Authentication succeeded, but no customer record is found in the customer backend. Please contact your administrator.
Hi all, When trying to log in as a customer, I get the error “Authentication succeeded, but no customer record is found in the customer backend. Please contact your administrator.”. Authentication works good, but apparently the information from Active Directory does not synchronize to OTRS… When I use a wrong password I get the error “Login failed! Your user name or password was entered incorrectly”, so authenticating works good… As soon as I get the error mentioned earlier, I see the following error in the otrs.log “[Error][Kernel::System::CustomerUser::SetPreferences][587] No such user 'HaraldW'. Agents have no problem logging in, so I think I won’t have to think about that part, but the customer authentication part of my config.pm looks like this (I have replaced parts with xxx for security reasons) : # This is an example configuration for an LDAP auth. backend. # (make sure Net::LDAP is installed!) $Self->{'Customer::AuthModule3'} = 'Kernel::System::CustomerAuth::LDAP'; $Self->{'Customer::AuthModule::LDAP::Host3'} = 'xxx.xxx.xxx.xxx'; $Self->{'Customer::AuthModule::LDAP::BaseDN3'} = 'dc=xxx,dc=xxx'; $Self->{'Customer::AuthModule::LDAP::UID3'} = 'sAMAccountName'; # Check if the user is allowed to auth in a posixGroup # (e. g. user needs to be in a group xyz to use otrs) $Self->{'Customer::AuthModule::LDAP::GroupDN3'} = 'CN=OTRS_Users,OU=XXX,DC=xxx,DC=xxx'; $Self->{'Customer::AuthModule::LDAP::AccessAttr3'} = 'member'; # for ldap posixGroups objectclass (just uid) # $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID'; # for non ldap posixGroups objectclass (full user dn) $Self->{'Customer::AuthModule::LDAP::UserAttr3'} = 'DN'; # The following is valid but would only be necessary if the # anonymous user does NOT have permission to read from the LDAP tree $Self->{'Customer::AuthModule::LDAP::SearchUserDN3'} = 'CN=XXXXXX,OU=IT Department,OU=XXX,DC=xxx,DC=xxx'; $Self->{'Customer::AuthModule::LDAP::SearchUserPw3'} = 'XXXXXXX'; # in case you want to add always one filter to each ldap query, use # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)' # $Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = ''; # in case you want to add a suffix to each customer login name, then # you can use this option. e. g. user just want to use user but # in your ldap directory exists user@domain. #$Self->{'Customer::AuthModule::LDAP::UserSuffix'} = '@domain.com'; # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP) $Self->{'Customer::AuthModule::LDAP::Params3'} = { port => 389, timeout => 120, async => 0, version => 3, }; # LATER TOEGEVOEGD, SYNC: # Example 4.8. Configuring an LDAP customer backend # CustomerUser # (customer ldap backend and settings) $Self->{CustomerUser2} = { Name => 'LDAP Data Source', Module => 'Kernel::System::CustomerUser::LDAP', Params => { # ldap host Host => 'xxx.xxx.xxx.xxx', # ldap base dn BaseDN => 'dc=xxx,dc=xxx', # search scope (one|sub) SSCOPE => 'sub', # The following is valid but would only be necessary if the # anonymous user does NOT have permission to read from the LDAP tree UserDN => 'CN=XXXXXX,OU=IT Department,OU=XXX,DC=xxx,DC=xxx', UserPw => 'XXXXXXX', # in case you want to add always one filter to each ldap query, use # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)' AlwaysFilter => '(memberOf='CN=OTRS_Users,OU=XXX,DC=xxx,DC=xxx)', # if both your frontend and your LDAP are unicode, use this: # SourceCharset => 'utf-8', # DestCharset => 'utf-8', # if your frontend is unicode and the charset of your # ldap server is iso-8859-1, use these options. # SourceCharset => 'iso-8859-1', # DestCharset => 'utf-8', # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP) Params => { port => 389, timeout => 120, async => 0, version => 3, }, }, # customer unique id CustomerKey => 'sAMAccountName', # customer # CustomerID => 'company', CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchPrefix => '', CustomerUserSearchSuffix => '*', CustomerUserSearchListLimit => 250, CustomerUserPostMasterSearchFields => ['mail'], CustomerUserNameFields => ['givenname', 'sn'], # show not own tickets in customer panel, CompanyTickets # CustomerUserExcludePrimaryCustomerID => 0, # add an ldap filter for valid users (expert setting) # CustomerUserValidFilter => '(!(description=locked))', # administrator can't change customer preferences # AdminSetPreferences => 0, # # cache time to live in sec. - cache any database queries # CacheTTL => 0, Map => [ # note: Login, Email and CustomerID are mandatory! # var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly [ 'UserTitle', 'Title', 'title', 1, 0, 'var', '', 0 ], [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var', '', 0 ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var', '', 0 ], [ 'UserLogin', 'Username', 'sAMAccountName', 1, 1, 'var', '', 0 ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var', '', 0 ], [ 'UserCustomerID', 'CustomerID', 'company', 0, 1, 'var', '', 0 ], # [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1, 0, 'var', '', 0 ], [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var', '', 0 ], [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var', '', 0 ], [ 'UserComment', 'Comment', 'description', 1, 0, 'var', '', 0 ], ], }; Can someone please help me with this? I’ve been searching on the web for quite some time now, and I can’t figure it out… All our users have the same company name so everyone can see each other’s tickets, that’s why we use “company” as CustomerID instead of sAMAccountName… OTRS is installed on a Windows 2012 server, the database is SQL 2008 Express and the OTRS version we use is 3.3.7 Kind regards, Erik Met vriendelijke groet / Kind regards / Mit freundlichem Gruß, _______________________________________________________________ [http://eu.suzohapp.com/img/logo/mail_suzo_small.gif] Erik van Ast SUZO-HAPP GROUP | Systems Administrator Office: +31-(0)186-643333 | Fax: +31-(0)186-643377 Erik.van.Ast@suzohapp.nl | www.suzohapp.nl NL
I have seen this issue when you configure LDAP as the Auth Source, but in
config it is still pointing to DB Backend.
Look in Sysconfig for Auth and check in Frontend::Customer::Auth set the
corresponding variables there as you have them in your Config.pm
Regards
2014-05-26 8:39 GMT-06:00 Erik van Ast
Hi all,
When trying to log in as a customer, I get the error “Authentication succeeded, but no customer record is found in the customer backend. Please contact your administrator.”. Authentication works good, but apparently the information from Active Directory does not synchronize to OTRS… When I use a wrong password I get the error “Login failed! Your user name or password was entered incorrectly”, so authenticating works good… As soon as I get the error mentioned earlier, I see the following error in the otrs.log “[Error][Kernel::System::CustomerUser::SetPreferences][587] No such user 'HaraldW'.
Agents have no problem logging in, so I think I won’t have to think about that part, but the customer authentication part of my config.pm looks like this (I have replaced parts with xxx for security reasons) :
# This is an example configuration for an LDAP auth. backend.
# (make sure Net::LDAP is installed!)
$Self->{'Customer::AuthModule3'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host3'} = 'xxx.xxx.xxx.xxx';
$Self->{'Customer::AuthModule::LDAP::BaseDN3'} = 'dc=xxx,dc=xxx';
$Self->{'Customer::AuthModule::LDAP::UID3'} = 'sAMAccountName';
# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group xyz to use otrs)
$Self->{'Customer::AuthModule::LDAP::GroupDN3'} = 'CN=OTRS_Users,OU=XXX,DC=xxx,DC=xxx';
$Self->{'Customer::AuthModule::LDAP::AccessAttr3'} = 'member';
# for ldap posixGroups objectclass (just uid)
# $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID';
# for non ldap posixGroups objectclass (full user dn)
$Self->{'Customer::AuthModule::LDAP::UserAttr3'} = 'DN';
# The following is valid but would only be necessary if the
# anonymous user does NOT have permission to read from the LDAP tree
$Self->{'Customer::AuthModule::LDAP::SearchUserDN3'} = 'CN=XXXXXX,OU=IT Department,OU=XXX,DC=xxx,DC=xxx';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw3'} = 'XXXXXXX';
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
# $Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '';
# in case you want to add a suffix to each customer login name, then
# you can use this option. e. g. user just want to use user but
# in your ldap directory exists user@domain.
#$Self->{'Customer::AuthModule::LDAP::UserSuffix'} = '@domain.com';
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'Customer::AuthModule::LDAP::Params3'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
# LATER TOEGEVOEGD, SYNC:
# Example 4.8. Configuring an LDAP customer backend
# CustomerUser
# (customer ldap backend and settings)
$Self->{CustomerUser2} = {
Name => 'LDAP Data Source',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
# ldap host
Host => 'xxx.xxx.xxx.xxx',
# ldap base dn
BaseDN => 'dc=xxx,dc=xxx',
# search scope (one|sub)
SSCOPE => 'sub',
# The following is valid but would only be necessary if the
# anonymous user does NOT have permission to read from the LDAP tree
UserDN => 'CN=XXXXXX,OU=IT Department,OU=XXX,DC=xxx,DC=xxx',
UserPw => 'XXXXXXX',
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
AlwaysFilter => '(memberOf='CN=OTRS_Users,OU=XXX,DC=xxx,DC=xxx)',
# if both your frontend and your LDAP are unicode, use this:
# SourceCharset => 'utf-8',
# DestCharset => 'utf-8',
# if your frontend is unicode and the charset of your
# ldap server is iso-8859-1, use these options.
# SourceCharset => 'iso-8859-1',
# DestCharset => 'utf-8',
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
Params => {
port => 389,
timeout => 120,
async => 0,
version => 3,
},
},
# customer unique id
CustomerKey => 'sAMAccountName',
# customer #
CustomerID => 'company',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
# show not own tickets in customer panel, CompanyTickets
# CustomerUserExcludePrimaryCustomerID => 0,
# add an ldap filter for valid users (expert setting)
# CustomerUserValidFilter => '(!(description=locked))',
# administrator can't change customer preferences
# AdminSetPreferences => 0,
# # cache time to live in sec. - cache any database queries
# CacheTTL => 0,
Map => [
# note: Login, Email and CustomerID are mandatory!
# var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly
[ 'UserTitle', 'Title', 'title', 1, 0, 'var', '', 0 ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var', '', 0 ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var', '', 0 ],
[ 'UserLogin', 'Username', 'sAMAccountName', 1, 1, 'var', '', 0 ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var', '', 0 ],
[ 'UserCustomerID', 'CustomerID', 'company', 0, 1, 'var', '', 0 ],
# [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1, 0, 'var', '', 0 ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var', '', 0 ],
[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var', '', 0 ],
[ 'UserComment', 'Comment', 'description', 1, 0, 'var', '', 0 ],
],
};
Can someone please help me with this? I’ve been searching on the web for quite some time now, and I can’t figure it out…
All our users have the same company name so everyone can see each other’s tickets, that’s why we use “company” as CustomerID instead of sAMAccountName…
OTRS is installed on a Windows 2012 server, the database is SQL 2008 Express and the OTRS version we use is 3.3.7
Kind regards, Erik
Met vriendelijke groet / Kind regards / Mit freundlichem Gruß, _______________________________________________________________
Erik van Ast SUZO-HAPP GROUP | Systems Administrator Office: +31-(0)186-643333 | Fax: +31-(0)186-643377 Erik.van.Ast@suzohapp.nl | www.suzohapp.nl NL
--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
-- ___________________________ Alvaro Cordero Retana Consultor de Tecnologias Gridshield Monitoreo de Redes e Infraestructura. 2258-5757 ext 123 alvaro@gridshield.net www.gridshield.net
participants (2)
-
Alvaro Cordero -
Erik van Ast