost.com';    $Self->{'AuthSyncModule::LDAP::BaseDN'} = 'cn=Users,dc=mycompany,dc=com';

   # AD user identifier    $Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';

   # AD query user if not anonymous    $Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'cn=QUERYUSER,cn=Users,dc=mycompany,dc=com';    $Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'xxxxxxx';

   # query filter (if necessary)    $Self->{'AuthSyncModule::LDAP::AlwaysFilter'}          = '(&(| (CN=Users)(USER=*)))';

   # LDAP to DB parameters map    $Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {        # DB -> LDAP        UserFirstname => 'givenName',        UserLastname  => 'sn',        UserEmail     => 'mail',       # all other data you need    };

   # character set from ldap utf-8 to local (if necessary)    $Self->{'AuthSyncModule::LDAP::Charset'} = 'iso-8859-1';

   # UserTable    $Self->{DatabaseUserTable}       = 'users';    $Self->{DatabaseUserTableUserID} = 'id';    $Self->{DatabaseUserTableUserPW} = 'pw';    $Self->{DatabaseUserTableUser}   = 'login';

I hope this helps. Regards.

            Erling Lothe                                                                                  Para             Enviado por:              "User questions and discussions             otrs-bounces@otrs         about OTRS."             .org                                                       cc

            06/04/2010 16:59                                       Asunto                                       Re: [otrs] SSO with                Por favor,             Kernel::System::CustomerAuth::HTTPB                responda a             asicAuth   display     Panic! No              "User questions          UserData!!! Error              and discussions               about OTRS."              

Hello again,

I dont think that is possible in OTRS. We have allways added the user manually due to group setup and then let AD work as authentication. If you do some scripting you can loop trought the AD and then add the users to the mySQL user table in OTRS.

Vennlig hilsen - Best regards - Saludos Cordiales

Erling Lothe IT Consultant

----- Original Message ----- From: "Arnault Tovar" To: otrs@otrs.org Sent: Tuesday, April 6, 2010 3:15:07 PM Subject: [otrs] SSO with Kernel::System::CustomerAuth::HTTPBasicAuth display        Panic! No UserData!!! Error

Thank you Erling,

How could I insert automatically email and name from AD to OTRS database ?

------------------------------------------

The user needs to be in the OTRS user database. It is important that the username in OTRS match the user in the AD.

It will then authenticate with the username and password from the AD and not the OTRS but use the userinformation from OTRS. ( Email, name, groups e.t.c. )

----- Original Message ----- From: "Arnault Tovar" To: otrs at otrs.org Sent: Tuesday, April 6, 2010 1:51:42 PM Subject: [otrs] SSO with Kernel::System::CustomerAuth::HTTPBasicAuth display        Panic! No UserData!!! Error

Hi everyone,

I try to configure my OTRS customer interface with SSO Active Directory over Apache. My Apache authentification works with the sspi module and it looks great.

My config.pm works fine with LDAP configuration with this configuration:

$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self->{'Customer::AuthModule::LDAP::Host'} = 'svr.xx.yy.com'; $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=xx,dc=yy,dc=com'; $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'CN=Helpdesk, OU=yy,DC=xx,DC=yy,DC=com'; $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'Glpi84@'; $Self->{'Customer::AuthModule::LDAP::Params'} = {        port => 389,        timeout => 120,        async => 0,        version => 3,    };

$Self->{CustomerUser} = {                Module => 'Kernel::System::CustomerUser::LDAP',                Params => {                Host => 'svr.xx.yy.com',                BaseDN => 'OU=yy,DC=xx,DC=yy,DC=com',                SSCOPE => 'sub',                UserDN =>'CN=Helpdesk,OU=yy,DC=xx,DC=yy,DC=com',                UserPw => 'Glpi84@',                #SourceCharset => 'iso-8859-1',                #DestCharset => 'utf-8',                },

               # customer unique id                CustomerKey => 'sAMAccountName',                # customer #                CustomerID => 'sAMAccountName',                #CustomerValid => 'valid_id',                CustomerUserListFields => ['sAMAccountName', 'sn', 'mail'],                CustomerUserSearchFields => ['sAMAccountName', 'sn', 'mail'],                CustomerUserSearchPrefix => '',                CustomerUserSearchSuffix => '*',                CustomerUserSearchListLimit => 250,                CustomerUserPostMasterSearchFields => ['mail'],                CustomerUserNameFields => ['givenname', 'sn'],                Map => [                        # note: Login, Email and CustomerID needed!                        # var, frontend, storage, shown, required, storage-type                        #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],                        [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],                        [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],                        [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],                        #['UserPassword', 'Password', 'pw', 0, 1, 'var'],                        [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],                        [ 'UserCustomerID', 'CustomerID', 'sAMAccountName', 0, 1, 'var' ],                        [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0,

'var' ],                        #[ 'UserAddress', 'Address', 'postaladdress', 1,

0, 'var' ],                        #[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],                ],        };

But when I want to activate the HTTPBasicAuth because I want that my users login automatically with their windows authentication, it doesn't work. I have an error message in the login forms "Panic! No UserData!!!". I have this on my config.pm for HTTPBasicAuth  :    # This is an example configuration for an apache ($ENV{REMOTE_USER})

   # auth. backend. Use it if you want to have a singe login through    # apache http-basic-auth   $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::HTTPBasicAuth';

   # In case there is a leading domain in the REMOTE_USER, you can    # replace it by the next config option.   $Self->{'Customer::AuthModule::HTTPBasicAuth::Replace'} = 'terreor\\';

$Self->{CustomerUser} = {                Module => 'Kernel::System::CustomerUser::LDAP',                Params => {                Host => 'svr.xx.yy.com',                BaseDN => 'OU=yy,DC=xx,DC=yy,DC=com',                SSCOPE => 'sub',                UserDN =>'CN=Helpdesk,OU=yy,DC=xx,DC=yy,DC=com',                UserPw => 'Glpi84@',                #SourceCharset => 'iso-8859-1',                #DestCharset => 'utf-8',                },

               # customer unique id                CustomerKey => 'sAMAccountName',                # customer #                CustomerID => 'sAMAccountName',                #CustomerValid => 'valid_id',                CustomerUserListFields => ['sAMAccountName', 'sn', 'mail'],                CustomerUserSearchFields => ['sAMAccountName', 'sn', 'mail'],                CustomerUserSearchPrefix => '',                CustomerUserSearchSuffix => '*',                CustomerUserSearchListLimit => 250,                CustomerUserPostMasterSearchFields => ['mail'],                CustomerUserNameFields => ['givenname', 'sn'],                Map => [                        # note: Login, Email and CustomerID needed!                        # var, frontend, storage, shown, required, storage-type                        #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],                        [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],                        [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],                        [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],                        #['UserPassword', 'Password', 'pw', 0, 1, 'var'],                        [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],                        [ 'UserCustomerID', 'CustomerID', 'sAMAccountName', 0, 1, 'var' ],                        [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0,

'var' ],                        #[ 'UserAddress', 'Address', 'postaladdress', 1,

0, 'var' ],                        #[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],                ],        };

I tried a lot of different config found on this mailing list but it doesn't work.

Laouache --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/ --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/

--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/

--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/