[itsm] Several LDAP auth checks

Wed, 24 Jun 2009 00:44:32 -0700 

Good day!
I have this kind of problem.
Somewhere over Interet I saw a possibility to add a several LDAP servers for 
authentication and authorization, but I can't find this solution right now.

Could you tell me how can I achive this?
Right now, I have one MS Active Directory with 2 groups: otrs_admins and 
otrs_users. The first one contains administrators, the second one - users.

My LDAP auth works well. But the LDAP's groupDN parameter I have to set to DN 
'CN=OTRS_USERS,CN=Users,...'.  
My admins are in OTRS_USERS and OTRS_ADMIN groups.
Users are in OTRS_USERS group.

This is my configuration:

$Self->{'UserSyncLDAPGroupsDefinition'} = {
        # ldap group
        'CN=OTRS_USERS,CN=Users,DC=td,DC=kms' => {
            # otrs users
            'admin' => {
                # permission
                rw => 0,
                ro => 0,
            },
            'faq' => {
                # permission
                rw => 1,
                ro => 1,
            },
            'faq_admin' => {
                # perm
                rw => 0,
                ro => 1,
            },
            'itsm-configitem' => {
                # perm
                rw => 0,
                ro => 1,
            },
            'itsm-service' => {
                # perm
                rw => 0,
                ro => 1,
            },
            'stats' => {
                # perm
                rw => 0,
                ro => 1,
            },
            'time_accounting' => {
                # perm
                rw => 0,
                ro => 1,
            },
            'users' => {
                # perm
                rw => 0,
                ro => 1,
            },
        },
        'CN=OTRS_ADMINS,CN=Users,DC=td,DC=kms' => {
            # otrs admins
            'admin' => {
                # permission
                rw => 1,
                ro => 1,
            },
            'faq' => {
                # permission
                rw => 1,
                ro => 1,
            },
            'faq_admin' => {
                # perm
                rw => 1,
                ro => 1,
            },
            'itsm-configitem' => {
                # perm
                rw => 1,
                ro => 1,
            },
            'itsm-service' => {
                # perm
                rw => 1,
                ro => 1,
            },
            'stats' => {
                # perm
                rw => 1,
                ro => 1,
            },
            'time_accounting' => {
                # perm
                rw => 1,
                ro => 1,
            },
            'users' => {
                # perm
                rw => 1,
                ro => 1,
            },
        },
    }

    # UserSyncLDAPMap
    # (map if agent should create/synced from LDAP to DB after login)
    $Self->{UserSyncLDAPMap} = {
        # DB -> LDAP
        UserFirstname => 'givenName',
        UserLastname => 'sn',
        UserEmail => 'mail'
    };
    # UserSyncLDAPGroups
    # (If "LDAP" was selected for AuthModule, you can specify initial
    # user groups for first login.)
    $Self->{UserSyncLDAPGroups} = [
        'OTRS_USERS','OTRS_ADMINS'
    ];

But when I try to do this, my admins gets only user's rights, not 
administrator's. How can I solve this?
---------------------------------------------------------------------
OTRS mailing list: itsm - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/itsm
To unsubscribe: http://lists.otrs.org/mailman/listinfo/itsm

NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/

Reply via email to