Hi Troy, Instead of this: CustomerKey => 'sAMAccountName', CustomerID => 'sAMAccountName', Try this: CustomerKey => 'sAMAccountName', CustomerID => 'mail' Regards, Troy Shafer wrote:

ok, i'm missing something.. below is my customer ldap code. I made sure all uid were changed too sAMAccountName... (i changed specific domain info for obvious reasons)

#Customer LDAP Settings

$Self->{CustomerUser} = { Module => 'Kernel::System::CustomerUser::LDAP', Params => { Host => '192.168.30.55', BaseDN => 'dc=domain,dc=com', SSCOPE => 'sub', UserDN => 'cn=otrs,ou=mis,ou=User_Accounts,dc=domain,dc=com', UserPw => 'otrspassword', }, CustomerKey => 'sAMAccountName', CustomerID => 'sAMAccountName', CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'], CustomerUserPostMasterSearchFields => ['mail'], CustomerUserNameFields => ['givenname', 'sn'], Map => [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown, required, storage-type # [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ], [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ], [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ], [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ], # [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ], # [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ], # [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ], ], };

-Troy

------------------------------------------------------------------------ *From:* Troy Shafer *To:* User questions and discussions about OTRS. *Sent:* Fri, February 5, 2010 1:00:36 PM *Subject:* Re: [otrs] AD Synch

Ok i went back and tried the customer login and I get an error that says... Error: Need CustomerID!!! I'm sure this is common.

I think i found my answer here: http://lists.otrs.org/pipermail/otrs/2004-October/006523.html

I'll report back if I did i'm sure i can't be the only one looking for this... or i'm a moron and i AM the only one :)

Thanks Sune and David, i've seen your post throughout my search and i do appreciate such knowledgeable admins helping us out.

-Troy

------------------------------------------------------------------------ *From:* Sune T. Tougaard *To:* User questions and discussions about OTRS. *Sent:* Thu, February 4, 2010 6:46:41 PM *Subject:* Re: [otrs] AD Synch

If this by any chance is for the customer part (it’s a big install if you have 3000 agents, I think), perhaps the following may be helpful.

By “No user data” it could mean that some info that is required in the OTRS DB is not available in the AD/LDAP lookup. So one thing to check, I guess, would be if the AD is populated with the needed data.

In my setup I think that the only parts “required” for the customer part are Login, Email and CustomerID.

In my Customer Authentication part of the config, I have those fields mapped as follows:

# 'var', 'frontend', 'storage', shown, required, 'storage-type'

[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],

[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],

[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],

So, in my AD, if I have empty “sAMAccountName” or “mail” fields, I would get the “No user data” error when logging in.

Also, I believe that the UID must be set to “sAMAccountName”, the default is UPN as far as I recall.

Your otrs log may give your hints to what may be missing or going wrong.

Perhaps you could show us the authen part of your config, that could help.

It’s been a while since I was last deep in otrs, so I may be using an older version. Dunno if all this applies to yours.

I may also be totally off track, it was setup years ago.

--

/Sune T.

*From:* otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] *On Behalf Of *David Holder *Sent:* 05 February 2010 00:16 *To:* User questions and discussions about OTRS. *Subject:* Re: [otrs] AD Synch

Hi Troy,

AFAIK agents are authenticated against OTRS's database, but the information for those accounts is first probed in the LDAP directory. If you're getting a "panic no user data!" when logging in as a agent, the information isn't being synced to OTRS's database. Have you implemented the following code:

# agent data sync against ldap $Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP'; $Self->{'AuthSyncModule::LDAP::Host'} = 'ldap://ldap.example.com/'; $Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=otrs, dc=org'; $Self->{'AuthSyncModule::LDAP::UID'} = 'uid'; $Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'uid=sys, ou=user, dc=otrs, dc=org'; $Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'some_pass'; $Self->{'AuthSyncModule::LDAP::UserSyncMap'} = { # DB -> LDAP UserFirstname => 'givenName', UserLastname => 'sn', UserEmail => 'mail', }; [...]

# AuthSyncModule::LDAP::UserSyncInitialGroups # (sync following group with rw permission after initial create of first agent # login) $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [ 'users', ];

If you haven't implemented the above, do so and let us know how you get on. If you get compeltely stuck I can send you a blank config from my current OTRS setup, which I have e-mailed to several people already to help them resolve their AD sync/access issues.

Regards,

David

Troy Shafer wrote:

I have searched and searched but can't seem to find the answer.

So i setup the Config.pm http://Config.pm to use AD authentication.. then of course i got the Panic! No user data! error. We have over 3,000 employees. I'm not going to sit here and create an account for each of them. I do have it searching AD successfully and autheniticating against AD.

I've seen examples of user synchronization on the web and everytime i try those code in the config file and restart apache i can't login to otrs with an AD account or root@localhost.

Essentially i'm looking for the code that will allow authentication against AD without the user needing to be in the otrs db... or..

When authenticated against AD the user is automatically created in the OTRS DB..

or some variation that doesn't need me to create 3000 accounts by hand.

-Troy

------------------------------------------------------------------------

--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/

------------------------------------------------------------------------

--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/

Lol, you're most welcome Troy. Enjoy using OTRS. On Fri, Feb 5, 2010 at 8:06 PM, Troy Shafer wrote:

YOU ARE THE MAN!

-Troy

------------------------------ *From:* David Holder

*To:* User questions and discussions about OTRS. *Sent:* Fri, February 5, 2010 2:30:25 PM

*Subject:* Re: [otrs] AD Synch

Hi Troy,

Instead of this:

CustomerKey => 'sAMAccountName', CustomerID => 'sAMAccountName',

Try this:

CustomerKey => 'sAMAccountName', CustomerID => 'mail'

Regards,

Troy Shafer wrote:

ok, i'm missing something.. below is my customer ldap code. I made sure all uid were changed too sAMAccountName... (i changed specific domain info for obvious reasons)

#Customer LDAP Settings

$Self->{CustomerUser} = { Module => 'Kernel::System::CustomerUser::LDAP', Params => { Host => '192.168.30.55', BaseDN => 'dc=domain,dc=com', SSCOPE => 'sub', UserDN => 'cn=otrs,ou=mis,ou=User_Accounts,dc=domain,dc=com', UserPw => 'otrspassword', }, CustomerKey => 'sAMAccountName', CustomerID => 'sAMAccountName', CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'], CustomerUserPostMasterSearchFields => ['mail'], CustomerUserNameFields => ['givenname', 'sn'], Map => [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown, required, storage-type # [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ], [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ], [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ], [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ], # [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ], # [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ], # [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ], ], };

-Troy

------------------------------ *From:* Troy Shafer *To:* User questions and discussions about OTRS. *Sent:* Fri, February 5, 2010 1:00:36 PM *Subject:* Re: [otrs] AD Synch

Ok i went back and tried the customer login and I get an error that says... Error: Need CustomerID!!! I'm sure this is common.

I think i found my answer here: http://lists.otrs.org/pipermail/otrs/2004-October/006523.html

I'll report back if I did i'm sure i can't be the only one looking for this... or i'm a moron and i AM the only one :)

Thanks Sune and David, i've seen your post throughout my search and i do appreciate such knowledgeable admins helping us out.

-Troy

------------------------------ *From:* Sune T. Tougaard *To:* User questions and discussions about OTRS. *Sent:* Thu, February 4, 2010 6:46:41 PM *Subject:* Re: [otrs] AD Synch

If this by any chance is for the customer part (it’s a big install if you have 3000 agents, I think), perhaps the following may be helpful.

By “No user data” it could mean that some info that is required in the OTRS DB is not available in the AD/LDAP lookup. So one thing to check, I guess, would be if the AD is populated with the needed data.

In my setup I think that the only parts “required” for the customer part are Login, Email and CustomerID.

In my Customer Authentication part of the config, I have those fields mapped as follows:

# 'var', 'frontend', 'storage', shown, required, 'storage-type'

[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],

[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],

[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],

So, in my AD, if I have empty “sAMAccountName” or “mail” fields, I would get the “No user data” error when logging in.

Also, I believe that the UID must be set to “sAMAccountName”, the default is UPN as far as I recall.

Your otrs log may give your hints to what may be missing or going wrong.

Perhaps you could show us the authen part of your config, that could help.

It’s been a while since I was last deep in otrs, so I may be using an older version. Dunno if all this applies to yours.

I may also be totally off track, it was setup years ago.

--

/Sune T.

*From:* otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] *On Behalf Of *David Holder *Sent:* 05 February 2010 00:16 *To:* User questions and discussions about OTRS. *Subject:* Re: [otrs] AD Synch

Hi Troy,

AFAIK agents are authenticated against OTRS's database, but the information for those accounts is first probed in the LDAP directory. If you're getting a "panic no user data!" when logging in as a agent, the information isn't being synced to OTRS's database. Have you implemented the following code:

# agent data sync against ldap

$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';

$Self->{'AuthSyncModule::LDAP::Host'} = 'ldap://ldap.example.com/';

$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=otrs, dc=org';

$Self->{'AuthSyncModule::LDAP::UID'} = 'uid';

$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'uid=sys, ou=user, dc=otrs, dc=org';

$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'some_pass';

$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {

# DB -> LDAP

UserFirstname => 'givenName',

UserLastname => 'sn',

UserEmail => 'mail',

};

[...]

# AuthSyncModule::LDAP::UserSyncInitialGroups

# (sync following group with rw permission after initial create of first agent

# login)

$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [

'users',

];

If you haven't implemented the above, do so and let us know how you get on. If you get compeltely stuck I can send you a blank config from my current OTRS setup, which I have e-mailed to several people already to help them resolve their AD sync/access issues.

Regards,

David

Troy Shafer wrote:

I have searched and searched but can't seem to find the answer.

So i setup the Config.pm to use AD authentication.. then of course i got the Panic! No user data! error. We have over 3,000 employees. I'm not going to sit here and create an account for each of them. I do have it searching AD successfully and autheniticating against AD.

I've seen examples of user synchronization on the web and everytime i try those code in the config file and restart apache i can't login to otrs with an AD account or root@localhost.

Essentially i'm looking for the code that will allow authentication against AD without the user needing to be in the otrs db... or..

When authenticated against AD the user is automatically created in the OTRS DB..

or some variation that doesn't need me to create 3000 accounts by hand.

-Troy

------------------------------

---------------------------------------------------------------------

OTRS mailing list: otrs - Webpage: http://otrs.org/

Archive: http://lists.otrs.org/pipermail/otrs

To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!

http://www.otrs.com/en/support/enterprise-subscription/

------------------------------

--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!http://www.otrs.com/en/support/enterprise-subscription/

--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/