Hello every one. I completely stuck with multiple agent backend. =/

We have two different departments in one domain:    DOMAIN.RU

All agents of our domain members of: otrs_allow_agent  (CN=otrs_allow_Agent, OU=IT, OU=City1, DC=domain, DC=ru)

Agents from 1st department located in: OU=Users, OU=IT, OU=City1, DC=domain, DC=ru';

Agents from 2st department located in: OU=Users, OU=IT, OU=City2, DC=domain, DC=ru';

User for reading data from AD: CN=otrs, OU=Users, OU=IT, OU=City1, DC=domain, DC=ru';

With password "anypassword"

This user have permission to read both OU in our domain

Here is part of my config.pm

########### LDAP Agent Backend   1 ###########

    $Self->{'AuthModule1'} = 'Kernel::System::Auth::LDAP';

    $Self->{'AuthModule::LDAP::Host1'} = 'dc.domain.ru';

    $Self->{'AuthModule::LDAP::BaseDN1'} = 'OU=Users, OU=IT, OU=City1, DC=domain, DC=ru';

    $Self->{'AuthModule::LDAP::UID1'} = 'sAMAccountName';

    $Self->{'AuthModule::LDAP::GroupDN1'} = 'CN=otrs_allow_Agent, OU=IT, OU=City1, DC=domain, DC=ru';

    $Self->{'AuthModule::LDAP::AccessAttr1'} = 'member';

    $Self->{'AuthModule::LDAP::SearchUserDN1'} = 'CN=otrs, OU=Users, OU=IT, OU=City1, DC=domain, DC=ru';

    $Self->{'AuthModule::LDAP::SearchUserPw1'} = 'anypassword';

########### LDAP Agent Backend   2 ###########

    $Self->{'AuthModule2'} = 'Kernel::System::Auth::LDAP';

    $Self->{'AuthModule::LDAP::Host2'} = 'dc.domain.ru';

    $Self->{'AuthModule::LDAP::BaseDN2'} = 'OU=Users, OU=IT, OU=City2, DC=domain, DC=ru';

    $Self->{'AuthModule::LDAP::UID2'} = 'sAMAccountName';

    $Self->{'AuthModule::LDAP::GroupDN2'} = 'CN=otrs_allow_Agent, OU=IT, OU=City1, DC=domain, DC=ru';

    $Self->{'AuthModule::LDAP::SearchUserDN2'} = 'CN=otrs, OU=Users, OU=IT, OU=City1, DC=domain, DC=ru';

    $Self->{'AuthModule::LDAP::SearchUserPw2'} = 'anypassword';

#         Sync DB                      #

     $Self->{'AuthSyncModule1'} = 'Kernel::System::Auth::Sync::LDAP';

     $Self->{'AuthSyncModule::LDAP::Host1'} = 'dc.domain.ru';

     $Self->{'AuthSyncModule::LDAP::BaseDN1'} = 'OU=Users, OU=IT, OU=City1, DC=domain, DC=ru';

     $Self->{'AuthSyncModule::LDAP::UID1'} = 'sAMAccountName';

     $Self->{'AuthSyncModule::LDAP::SearchUserDN1'} = 'CN=otrs_allow_Agent, OU=IT, OU=City1, DC=domain, DC=ru';

     $Self->{'AuthSyncModule::LDAP::SearchUserPw1'} = 'anypassword';

 

    $Self->{'AuthSyncModule::LDAP::UserSyncMap1'} = {

        # DB -> LDAP

        UserFirstname => 'givenName',

        UserLastname  => 'sn',

        UserEmail     => 'mail',

    };

    $Self->{'AuthSyncModule2'} = 'Kernel::System::Auth::Sync::LDAP';

    $Self->{'AuthSyncModule::LDAP::Host2'} = 'dc.domain.ru';

    $Self->{'AuthSyncModule::LDAP::BaseDN2'} = 'OU=Users, OU=IT, OU=City2, DC=domain, DC=ru';

    $Self->{'AuthSyncModule::LDAP::UID2'} = 'sAMAccountName';

    $Self->{'AuthSyncModule::LDAP::SearchUserDN2'} = 'CN=otrs_allow_Agent, OU=IT, OU=City1, DC=domain, DC=ru';

    $Self->{'AuthSyncModule::LDAP::SearchUserPw2'} = 'anypassword';

    $Self->{'AuthSyncModule::LDAP::UserSyncMap2'} = {

        # DB -> LDAP

        UserFirstname => 'givenName',

        UserLastname  => 'sn',

        UserEmail     => 'mail',

    };

And now:

Users from both OU Authenticating in LDAP successfully!

Users from OU=Users, OU=IT, OU=City1, DC=domain, DC=ru 

Successfully syncing and can login to OTRS system.

Users from OU=Users, OU=IT, OU=City2, DC=domain, DC=ru

getting error message: Panic, user authenticated but no user data can be found in OTRS DB!! Perhaps the user is invalid.

Here is message from log file, with my comments, after user Login attempt:

Its OK. AuthModule1 trying to find User in wrong OU

MY-OTRS OTRS-CGI-10[1353]: [Notice][Kernel::System::Auth::LDAP::Auth] User: Admin2 authentication failed, no LDAP entry found!BaseDN='OU=Users, OU=IT, OU=City1, DC=domain, DC=ru', Filter='(sAMAccountName=Admin2)', (REMOTE_ADDR: x.x.x.x).

Its OK. AuthModule2 trying to find User correct OU. Authentication ok

MY-OTRS OTRS-CGI-10[1353]: [Notice][Kernel::System::Auth::LDAP::Auth] User: Admin2 (CN=Admin2,OU=Users, OU=IT, OU=City2, DC=domain, DC=ru') authentication ok (REMOTE_ADDR: x.x.x.x).

Hm...AuthSyncModule1 trying to Sync user, but its wrong OU

MY-OTRS OTRS-CGI-10[1353]: [Notice][Kernel::System::Auth::Sync::LDAP::Sync] User: Admin2 sync failed, no LDAP entry found!BaseDN='OU=Users, OU=IT, OU=City1, DC=domain, DC=ru'', Filter='(sAMAccountName=Admin2)', (REMOTE_ADDR: x.x.x.x).

And F@#KING V'oila!!!! Where is the second attempt to sync user???? With AuthSyncModule2

I'm just getting this:

MY-OTRS OTRS-CGI-10[1353]: [Notice][Kernel::System::User::GetUserData] Panic! No UserData for user: Admin2'!!!

MY-OTRS OTRS-CGI-10[1353]: [Notice][Kernel::System::User::GetUserData] Panic! No UserData for user: 'Admin2'!!!

What wrong with me?

T_T Any suggestions? Or Config.pm examples with multiple LDAP Auth and Sync.

I am in despair.

---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/

-- 
Guillaume REHM
Centre de Ressources Informatiques
Responsable Sécurité du Système d'Information (RSSI)

Bibliothèque Nationale et Universitaire de Strasbourg
5 rue du Maréchal Joffre
BP 51029
67070 Strasbourg

tél: 03 88 25 28 23
fax: 03 88 25 28 03
mail: guillaume.rehm@bnu.fr
web: http://www.bnu.fr