customer user sync from AD

newer
Postmaster Filtering -- Set...

older
otrs statistics about carried...

Darshak Modi

30 Jan 2014 30 Jan '14

12:01 p.m.

Attachments:

attachment.html (text/html — 500 bytes)

Show replies by date

Hello, Customer auth, needs to be configured in Config.pm and also in sysconfig via de Moduel *FrontEnd::Customer::Auth*, there you need to set the authentication mode to LDAP, otherwise it will happen what you describe. Regards 2014-01-30 Darshak Modi

...

Hello,

We are seeing the customers currently added to AD are unable to login into OTRS as they get errors. Is there a way OTRS sync with AD ?

Also for some users, I get Authentication OK, but no such user. Can someone help ?

--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

-- ___________________________ Alvaro Cordero Retana Consultor de Tecnologias Gridshield Monitoreo de Redes e Infraestructura. 2258-5757 ext 123 alvaro@gridshield.net www.gridshield.net

Darshak Modi

6 Feb 6 Feb

4:26 a.m.

Gerald Young

12:20 p.m.

Summary:

...

Newly added-to-AD customers are unable to login to OTRS as they get errors (what errors?)

...

Is there a way OTRS sync with AD?

Not for customers. And it's unnecessary, as OTRS, properly configured according to the docs for backends, will directly query AD.

...

Also for some users, I get Authentication OK, but no such user.

Is this the same or different error as part 1? Note that you will want to have both Customer Auth and CustomerUser backend connections to AD. Please read the docs and, if it helps at all, my troubleshooting LDAP post: http://forums.otterhub.org/viewtopic.php?f=60&t=16543 Also, make sure your multiple backends are consistently numbered. On Wed, Feb 5, 2014 at 11:26 PM, Darshak Modi wrote:

...

Thanks for input. But it is already set to LDAP. This happens only to new customers created in AD.

On 1/31/2014 8:39 PM, Alvaro Cordero wrote:

Hello, Customer auth, needs to be configured in Config.pm and also in sysconfig via de Moduel *FrontEnd::Customer::Auth*, there you need to set the authentication mode to LDAP, otherwise it will happen what you describe.

Regards

2014-01-30 Darshak Modi

...
Hello,

We are seeing the customers currently added to AD are unable to login into OTRS as they get errors. Is there a way OTRS sync with AD ?

Also for some users, I get Authentication OK, but no such user. Can someone help ?

--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

-- ___________________________ Alvaro Cordero Retana Consultor de Tecnologias Gridshield Monitoreo de Redes e Infraestructura. 2258-5757 ext 123 alvaro@gridshield.net www.gridshield.net

--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

Marty Hillman

3:45 p.m.

I had a similar problem in my configuration. It sounds like it is not able to authenticate to do the required LDAP calls. Make sure you have an LDAP inquiry user created in the domain that can make the necessary queries for customers. We have two AD domains. I had to configure two separate entries in the Config.pm. Also, you have to make sure that the users are being created under the DN for the LDAP search. Notice that the BaseDN is the root of my domain and the SSCOPE is set to 'sub'. This allows me to have ALL members of each domain as customers. Each domain has an LDAP inquiry user account created. For an example, here is the relevant redacted portion of my Config.pm. This has been working for me for months. It queries all users in two domains to add them as customers. # ---------------------------------------------------- # # User Configurations # # ---------------------------------------------------- # # ---------------------------------------------------- # # First domain # # ---------------------------------------------------- # $Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP'; $Self->{'AuthSyncModule::LDAP::Host'} = 'domaincontroller.domain1.com'; $Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=domain1,dc=com'; $Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName'; $Self->{'AuthSyncModule::LDAP::UserAttr'} = 'DN'; $Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'member'; $Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'ldapinquiryuser@domain1.com'; $Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'password'; $Self->{'AuthSyncModule::LDAP::UserSyncMap'} = { UserFirstname => 'givenName', UserLastname => 'sn', UserEmail => 'mail', }; $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [ 'users', ]; # ---------------------------------------------------- # # Second Domain # # ---------------------------------------------------- # $Self->{'AuthSyncModule1'} = 'Kernel::System::Auth::Sync::LDAP'; $Self->{'AuthSyncModule::LDAP::Host1'} = 'domaincontroller.domain2.com'; $Self->{'AuthSyncModule::LDAP::BaseDN1'} = 'dc=domain2,dc=com'; $Self->{'AuthSyncModule::LDAP::UID1'} = 'sAMAccountName'; $Self->{'AuthSyncModule::LDAP::UserAttr1'} = 'DN'; $Self->{'AuthSyncModule::LDAP::AccessAttr1'} = 'member'; $Self->{'AuthSyncModule::LDAP::SearchUserDN1'} = 'ldapinquiryuser@domain2.com'; $Self->{'AuthSyncModule::LDAP::SearchUserPw1'} = 'password'; $Self->{'AuthSyncModule::LDAP::UserSyncMap1'} = { UserFirstname => 'givenName', UserLastname => 'sn', UserEmail => 'mail', }; $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [ 'users', ]; # ---------------------------------------------------- # # LDAP Configuration Settings for Customers # # ---------------------------------------------------- # # ---------------------------------------------------- # # First domain # # ---------------------------------------------------- # $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self->{'Customer::AuthModule::LDAP::Host'} = 'domaincontroller.domain1.com'; $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=domain1,dc=com'; $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN'; $Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member'; $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'ldapinquiryuser@domain1.com'; $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'password'; $Self->{'Customer::AuthModule::LDAP::Params'} = { port => 389, timeout => 120, async => 0, version => 3, }; $Self->{CustomerUser} = { Name => 'LDAP Backend', Module => 'Kernel::System::CustomerUser::LDAP', Params => { Host => 'domaincontroller.domain1.com', BaseDN => 'DC=domain1,DC=com', SSCOPE => 'sub', UserDN => 'ldapinquiryuser@domain1.com', UserPw => 'password', AlwaysFilter => '(objectclass=user)', SourceCharset => 'utf-8', DestCharset => 'utf-8', }, CustomerKey => 'sAMAccountName', CustomerID => 'mail', CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchFields => ['sAMAccountName', 'cn', 'givenname', 'mail'], CustomerUserSearchPrefix => '', CustomerUserSearchSuffix => '*', CustomerUserSearchListLimit => 250, CustomerUserPostMasterSearchFields => ['mail'], CustomerUserNameFields => ['givenname', 'sn'], CustomerUserExcludePrimaryCustomerID => 0, AdminSetPreferences => 0, CacheTTL => 0, Map => [ [ 'UserTitle', 'Title', 'title', 1, 0, 'var', '', 0 ], [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var', '', 0 ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var', '', 0 ], [ 'UserLogin', 'Username', 'sAMAccountName', 1, 1, 'var', '', 0 ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var', '', 0 ], [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var', '', 0 ], [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var', '', 0 ], [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var', '', 0 ], [ 'UserComment', 'Comment', 'description', 1, 0, 'var', '', 0 ], ], }; # ---------------------------------------------------- # # Second domain # # ---------------------------------------------------- # $Self->{'Customer::AuthModule1'} = 'Kernel::System::CustomerAuth::LDAP'; $Self->{'Customer::AuthModule::LDAP::Host1'} = 'domaincontroller.domain2.com'; $Self->{'Customer::AuthModule::LDAP::BaseDN1'} = 'dc=domain2,dc=com'; $Self->{'Customer::AuthModule::LDAP::UID1'} = 'sAMAccountName'; $Self->{'Customer::AuthModule::LDAP::UserAttr1'} = 'DN'; $Self->{'Customer::AuthModule::LDAP::AccessAttr1'} = 'member'; $Self->{'Customer::AuthModule::LDAP::SearchUserDN1'} = 'ldapinquiryuser@domain2.com'; $Self->{'Customer::AuthModule::LDAP::SearchUserPw1'} = 'password'; $Self->{'Customer::AuthModule::LDAP::Params1'} = { port => 389, timeout => 120, async => 0, version => 3, }; $Self->{CustomerUser1} = { Name => 'LDAP Backend1', Module => 'Kernel::System::CustomerUser::LDAP', Params => { Host => 'domaincontroller.domain2.com', BaseDN => 'DC=domain2,DC=com', SSCOPE => 'sub', UserDN => 'ldapinquiryuser@domain2.com', UserPw => 'password', AlwaysFilter => '(objectclass=user)', SourceCharset => 'utf-8', DestCharset => 'utf-8', }, CustomerKey => 'sAMAccountName', CustomerID => 'mail', CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchFields => ['sAMAccountName', 'cn', 'givenname', 'mail'], CustomerUserSearchPrefix => '', CustomerUserSearchSuffix => '*', CustomerUserSearchListLimit => 250, CustomerUserPostMasterSearchFields => ['mail'], CustomerUserNameFields => ['givenname', 'sn'], CustomerUserExcludePrimaryCustomerID => 0, AdminSetPreferences => 0, CacheTTL => 0, Map => [ [ 'UserTitle', 'Title', 'title', 1, 0, 'var', '', 0 ], [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var', '', 0 ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var', '', 0 ], [ 'UserLogin', 'Username', 'sAMAccountName', 1, 1, 'var', '', 0 ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var', '', 0 ], [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var', '', 0 ], [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var', '', 0 ], [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var', '', 0 ], [ 'UserComment', 'Comment', 'description', 1, 0, 'var', '', 0 ], ], }; From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On Behalf Of Darshak Modi Sent: Wednesday, February 5, 2014 10:26 PM To: otrs@otrs.org Subject: Re: [otrs] customer user sync from AD Thanks for input. But it is already set to LDAP. This happens only to new customers created in AD. On 1/31/2014 8:39 PM, Alvaro Cordero wrote: Hello, Customer auth, needs to be configured in Config.pm and also in sysconfig via de Moduel FrontEnd::Customer::Auth, there you need to set the authentication mode to LDAP, otherwise it will happen what you describe. Regards 2014-01-30 Darshak Modi mailto:darshak.modi@elitecore.com> Hello, We are seeing the customers currently added to AD are unable to login into OTRS as they get errors. Is there a way OTRS sync with AD ? Also for some users, I get Authentication OK, but no such user. Can someone help ? --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs -- ___________________________ Alvaro Cordero Retana Consultor de Tecnologias Gridshield Monitoreo de Redes e Infraestructura. 2258-5757 ext 123 alvaro@gridshield.netmailto:alvaro@gridshield.net www.gridshield.nethttp://www.gridshield.net --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

4180

Age (days ago)

4187

Last active (days ago)

List overview

Download

4 comments

4 participants

participants (4)

Alvaro Cordero
Darshak Modi
Gerald Young
Marty Hillman