ticket visibility for customers (mail / uid configuration)
Hello, I've setup the customer backend of our otrs 2.2.4 to be in ldap. Now I face a problem to get a coherent view from the user point of view, because John Doe's mail tickets are associated to "john.doe@example.com" but when he logs into the web interface, he's authenticated as "jdoe". I've now configured otrs as is : $Self->{CustomerUser} = { ... CustomerKey => 'uid', CustomerID => 'mail', ... Map => [ # var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly [ 'UserLogin', 'Username', 'mail', 1, 1, 'var', '', 0 ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var', '', 0 ], [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var', '', 0 ], # [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1, 0, 'var', '', 0 ], ], }; } By associating "UserLogin" to "mail", John Doe can now see the list of his mail-orginated tickets from the web interface, which is better than having "UserLogin" associated to "uid". The bas thing about that is that : 1) I've had to modify a sql statement in Ticket.pm (line 3389 : id) IN (0"; 2) John Doe can't see the details of his tickets. Logs say : Permission denied because module (Kernel::System::Ticket::CustomerPermission::CustomerIDCheck) is required (UserID: john.doe@example.com 'ro' on TicketID: 17621)! I guess jdoe could have access but sad thing is that jdoe wouldn't have ticket 17621 on his "MyTicket" list. Would anyone have a solution for me ? Regards, -- Mikael Kermorgant
On Mon, Jan 26, 2009 at 9:56 AM, Mikael Kermorgant < mikael.kermorgant@gmail.com> wrote:
Hello,
I've setup the customer backend of our otrs 2.2.4 to be in ldap.
Now I face a problem to get a coherent view from the user point of view, because John Doe's mail tickets are associated to "john.doe@example.com" but when he logs into the web interface, he's authenticated as "jdoe".
By associating "UserLogin" to "mail", John Doe can now see the list of his mail-orginated tickets from the web interface, which is better than having "UserLogin" associated to "uid". The bas thing about that is that : 1) I've had to modify a sql statement in Ticket.pm (line 3389 : id) IN (0"; 2) John Doe can't see the details of his tickets. Logs say :
Permission denied because module (Kernel::System::Ticket::CustomerPermission::CustomerIDCheck) is required (UserID: john.doe@example.com 'ro' on TicketID: 17621)!
Hello, I've upgraded otrs to latest version (2.3.4) to check if it would help, but no :-( Is anyone using a ldap backend for customers, with these results ? - authentication is done via a different field than the mail (typical uid / mail) - customer logs into the web interface and only see his own tickets under "MyTickets". He would see ALL his tickets (those created from a mail and those created on the web interface) That's what I'd like to do, but I've not found how to do it. (I've used the example in the docs but that way, tickets created from mails appear in the Company view, and those created from the web interface appear under "MyTickets"). Regards, -- Mikael Kermorgant
On Thu, Jan 29, 2009 at 11:59 AM, Mikael Kermorgant < mikael.kermorgant@gmail.com> wrote:
On Mon, Jan 26, 2009 at 9:56 AM, Mikael Kermorgant < mikael.kermorgant@gmail.com> wrote:
Hello,
I've setup the customer backend of our otrs 2.2.4 to be in ldap.
Now I face a problem to get a coherent view from the user point of view, because John Doe's mail tickets are associated to "john.doe@example.com" but when he logs into the web interface, he's authenticated as "jdoe".
By associating "UserLogin" to "mail", John Doe can now see the list of his mail-orginated tickets from the web interface, which is better than having "UserLogin" associated to "uid". The bas thing about that is that : 1) I've had to modify a sql statement in Ticket.pm (line 3389 : id) IN (0"; 2) John Doe can't see the details of his tickets. Logs say :
Permission denied because module (Kernel::System::Ticket::CustomerPermission::CustomerIDCheck) is required (UserID: john.doe@example.com 'ro' on TicketID: 17621)!
Hello,
I've upgraded otrs to latest version (2.3.4) to check if it would help, but no :-(
Is anyone using a ldap backend for customers, with these results ? - authentication is done via a different field than the mail (typical uid / mail) - customer logs into the web interface and only see his own tickets under "MyTickets". He would see ALL his tickets (those created from a mail and those created on the web interface)
That's what I'd like to do, but I've not found how to do it. (I've used the example in the docs but that way, tickets created from mails appear in the Company view, and those created from the web interface appear under "MyTickets").
Regards, -- Mikael Kermorgant
Hello, I've found a hack/solution by reverting to the recommended way of configuring ldap in Config.pm (as in the doc), and modiying a sql statement in Kernel/System/Ticket.pm lines 3756 & 3757 : # CustomerID => 'st.customer_id', # CustomerUserLogin => 'st.customer_user_id', I did this because the produced sql statements had what I interpreted as redundant parts. For example : SELECT DISTINCT st.id, st.tn, st.create_time_unix FROM ticket st, queue sq WHERE sq.id = st.queue_id AND (LOWER( st.customer_id ) IN (LOWER( 'john.doe@example.com ) ) OR st.customer_user_id = 'jdoe' ) AND sq.group_id IN ( 4, 4, 9, 9 ) AND LOWER( st.customer_user_id ) = LOWER( 'jdoe' ) ORDER BY st.create_time_unix DESC The line "AND LOWER( st.customer_user_id ) = LOWER( 'jdoe' ) " seems like repeating what is done before. Does anyone here know if this is a dangerous change to apply ? Regards, -- Mikael Kermorgant
participants (1)
-
Mikael Kermorgant