客户用户¶
您公司与谁打交道的记录需要更多关于个体的信息:实际位置(用于运输和账单目的)以及电子邮件和电话的联系信息。
OTRS提供了一种很好的方法来保存贵公司所服务的组织内的联系人的个人信息。 您可以根据需要向OTRS添加任意数量的个人连接。
使用此屏幕向系统添加 客户用户。 默认情况下,新的OTRS安装不包含任何客户用户。 客户用户管理屏幕位于* 用户、组和角色 组的 客户用户 模块中。
客户用户管理屏幕
管理客户用户¶
注解
只能通过使用数据库后端来添加或编辑客户用户。 使用LDAP等外部目录服务将禁用客户用户管理功能。
若要添加一个客户用户:
- 点击左侧边栏的 添加客户用户 按钮。
- 填写必填字段。
- 点击 保存 按钮。
添加客户用户屏幕
警告
无法从系统中删除客户用户。 只能通过将 有效性 选项设置为 无效 或 临时无效 来停用它们。
若要编辑一个客户用户:
- 点击客户用户列表中的一个客户用户。
- 修改字段。
- 点击 保存 或 保存并完成 按钮。
编辑客户用户屏幕
若要查找一个客户用户:
- 在左侧边栏的搜索框中输入搜索字词。
- 单击字段右侧的放大镜图标或敲击一下
回车键。
注解
如果将多个客户用户添加到系统中,请使用搜索框查找特定客户用户。 默认情况下,仅列出前1000个客户用户。
可以通过将客户或客户用户添加到 组 来控制客户用户权限。 这可能会导致复杂的权限矩阵。 可以在 编辑客户用户 屏幕的底部检查客户用户的有效权限。
客户用户的有效权限小部件
参见
需要启用 客户用户 ↔ 组 才能使用此功能。
客户用户设置¶
添加或编辑此资源时,可以使用以下设置。 标有星号的字段是必填字段。
注解
这些是可用于内部数据库表的默认字段。
- 头衔或问候语
- 可以在此处添加一些名称前缀,如 Mr.、Dr.、Jr. 等。
- 名 *
- 客户用户的名字部分。
- 姓 *
- 客户用户的姓。
- 用户名 *
- 登录系统的客户用户的用户名。
- 密码
- 客户用户的密码。 如果留空,将自动生成。
- Email *
- 客户用户的电子邮件地址。
- 客户 *
- 客户用户所属的客户单位。 从 客户 列表中选择一个客户。
- 电话
- 客户用户的电话号码。
- 传真
- 客户用户的传真号码。
- 手机
- 客户用户的手机号码。
- 街道
- 客户的街道名称。
- 邮编
- 客户的邮编。
- 城市
- 客户总部所在城市。
- 国家
- 客户用户的国家/地区。
- 注释
- 向此资源添加其它信息。 为了更清晰,建议始终将此字段填充为带有完整句子的资源描述,因为注释也将显示在概览表中。
- 有效性 *
- 设置此资源的有效性。 如果此字段设置为 有效,则每个资源即可仅在OTRS中使用。 将此字段设置为 无效 或 临时无效 将禁止此资源的使用。
参见
可以通过 客户用户 ↔ 客户 屏幕为客户用户分配多个客户。
客户用户后端¶
系统会使用许多客户数据属性如用户名、电子邮件地址、电话号码等等,这些属性在服务人员和客户前端界面都会显示,还用于客户的身份验证。
在系统中使用或显示的客户数据是高度可定制的,但客户身份验证总是需要用户登录名和电子邮件地址。
The administrator interface does not support the configuration of external back ends. Administrators need to edit the file Kernel/Config.pm by copying and pasting code snippets from Kernel/Config/Defaults.pm manually in case of using On-Premise system.
If you already have another customer back end (e.g. SAP), it is possible to write a module that uses it.
警告
不要修改 Kernel/Config/Defaults.pm 文件,在升级升级后它会被覆盖!而是复制并粘贴代码片段到 Kernel/Config.pm 文件中。
注解
This feature is only available to On-Premise customers. If you are a Managed customer, this feature is taken care of by the Customer Solutions Team in OTRS. Please contact us via support@otrs.com or in the OTRS Portal.
Customer User Back End - Database¶
The default user authentication back end for customer users is the OTRS database. With this back end, all customer user data can be edited via the administrator interface.
# This is the auth. module for the otrs db
# you can also configure it using a remote database
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::DB';
$Self->{'Customer::AuthModule::DB::Table'} = 'customer_user';
$Self->{'Customer::AuthModule::DB::CustomerKey'} = 'login';
$Self->{'Customer::AuthModule::DB::CustomerPassword'} = 'pw';
# $Self->{'Customer::AuthModule::DB::DSN'} = "DBI:mysql:database=customerdb;host=customerdbhost";
# $Self->{'Customer::AuthModule::DB::User'} = "some_user";
# $Self->{'Customer::AuthModule::DB::Password'} = "some_password";
# if you use odbc or you want to define a database type (without autodetection)
# $Self->{'Customer::AuthModule::DB::Type'} = 'mysql';
# password crypt type (bcrypt|sha2|sha1|md5|apr1|crypt|plain)
# $Self->{'Customer::AuthModule::DB::CryptType'} = 'sha2';
The example below shows the configuration of a database customer back end, which uses customer user data stored in the database table customer_user.
# CustomerUser
# (customer user database backend and settings)
$Self->{CustomerUser} = {
Name => Translatable('Database Backend'),
Module => 'Kernel::System::CustomerUser::DB',
Params => {
# if you want to use an external database, add the
# required settings
# DSN => 'DBI:odbc:yourdsn',
# Type => 'mssql', # only for ODBC connections
# DSN => 'DBI:mysql:database=customerdb;host=customerdbhost',
# User => '',
# Password => '',
Table => 'customer_user',
# ForeignDB => 0, # set this to 1 if your table does not have create_time, create_by, change_time and change_by fields
# CaseSensitive defines if the data storage of your DBMS is case sensitive and will be
# preconfigured within the database driver by default.
# If the collation of your data storage differs from the default settings,
# you can set the current behavior ( either 1 = CaseSensitive or 0 = CaseINSensitive )
# to fit your environment.
#
# CaseSensitive => 0,
# SearchCaseSensitive will control if the searches within the data storage are performed
# case sensitively (if possible) or not. Change this option to 1, if you want to search case sensitive.
# This can improve the performance dramatically on large databases.
SearchCaseSensitive => 0,
},
# customer unique id
CustomerKey => 'login',
# customer #
CustomerID => 'customer_id',
CustomerValid => 'valid_id',
# The last field must always be the email address so that a valid
# email address like "John Doe" <john.doe@domain.com> can be constructed from the fields.
CustomerUserListFields => [ 'first_name', 'last_name', 'email' ],
# CustomerUserListFields => ['login', 'first_name', 'last_name', 'customer_id', 'email'],
CustomerUserSearchFields => [ 'login', 'first_name', 'last_name', 'customer_id' ],
CustomerUserSearchPrefix => '*',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['email'],
CustomerUserNameFields => [ 'title', 'first_name', 'last_name' ],
CustomerUserEmailUniqCheck => 1,
# # Configures the character for joining customer user name parts. Join single space if it is not defined.
# # CustomerUserNameFieldsJoin => '',
# # show now own tickets in customer panel, CompanyTickets
# CustomerUserExcludePrimaryCustomerID => 0,
# # generate auto logins
# AutoLoginCreation => 0,
# # generate auto login prefix
# AutoLoginCreationPrefix => 'auto',
# # admin can change customer preferences
# AdminSetPreferences => 1,
# use customer company support (reference to company, See CustomerCompany settings)
CustomerCompanySupport => 1,
# cache time to live in sec. - cache any database queries
CacheTTL => 60 * 60 * 24,
# # Consider this source read only.
# ReadOnly => 1,
Map => [
# Info about dynamic fields:
#
# Dynamic Fields of type CustomerUser can be used within the mapping (see example below).
# The given storage (third column) then can also be used within the following configurations (see above):
# CustomerUserSearchFields, CustomerUserPostMasterSearchFields, CustomerUserListFields, CustomerUserNameFields
#
# Note that the columns 'frontend' and 'readonly' will be ignored for dynamic fields.
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly, http-link-target, link class(es)
[ 'UserTitle', Translatable('Title or salutation'), 'title', 1, 0, 'var', '', 0, undef, undef ],
[ 'UserFirstname', Translatable('Firstname'), 'first_name', 1, 1, 'var', '', 0, undef, undef ],
[ 'UserLastname', Translatable('Lastname'), 'last_name', 1, 1, 'var', '', 0, undef, undef ],
[ 'UserLogin', Translatable('Username'), 'login', 1, 1, 'var', '', 0, undef, undef ],
[ 'UserPassword', Translatable('Password'), 'pw', 0, 0, 'var', '', 0, undef, undef ],
[ 'UserEmail', Translatable('Email'), 'email', 1, 1, 'var', '', 0, undef, undef ],
# [ 'UserEmail', Translatable('Email'), 'email', 1, 1, 'var', '[% Env("CGIHandle") %]?Action=AgentTicketCompose;ResponseID=1;TicketID=[% Data.TicketID | uri %];ArticleID=[% Data.ArticleID | uri %]', 0, '', 'AsPopup OTRSPopup_TicketAction' ],
[ 'UserCustomerID', Translatable('CustomerID'), 'customer_id', 0, 1, 'var', '', 0, undef, undef ],
# [ 'UserCustomerIDs', Translatable('CustomerIDs'), 'customer_ids', 1, 0, 'var', '', 0, undef, undef ],
[ 'UserPhone', Translatable('Phone'), 'phone', 1, 0, 'var', '', 0, undef, undef ],
[ 'UserFax', Translatable('Fax'), 'fax', 1, 0, 'var', '', 0, undef, undef ],
[ 'UserMobile', Translatable('Mobile'), 'mobile', 1, 0, 'var', '', 0, undef, undef ],
[ 'UserStreet', Translatable('Street'), 'street', 1, 0, 'var', '', 0, undef, undef ],
[ 'UserZip', Translatable('Zip'), 'zip', 1, 0, 'var', '', 0, undef, undef ],
[ 'UserCity', Translatable('City'), 'city', 1, 0, 'var', '', 0, undef, undef ],
[ 'UserCountry', Translatable('Country'), 'country', 1, 0, 'var', '', 0, undef, undef ],
[ 'UserComment', Translatable('Comment'), 'comments', 1, 0, 'var', '', 0, undef, undef ],
[ 'ValidID', Translatable('Valid'), 'valid_id', 0, 1, 'int', '', 0, undef, undef ],
# Dynamic field example
# [ 'DynamicField_Name_X', undef, 'Name_X', 0, 0, 'dynamic_field', undef, 0, undef, undef ],
],
# default selections
Selections => {
# UserTitle => {
# 'Mr.' => Translatable('Mr.'),
# 'Mrs.' => Translatable('Mrs.'),
# },
},
};
如果要自定义客户用户数据,请到数据库中的 customer_user 表更改列或添加新的列。
例如,要为房间号添加一个新字段:
在表
customer_user中添加一个新列room。MySQL 或 MariaDB:
root> mysql -u root -p -e 'ALTER TABLE otrs.customer_user ADD room VARCHAR (250)'PostgreSQL (从
/opt/otrs目录):otrs> psql -c 'ALTER TABLE customer_user ADD COLUMN room varchar(250)'将
$Self->{CustomerUser}部分从Kernel/Config/Defaults.pm复制到Kernel/Config.pm中。将新列添加到
Map数组中。[ 'UserRoom', 'Room', 'room', 0, 1, 'var', '', 0, undef, undef ],
如果不使用它们,可以在映射数组元素中将HTTP链接目标和链接类(最后两个键)设置为
undef。 这些键分别将target=""和class=""属性添加到HTTP链接元素。 如果未设置HTTP链接,则忽略它们(在本例中为'')。注解
建议始终使用英文单词作为名称。
参见
Names can be translated into other languages with custom language files. For more information, see the Custom Language File chapter.
Customer User Back End - LDAP¶
If you have an LDAP directory with all your customer user data, you can use the LDAP module to authenticate your customer users. Because this module has only read-access to the LDAP back end, it is not possible to edit the customer user data via the administrator interface.
# This is an example configuration for an LDAP auth. backend.
# (take care that Net::LDAP is installed!)
# $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
# $Self->{'Customer::AuthModule::LDAP::Host'} = 'ldap.example.com';
# $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=example,dc=com';
# $Self->{'Customer::AuthModule::LDAP::UID'} = 'uid';
# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group xyz to use otrs)
# $Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'cn=otrsallow,ou=posixGroups,dc=example,dc=com';
# $Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'memberUid';
# for ldap posixGroups objectclass (just uid)
# $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID';
# for non ldap posixGroups objectclass (full user dn)
# $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN';
# The following is valid but would only be necessary if the
# anonymous user do NOT have permission to read from the LDAP tree
# $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = '';
# $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = '';
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
# $Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '';
# in case you want to add a suffix to each customer login name, then
# you can use this option. e. g. user just want to use user but
# in your ldap directory exists user@domain.
# $Self->{'Customer::AuthModule::LDAP::UserSuffix'} = '@domain.com';
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
# $Self->{'Customer::AuthModule::LDAP::Params'} = {
# port => 389,
# timeout => 120,
# async => 0,
# version => 3,
# };
# Die if backend can't work, e. g. can't connect to server.
# $Self->{'Customer::AuthModule::LDAP::Die'} = 1;
The example below shows the configuration of a LDAP customer user back end.
# CustomerUser
# (customer user ldap backend and settings)
$Self->{CustomerUser} = {
Name => 'LDAP Backend',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
# ldap host
Host => 'bay.csuhayward.edu',
# ldap base dn
BaseDN => 'ou=seas,o=csuh',
# search scope (one|sub)
SSCOPE => 'sub',
# The following is valid but would only be necessary if the
# anonymous user does NOT have permission to read from the LDAP tree
UserDN => '',
UserPw => '',
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
AlwaysFilter => '',
# if the charset of your ldap server is iso-8859-1, use this:
# # SourceCharset => 'iso-8859-1',
# die if backend can't work, e. g. can't connect to server
Die => 0,
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
Params => {
port => 389,
timeout => 120,
async => 0,
version => 3,
},
},
# customer unique id
CustomerKey => 'uid',
# customer #
CustomerID => 'mail',
CustomerUserListFields => ['cn', 'mail'],
CustomerUserSearchFields => ['uid', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
# Configures the character for joining customer user name parts. Join single space if it is not defined.
CustomerUserNameFieldsJoin => '',
# show customer user and customer tickets in the external interface
CustomerUserExcludePrimaryCustomerID => 0,
# add a ldap filter for valid users (expert setting)
# # CustomerUserValidFilter => '(!(description=gesperrt))',
# admin can't change customer preferences
AdminSetPreferences => 0,
# cache time to live in sec. - cache any ldap queries
# CacheTTL => 0,
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly, http-link-target, link class(es)
[ 'UserTitle', Translatable('Title or salutation'), 'title', 1, 0, 'var', '', 1, undef, undef ],
[ 'UserFirstname', Translatable('Firstname'), 'givenname', 1, 1, 'var', '', 1, undef, undef ],
[ 'UserLastname', Translatable('Lastname'), 'sn', 1, 1, 'var', '', 1, undef, undef ],
[ 'UserLogin', Translatable('Username'), 'uid', 1, 1, 'var', '', 1, undef, undef ],
[ 'UserEmail', Translatable('Email'), 'mail', 1, 1, 'var', '', 1, undef, undef ],
[ 'UserCustomerID', Translatable('CustomerID'), 'mail', 0, 1, 'var', '', 1, undef, undef ],
# [ 'UserCustomerIDs', Translatable('CustomerIDs'), 'second_customer_ids', 1, 0, 'var', '', 1, undef, undef ],
[ 'UserPhone', Translatable('Phone'), 'telephonenumber', 1, 0, 'var', '', 1, undef, undef ],
[ 'UserAddress', Translatable('Address'), 'postaladdress', 1, 0, 'var', '', 1, undef, undef ],
[ 'UserComment', Translatable('Comment'), 'description', 1, 0, 'var', '', 1, undef, undef ],
# this is needed, if "SMIME::FetchFromCustomer" is active
# [ 'UserSMIMECertificate', 'SMIMECertificate', 'userSMIMECertificate', 0, 1, 'var', '', 1, undef, undef ],
# Dynamic field example
# [ 'DynamicField_Name_X', undef, 'Name_X', 0, 0, 'dynamic_field', undef, 0, undef, undef ],
],
};
若要激活和配置LDAP后端:
- 将
$Self->{CustomerUser}部分从Kernel/Config/Defaults.pm复制到Kernel/Config.pm中。 - 从行的开头删除注释(
#字符)。
如果在LDAP目录中存有其他客户用户属性,例如管理员名称、手机号码或部门,则此信息可以显示在OTRS中。
若要从LDAP目录显示其他客户用户属性:
使用这些属性的条目扩展
Kernel/Config.pm中的Map数组。[ 'UserMobilePhone', 'Mobile Phone', 'mobilephone', 1, 0, 'var', '', 1, undef, undef ],
注解
建议始终使用英文单词作为名称。
参见
Names can be translated into other languages with custom language files. For more information, see the Custom Language File chapter.
Customer User Back End - HTTPBasicAuth¶
If you want to implement a single sign on solution for all your customer users, you can use HTTPBasic authentication (for all your systems) and use the HTTPBasicAuth module with OTRS. No login is needed with OTRS any more.
# This is an example configuration for an apache ($ENV{REMOTE_USER})
# auth. backend. Use it if you want to have a singe login through
# apache http-basic-auth
# $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::HTTPBasicAuth';
# In case there is a leading domain in the REMOTE_USER, you can
# replace it by the next config option.
# $Self->{'Customer::AuthModule::HTTPBasicAuth::Replace'} = 'example_domain\\';
# Note:
# In case you need to replace some part of the REMOTE_USER, you can
# use the following RegExp ($1 will be new login).
# $Self->{'Customer::AuthModule::HTTPBasicAuth::ReplaceRegExp'} = '^(.+?)@.+?$';
# Defines a header name, that has to be present for customers to authenticate.
# $Self->{'Customer::AuthModule::HTTPBasicAuth::RequiredLoginHeader'} = 'RequiredHeader';
# Defines a header value, that has to be present in the required header for customers to authenticate.
# $Self->{'Customer::AuthModule::HTTPBasicAuth::RequiredLoginHeaderValue'} = 'RequiredHeaderValue';
# Defines a header value regular expression, that has to be present in the required header for customers to authenticate.
# $Self->{'Customer::AuthModule::HTTPBasicAuth::RequiredLoginHeaderValueRegExp'} = '^RequiredHeaderRegExp$';
# If you use this module, you should use as fallback the following
# config settings if user isn't login through apache ($ENV{REMOTE_USER})
# $Self->{CustomerPanelLoginURL} = 'http://host.example.com/not-authorised-for-otrs.html';
# $Self->{CustomerPanelLogoutURL} = 'http://host.example.com/thanks-for-using-otrs.html';
Customer User Back End - Radius¶
The settings shown in example below can be used to authenticate your customer users against a Radius server.
# This is example configuration to auth. agents against a radius server
# $Self->{'Customer::AuthModule'} = 'Kernel::System::Auth::Radius';
# $Self->{'Customer::AuthModule::Radius::Host'} = 'radiushost';
# $Self->{'Customer::AuthModule::Radius::Password'} = 'radiussecret';
多个客户用户后端¶
如果要使用多个客户用户数据源,则应使用数字扩展 CustomerUser 配置参数,如 CustomerUser1 和 CustomerUser2。
以下配置示例显示了同时使用数据库和LDAP客户用户后端的用法。
# Data source 1: customer user database back end and settings.
$Self->{CustomerUser1} = {
Name => 'Database Backend',
Module => 'Kernel::System::CustomerUser::DB',
Params => {
DSN => 'DBI:odbc:yourdsn',
DSN => 'DBI:mysql:database=customerdb;host=customerdbhost',
User => '',
Password => '',
Table => 'customer_user',
},
# Other setting here.
};
# Data source 2: customer user LDAP back end and settings.
$Self->{CustomerUser2} = {
Name => 'LDAP Backend',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'bay.csuhayward.edu',
BaseDN => 'ou=seas,o=csuh',
SSCOPE => 'sub',
UserDN => '',
UserPw => '',
AlwaysFilter => '',
Die => 0,
Params => {
port => 389,
timeout => 120,
async => 0,
version => 3,
},
},
# Other setting here.
};
可以集成多达10个不同的客户后端。 使用 客户用户 屏幕可以查看或编辑(假设已启用写权限)所有客户用户数据。
动态字段中的客户用户数据¶
有时,将客户用户数据直接存储在工单的动态字段中也很有用,例如,可以创建有关此数据的特殊统计信息。
当创建一个工单或修改了工单的客户时设置动态字段的值。动态字段的值来源于客户数据,这适用于所有的客户数据后端,但对LDAP后端特别有用。
若要激活这个可选的功能:
激活设置
Ticket::EventModulePost###4100-DynamicFieldFromCustomerUser。激活设置
DynamicFieldFromCustomerUser::Mapping。此设置包含应将哪个客户用户字段条目存储在哪个工单动态字段中的配置。如果系统中尚未存在动态字段,请创建动态字段。
在设置
Ticket::Frontend::AgentTicketFreeText###DynamicField中启用动态字段,这样就可以手动设置它们。注解
不得在以下设置中启用动态字段:
Ticket::Frontend::AgentTicketPhone###DynamicFieldTicket::Frontend::AgentTicketEmail###DynamicFieldTicket::Frontend::AgentTicketCustomer###DynamicField
如果启用了它们,则它们将优先于自动设置的值。