I'm trying to authenticate otrs with our W2K server using ActiveDir. This solution seems perfect for our organization since we are requiring a help desk and we already have about a thousand AD users. I have been using Linux and LDAP for years and I tough this wouldn't be that hard... and it was.
My problem is that I'm able to authenticate agents -well, just the one that is in mysql and in AD- but I'm not able to authenticate clients -regular AD users- to the customer.pl interface.
I'm copying the config stuff in case anybody sees anything wrong, BTW, I have tweaked some of the sAMAccount parts just for testing
Thanks for your help
Vlad
#agentes
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'w2k';
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=domain, dc=com';
$Self->{'AuthModule::LDAP::UID'} = 'userPrincipalName';
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'cn=Soporte Consultores, cn=Users, dc=domainx, dc=com';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'pass';
#$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
#---------------Clientes---------------------------------------#
$Self->{CustomerDefaultState} = 'new';
$Self->{CustomerUser} = {
Name => 'LDAP Source',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
# ldap host
Host => 'w2k',
# ldap base dn
BaseDN => 'DC=doamin,DC=com',
# search scope (one|sub)
SSCOPE => 'sub',
# The following is valid but would only be necessary if the
# anonymous user does NOT have permission to read from the LDAP tree
# Absolutely necessary for Active Directory
UserDN => 'cn=Soporte Consultores, cn=Users, dc=domain, dc=com',
UserPw => 'passwd',
},
# customer uniq id
CustomerKey => 'sAMAccountName',
# customer #
CustomerID => 'mail',
CustomerUserListFields => ['givenname', 'sn', 'mail'],
CustomerUserSearchFields => ['displayName','sAMAccountName','givenname', 'sn', 'mail','description'],
CustomerUserPostMasterSearchFields => ['displayName','sAMAccountName','givenname','sn','mail','description'],
#CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'url', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
#------------------------------------------------------#
# Customer LDAP Authentication #
#------------------------------------------------------#
# This is an example configuration for an LDAP auth. backend.
# (take care that Net::LDAP is installed!)
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'w2k';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=domain,dc=com';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'CN=otrs,OU=Gente,DC=domain,DC=com';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'pass';
_______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? => http://www.otrs.de/
