Hi Alvaro, thanks for your help. I am not sure if I undesrtand. I walked arround sysconfig, without success. CustomerInformationCenter 1 Framework Frontend::Admin 4 Framework Frontend::Admin::AdminCustomerCompany 1 Framework Frontend::Admin::AdminCustomerUser 1 Framework Frontend::Admin::AdminSelectBox 1 Framework Frontend::Admin::ModuleRegistration 28 Framework Frontend::Agent 29 Framework Frontend::Agent::Auth::TwoFactor 4 Framework Frontend::Agent::Dashboard 11 Framework Frontend::Agent::LinkObject 1 Framework Frontend::Agent::ModuleMetaHead 1 Framework Frontend::Agent::ModuleNotify 7 Framework Frontend::Agent::ModuleRegistration 15 Framework Frontend::Agent::NavBarModule 2 Framework Frontend::Agent::Preferences 13 Framework Frontend::Agent::SearchRouter 1 Framework Frontend::Agent::Stats 10 Framework Frontend::Customer 28 Framework Frontend::Customer::Auth 26 Framework Frontend::Customer::Auth::TwoFactor 4 Framework Frontend::Customer::ModuleMetaHead I have: * Frontend::Customer::Auth I do not have: * Frontend::Agent::Auth Why? I am using LDAP with memberof. My idea is: * Do not use root@localhost in normal operation. * LDAP Auth is suppressing DB Auth. I have no problems If i create, manually, an account and log AFTER. This is a part of my Config.pm ... # OpenLDAP # authenticate agents against ldap $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self->{'AuthModule::LDAP::Host'} = '127.0.0.1'; $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=aaa,dc=bb'; $Self->{'AuthModule::LDAP::UID'} = 'uid'; # Check if the user is allowed to auth in a posixGroup # (e. g. user needs to be in a group clerks to use otrs) $Self->{'AuthModule::LDAP::GroupDN'} = 'cn=clerks,ou=Group,dc=aaa,dc=bb'; # $Self->{'AuthModule::LDAP::AccessAttr'} = 'memberUid'; $Self->{'AuthModule::LDAP::AccessAttr'} = 'member'; $Self->{'AuthModule::LDAP::UserAttr'} = 'DN'; # defines AuthSyncBackend (AuthSyncModule) for AuthModule # if this key exists and is empty, there won't be a sync. # example values: AuthSyncBackend, AuthSyncBackend2 $Self->{'AuthModule::UseSyncBackend'} = 'AuthSyncBackend'; # sync agents from ldap to mysql $Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP'; $Self->{'AuthSyncModule::LDAP::Host'} = '127.0.0.1'; # $Self->{'AuthSyncModule::LDAP::BaseDN'} = 'ou=People,dc=aaa,dc=bb'; $Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=aaa,dc=bb'; $Self->{'AuthSyncModule::LDAP::UID'} = 'uid'; $Self->{'AuthSyncModule::LDAP::UserSyncMap'} = { # DB -> LDAP UserFirstname => 'givenName', UserLastname => 'sn', UserEmail => 'mail', UserMobile => 'mobile', # UserComment => 'description', }; # AuthSyncModule::LDAP::UserSyncInitialGroups # (sync following group with rw permission after initial create of first agent # login) $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [ 'users', ]; # Attributes needed for group syncs # (attribute name for group value key) # $Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'memberUid'; $Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'member'; # (attribute for type of group content UID/DN for full ldap name) # $Self->{'AuthSyncModule::LDAP::UserAttr'} = 'UID'; $Self->{'AuthSyncModule::LDAP::UserAttr'} = 'DN'; # AuthSyncModule::LDAP::UserSyncGroupsDefinition # (If "LDAP" was selected for AuthModule and you want to sync LDAP # groups to otrs groups, define the following.) $Self->{'AuthSyncModule::LDAP::UserSyncGroupsDefinition'} = { # # ldap group 'cn=netadmins,ou=Group,dc=aaa,dc=bb' => { # # otrs group 'admin' => { # # permission rw => 1, ro => 1, }, }, 'cn=users,ou=Group,dc=aaa,dc=bb' => { 'users' => { rw => 1, ro => 1, }, } }; ... Could you help me? I will appreciate any kind of directions or examples. TIA On 28/01/16 11:15, Alvaro Cordero wrote:

Hello,

That means that the user cannot be sync to the database, you need to verify the user mapping in sysconfig, to match the fields from ldap into OTRS.

Regards

2016-01-28 9:59 GMT-06:00 Cosme Faria Corrêa mailto:cosmefc@canalsac.com.br>:

Hi,

my interface message is that: Panic, user authenticated but no user data can be found in OTRS DB!! Perhaps the user is invalid.

My log says: [Thu Jan 28 10:45:40 2016][Error][Kernel::System::User::UserLookup][922] No UserID found for 'johndoe'! [Thu Jan 28 10:45:40 2016][Error][Kernel::System::User::UserLookup][922] No UserID found for 'johndoe'! [Thu Jan 28 10:45:40 2016][Error][Kernel::System::User::UserAdd][348] Need UserEmail! [Thu Jan 28 10:45:40 2016][Error][Kernel::System::Auth::Sync::LDAP::Sync][281] Can't create user 'johndoe' (uid=johndoe,ou=People,dc=aaa,dc=bb) in RDBMS! [Thu Jan 28 10:45:40 2016][Error][Kernel::System::User::UserLookup][922] No UserID found for 'johndoe'!

The point is, Why? Why it can't? [Thu Jan 28 10:45:40 2016][Error][Kernel::System::Auth::Sync::LDAP::Sync][281] Can't create user 'johndoe' (uid=johndoe,ou=People,dc=aaa,dc=bb) in RDBMS!

-- Cosme Corrêa +55 21 4042-6606 tel:%2B55%2021%204042-6606 CanalSAC O Nosso Negócio é Relacionamento

--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

-- /Alvaro Cordero Retana Consultor de Tecnologias/ /Tel: 22585757 ext 123/ /Email:/ alvaro@gridshield.net mailto:alvaro@gridshield.net

--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

-- Cosme Corrêa +55 21 4042-6606 CanalSAC O Nosso Negócio é Relacionamento

As Dominic indicates, I didn't see that part in the log earlier, but that's exactly what I meant, you need to tell in the config file what fields from ldap match the ones iin your data base and email is mandatory. Regards. 2016-01-28 13:36 GMT-06:00 :

Cosme;

The UserEmail attribute is required

This log line:

[Thu Jan 28 10:45:40 2016][Error][Kernel::System::User::UserAdd][348] Need UserEmail!

Indicates that there isn’t an email address for the agent it is trying to insert.

Have you verified the “mail “ is a proper attribute of your LDAP server, and that it is populated for the agent you’re trying to have login?

Can you tell us what your LDAP server is (Microsoft Active Directory, OpenLDAP, Apache Directory, etc.)?

Thank you,

Dominic L. Hilsbos, MBA, EIT, CSDA

Director – Information Technology

[image: Perform Air International, Inc.]

DHilsbos@PerformAir.com

www.PerformAir.com http://www.performair.com

*From:* otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] *On Behalf Of *Cosme Faria Corrêa *Sent:* Thursday, January 28, 2016 11:08 AM *To:* otrs@otrs.org *Subject:* Re: [otrs] Login not creating a DB entry for a new LDAP agent

Hi Alvaro,

thanks for your help.

I am not sure if I undesrtand.

I walked arround sysconfig, without success.

CustomerInformationCenter

1

Framework

Frontend::Admin

4

Framework

Frontend::Admin::AdminCustomerCompany

1

Framework

Frontend::Admin::AdminCustomerUser

1

Framework

Frontend::Admin::AdminSelectBox

1

Framework

Frontend::Admin::ModuleRegistration

28

Framework

Frontend::Agent

29

Framework

Frontend::Agent::Auth::TwoFactor

4

Framework

Frontend::Agent::Dashboard

11

Framework

Frontend::Agent::LinkObject

1

Framework

Frontend::Agent::ModuleMetaHead

1

Framework

Frontend::Agent::ModuleNotify

7

Framework

Frontend::Agent::ModuleRegistration

15

Framework

Frontend::Agent::NavBarModule

2

Framework

Frontend::Agent::Preferences

13

Framework

Frontend::Agent::SearchRouter

1

Framework

Frontend::Agent::Stats

10

Framework

Frontend::Customer

28

Framework

Frontend::Customer::Auth

26

Framework

Frontend::Customer::Auth::TwoFactor

4

Framework

Frontend::Customer::ModuleMetaHead

I have:

- Frontend::Customer::Auth

I do not have:

- Frontend::Agent::Auth

Why?

I am using LDAP with memberof. My idea is:

- Do not use root@localhost in normal operation. - LDAP Auth is suppressing DB Auth.

I have no problems If i create, manually, an account and log AFTER.

This is a part of my Config.pm

... # OpenLDAP # authenticate agents against ldap $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self->{'AuthModule::LDAP::Host'} = '127.0.0.1'; $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=aaa,dc=bb'; $Self->{'AuthModule::LDAP::UID'} = 'uid';

# Check if the user is allowed to auth in a posixGroup # (e. g. user needs to be in a group clerks to use otrs) $Self->{'AuthModule::LDAP::GroupDN'} = 'cn=clerks,ou=Group,dc=aaa,dc=bb'; # $Self->{'AuthModule::LDAP::AccessAttr'} = 'memberUid'; $Self->{'AuthModule::LDAP::AccessAttr'} = 'member'; $Self->{'AuthModule::LDAP::UserAttr'} = 'DN';

# defines AuthSyncBackend (AuthSyncModule) for AuthModule # if this key exists and is empty, there won't be a sync. # example values: AuthSyncBackend, AuthSyncBackend2 $Self->{'AuthModule::UseSyncBackend'} = 'AuthSyncBackend';

# sync agents from ldap to mysql $Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP'; $Self->{'AuthSyncModule::LDAP::Host'} = '127.0.0.1'; # $Self->{'AuthSyncModule::LDAP::BaseDN'} = 'ou=People,dc=aaa,dc=bb'; $Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=aaa,dc=bb'; $Self->{'AuthSyncModule::LDAP::UID'} = 'uid';

$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = { # DB -> LDAP UserFirstname => 'givenName', UserLastname => 'sn', UserEmail => 'mail', UserMobile => 'mobile', # UserComment => 'description', };

# AuthSyncModule::LDAP::UserSyncInitialGroups # (sync following group with rw permission after initial create of first agent # login) $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [ 'users', ];

# Attributes needed for group syncs # (attribute name for group value key) # $Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'memberUid'; $Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'member'; # (attribute for type of group content UID/DN for full ldap name) # $Self->{'AuthSyncModule::LDAP::UserAttr'} = 'UID'; $Self->{'AuthSyncModule::LDAP::UserAttr'} = 'DN';

# AuthSyncModule::LDAP::UserSyncGroupsDefinition # (If "LDAP" was selected for AuthModule and you want to sync LDAP # groups to otrs groups, define the following.) $Self->{'AuthSyncModule::LDAP::UserSyncGroupsDefinition'} = { # # ldap group 'cn=netadmins,ou=Group,dc=aaa,dc=bb' => { # # otrs group 'admin' => { # # permission rw => 1, ro => 1, }, }, 'cn=users,ou=Group,dc=aaa,dc=bb' => { 'users' => { rw => 1, ro => 1, }, } }; ...

Could you help me? I will appreciate any kind of directions or examples.

TIA

On 28/01/16 11:15, Alvaro Cordero wrote:

Hello,

That means that the user cannot be sync to the database, you need to verify the user mapping in sysconfig, to match the fields from ldap into OTRS.

Regards

2016-01-28 9:59 GMT-06:00 Cosme Faria Corrêa :

Hi,

my interface message is that: Panic, user authenticated but no user data can be found in OTRS DB!! Perhaps the user is invalid.

My log says: [Thu Jan 28 10:45:40 2016][Error][Kernel::System::User::UserLookup][922] No UserID found for 'johndoe'! [Thu Jan 28 10:45:40 2016][Error][Kernel::System::User::UserLookup][922] No UserID found for 'johndoe'! [Thu Jan 28 10:45:40 2016][Error][Kernel::System::User::UserAdd][348] Need UserEmail! [Thu Jan 28 10:45:40 2016][Error][Kernel::System::Auth::Sync::LDAP::Sync][281] Can't create user 'johndoe' (uid=johndoe,ou=People,dc=aaa,dc=bb) in RDBMS! [Thu Jan 28 10:45:40 2016][Error][Kernel::System::User::UserLookup][922] No UserID found for 'johndoe'!

The point is, Why? Why it can't? [Thu Jan 28 10:45:40 2016][Error][Kernel::System::Auth::Sync::LDAP::Sync][281] Can't create user 'johndoe' (uid=johndoe,ou=People,dc=aaa,dc=bb) in RDBMS!

-- Cosme Corrêa +55 21 4042-6606 CanalSAC O Nosso Negócio é Relacionamento

--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

--

*Alvaro Cordero Retana Consultor de Tecnologias*

*Tel: 22585757 ext 123*

*Email:* alvaro@gridshield.net

---------------------------------------------------------------------

OTRS mailing list: otrs - Webpage: http://otrs.org/

Archive: http://lists.otrs.org/pipermail/otrs

To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

--

Cosme Corrêa

+55 21 4042-6606

CanalSAC

O Nosso Negócio é Relacionamento

--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

-- *Alvaro Cordero RetanaConsultor de Tecnologias* *Tel: 22585757 ext 123* *Email:* alvaro@gridshield.net