Problem:
When using LDAP to populate customer user information, the list of users in
"admin -> customer user" not only displays user account names, it also
displays group names and computer names. If computers and groups are found
before user accounts, then the list is quickly maxed out at its default
limit of 200 searches, but contains no useable information for user
accounts.
Cause:
This behavior is caused by the search filter that is in:
/Kernel/System/CustomerUser/LDAP.pm
sub CustomerUserList
The filter reads as follows:
filter => "($Self->{CustomerKey}=*)",
The filter tells the LDAP search to look for every single object that has a
$Self->{CustomerKey}. IIRC, the default CustomerKey is "cn". Active
directory uses "sAMAccountName". Regardless of the key, these attributes
are typically something that is possessed by every object in an LDAP source
- user, group, and computer.
Resolution:
The filter can be changed to eliminate the display of computers and groups
as follows:
filter =>
"(objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=nspnet,DC=net)"
Drawbacks:
Changing the filter causes the search to be slowed down by a few seconds.
Searching 200 records now takes about 5 seconds instead of the normal 1-2.
Other:
This is currently a trivial matter because LDAP source cannot currently be
modified from OTRS. Since it cannot be modified, there is really no point
in using the "customer user" link. It doesn't do anything except display a
complete list of names as defined by "CustomerKey" and "CustomerID".
However, if LDAP modification is ever supported in the future, then I
believe this fix will become significantly more important.
Regards,
Tyler Hepworth
_______________________________________________
OTRS mailing list: dev - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/dev
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/dev
