Re: [otrs] Authentication succeeded, but no customer record is found in the customer backend. Please contact your administrator.

28 May 2014

      Yes of course, 

That because you should  create two groups on Domain Controller and then add
the created user on a domain to the group, So customers will authenticate
and find its account record there.

Regards,

Yousef Hamad |Technical Support Engineer

ASPIRE | 120 & 130 Queen Rania St | Amman | Jordan

(M) +962 799372852

From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On Behalf Of Erik
van Ast
Sent: Wednesday, May 28, 2014 11:00 AM
To: otrs@otrs.org
Subject: Re: [otrs] Authentication succeeded, but no customer record is
found in the customer backend. Please contact your administrator.

Hi all,

Does anyone have an idea about this?

Is it because of the CustomerID?

Met vriendelijke groet / Kind regards / Mit freundlichem Gruß,
Erik

From: Erik van Ast 
Sent: maandag 26 mei 2014 16:40
To: 'otrs@otrs.org'
Subject: Authentication succeeded, but no customer record is found in the
customer backend. Please contact your administrator.

Hi all,

When trying to log in as a customer, I get the error Authentication
succeeded, but no customer record is found in the customer backend. Please
contact your administrator.. Authentication works good, but apparently the
information from Active Directory does not synchronize to OTRS When I use a
wrong password I get the error Login failed! Your user name or password was
entered incorrectly, so authenticating works good As soon as I get the
error mentioned earlier, I see the following error in the otrs.log
[Error][Kernel::System::CustomerUser::SetPreferences][587] No such user
'HaraldW'.

Agents have no problem logging in, so I think I wont have to think about
that part, but the customer authentication part of my config.pm looks like
this (I have replaced parts with xxx for security reasons) :

# This is an example configuration for an LDAP auth. backend.

# (make sure Net::LDAP is installed!)

$Self->{'Customer::AuthModule3'} = 'Kernel::System::CustomerAuth::LDAP';

$Self->{'Customer::AuthModule::LDAP::Host3'} = 'xxx.xxx.xxx.xxx';

$Self->{'Customer::AuthModule::LDAP::BaseDN3'} = 'dc=xxx,dc=xxx';

$Self->{'Customer::AuthModule::LDAP::UID3'} = 'sAMAccountName';

# Check if the user is allowed to auth in a posixGroup

# (e. g. user needs to be in a group xyz to use otrs)

$Self->{'Customer::AuthModule::LDAP::GroupDN3'} =
'CN=OTRS_Users,OU=XXX,DC=xxx,DC=xxx';

$Self->{'Customer::AuthModule::LDAP::AccessAttr3'} = 'member';

# for ldap posixGroups objectclass (just uid)

# $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID';

# for non ldap posixGroups objectclass (full user dn)

$Self->{'Customer::AuthModule::LDAP::UserAttr3'} = 'DN';

# The following is valid but would only be necessary if the

# anonymous user does NOT have permission to read from the LDAP tree

$Self->{'Customer::AuthModule::LDAP::SearchUserDN3'} = 'CN=XXXXXX,OU=IT
Department,OU=XXX,DC=xxx,DC=xxx';

$Self->{'Customer::AuthModule::LDAP::SearchUserPw3'} = 'XXXXXXX';

# in case you want to add always one filter to each ldap query, use

# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter =>
'(objectclass=user)'

# $Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '';

# in case you want to add a suffix to each customer login name, then

# you can use this option. e. g. user just want to use user but

# in your ldap directory exists user@domain.

#$Self->{'Customer::AuthModule::LDAP::UserSuffix'} = '@domain.com';

# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)

$Self->{'Customer::AuthModule::LDAP::Params3'} = {

    port => 389,

    timeout => 120,

    async => 0,

    version => 3,

};

# LATER TOEGEVOEGD, SYNC:

# Example 4.8. Configuring an LDAP customer backend

# CustomerUser

# (customer ldap backend and settings)

$Self->{CustomerUser2} = {

    Name => 'LDAP Data Source',

    Module => 'Kernel::System::CustomerUser::LDAP',

    Params => {

        # ldap host

        Host => 'xxx.xxx.xxx.xxx',

        # ldap base dn

        BaseDN => 'dc=xxx,dc=xxx',

        # search scope (one|sub)

        SSCOPE => 'sub',

        # The following is valid but would only be necessary if the

        # anonymous user does NOT have permission to read from the LDAP tree

        UserDN => 'CN=XXXXXX,OU=IT Department,OU=XXX,DC=xxx,DC=xxx',

        UserPw => 'XXXXXXX',

        # in case you want to add always one filter to each ldap query, use

        # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter =>
'(objectclass=user)'

        AlwaysFilter => '(memberOf='CN=OTRS_Users,OU=XXX,DC=xxx,DC=xxx)',

            # if both your frontend and your LDAP are unicode, use this:

            # SourceCharset => 'utf-8',

            # DestCharset   => 'utf-8',

            # if your frontend is unicode and the charset of your

            # ldap server is iso-8859-1, use these options.

            # SourceCharset => 'iso-8859-1',

            # DestCharset => 'utf-8',

            # Net::LDAP new params (if needed - for more info see perldoc
Net::LDAP)

            Params => {

                port => 389,

                timeout => 120,

                async => 0,

                version => 3,

            },

    },

    # customer unique id

    CustomerKey => 'sAMAccountName',

    # customer #

    CustomerID => 'company',

    CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],

    CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],

    CustomerUserSearchPrefix => '',

    CustomerUserSearchSuffix => '*',

    CustomerUserSearchListLimit => 250,

    CustomerUserPostMasterSearchFields => ['mail'],

    CustomerUserNameFields => ['givenname', 'sn'],

    # show not own tickets in customer panel, CompanyTickets

    # CustomerUserExcludePrimaryCustomerID => 0,

    # add an ldap filter for valid users (expert setting)

#    CustomerUserValidFilter => '(!(description=locked))',

    # administrator can't change customer preferences

    # AdminSetPreferences => 0,

#    # cache time to live in sec. - cache any database queries

#    CacheTTL => 0,

    Map => [

        # note: Login, Email and CustomerID are mandatory!

        # var, frontend, storage, shown (1=always,2=lite), required,
storage-type, http-link, readonly

        [ 'UserTitle',      'Title',      'title',           1, 0, 'var',
'', 0 ],

        [ 'UserFirstname',  'Firstname',  'givenname',       1, 1, 'var',
'', 0 ],

        [ 'UserLastname',   'Lastname',   'sn',              1, 1, 'var',
'', 0 ],

        [ 'UserLogin',      'Username',   'sAMAccountName',  1, 1, 'var',
'', 0 ],

        [ 'UserEmail',      'Email',      'mail',            1, 1, 'var',
'', 0 ],

        [ 'UserCustomerID', 'CustomerID', 'company',         0, 1, 'var',
'', 0 ],

#        [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1, 0,
'var', '', 0 ],

        [ 'UserPhone',      'Phone',      'telephonenumber', 1, 0, 'var',
'', 0 ],

        [ 'UserAddress',    'Address',    'postaladdress',   1, 0, 'var',
'', 0 ],

        [ 'UserComment',    'Comment',    'description',     1, 0, 'var',
'', 0 ],

    ],

};

Can someone please help me with this? Ive been searching on the web for
quite some time now, and I cant figure it out

All our users have the same company name so everyone can see each others
tickets, thats why we use company as CustomerID instead of
sAMAccountName

OTRS is installed on a Windows 2012 server, the database is SQL 2008 Express
and the OTRS version we use is 3.3.7

Kind regards,
Erik