Hi there,
My name is Jeroen van Meeuwen, and I'm relatively new to OTRS.
I wanted to acquire some feedback on the following scenario, since I didn't
seem to able to simply deploy it using current OTRS functionality.
Kolab Systems AG is the vendor for Kolab Groupware solutions, and as such
mostly supports it's customers through a Partner channel system. In a
nutshell, Partners help the customer and Kolab Systems helps the partners.
Long story short, these Parters (to us) are Customer Companies, and so
inherently we want all employees of a partner to have all tickets logged by
any other employee of that partner be available in their customer interface.
Since we are using a centralized LDAP backend for both agents and customer
authentication, it seems that the proper solution suggested in the OTRS
documentation, is to make one or the other LDAP attribute represent a list of
"CustomerIDs", and use it to attach such attribute to a single customer LDAP
entry.
However, considering we need this to be a full mesh, the administrative
overhead would be enormous.
Since, also, this is a business related effort, we can safely assume that
partner employees all have the same domain name space for their email
addresses. Ergo, [email protected] is very likely to work for the same
company as [email protected].
I've implemented the following functionality;
In otrs/Kernel/System/CustomerUser.pm, instead of populating the CustomerIDs
the user also has access to through a list of CustomerIDs from an LDAP
attribute, I use the @company.com part of the email address and simply find
other people also using @company.com (and stuff those email addresses in the
@CustomerIDs list).
Now, the implementation I've done is simple, dirty and quick (patch attached).
However, since the application may help many more organizations, and since
Kolab Systems is a very much FOSS-minded company, they are willing to let me
work on this with you.
That is, of course, if you find it sufficiently interesting to have this
developed a little more/better as well ;-)
Thanks in advance,
--
Jeroen van Meeuwen
Senior Engineer, Kolab Systems AG
e: [email protected]
t: +316 42 801 403
w: http://www.kolabsys.com
pgp: 9342 BF08
diff --git a/Kernel/System/CustomerUser/LDAP.pm b/Kernel/System/CustomerUser/LDAP.pm
index ca500b5..fcb46f7 100644
--- a/Kernel/System/CustomerUser/LDAP.pm
+++ b/Kernel/System/CustomerUser/LDAP.pm
@@ -487,37 +487,28 @@ sub CustomerIDs {
# get customer data
my %Data = $Self->CustomerUserDataGet( User => $Param{User}, );
- # there are multi customer ids
- my @CustomerIDs;
- if ( $Data{UserCustomerIDs} ) {
+ $Self->{LogObject}->Log( Priority => 'debug', Message => "Customer data says data is $Data{UserCustomerID}!" );
- # used seperators
- for my $Split ( ';', ',', '|' ) {
+ my @Domain = split /@/, $Data{UserCustomerID};
- # next if seperator is not there
- next if $Data{UserCustomerIDs} !~ /\Q$Split\E/;
+ $Self->{LogObject}->Log( Priority => 'debug', Message => "Customer data says domain is $Domain[1]!" );
- # split it
- my @IDs = split /\Q$Split\E/, $Data{UserCustomerIDs};
- for my $ID (@IDs) {
- $ID =~ s/^\s+//g;
- $ID =~ s/\s+$//g;
- push @CustomerIDs, $ID;
- }
- last;
- }
+ my $Filter = '(&(mail=*@' . $Domain[1] . ')(objectClass=organizationalPerson))';
- # fallback if no seperator got found
- if ( !...@customerids ) {
- $Data{UserCustomerIDs} =~ s/^\s+//g;
- $Data{UserCustomerIDs} =~ s/\s+$//g;
- push @CustomerIDs, $Data{UserCustomerIDs};
- }
- }
+ # Search group using domain name
+ my $Result = $Self->{LDAP}->search(
+ base => $Self->{BaseDN},
+ scope => $Self->{SScope},
+ filter => $Filter,
+ sizelimit => $Self->{UserSearchListLimit},
+ );
- # use also the primary customer id
- if ( $Data{UserCustomerID} && !$Self->{ExcludePrimaryCustomerID} ) {
- push @CustomerIDs, $Data{UserCustomerID};
+ # there are multi customer ids
+ my @CustomerIDs;
+
+ for my $entry ( $Result->all_entries ) {
+ $Self->{LogObject}->Log( Priority => 'debug', Message => "Found an apparent colleague: " . $Self->_Convert( $entry->get_value( 'mail' ) ) );
+ push @CustomerIDs, $Self->_Convert( $entry->get_value( 'mail' ) );
}
# cache request
---------------------------------------------------------------------
OTRS mailing list: dev - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/dev
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/dev
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/
