Hi, I've manually installed v2.2.1 on Debian Etch and I'm working my way through the configuration process. I have LDAP Authentication working for both Agents and Users.
What I'm not clear about is whether I need to create the initial agent and user accounts in OTRS. At the moment I do. I have the AD users in two groups OTRS-Agents and OTRS-Users, I though this distinction would be used to autocreate the initial accounts on first login. Is that right ? Here the LDAP settings I'm using (thanks to all the usful posts in the archive, etc) #------------------------------------------------------# # LDAP CONFIGURATION # #------------------------------------------------------# my $ldapuser='cn=otrs,cn=Users,dc=xxx,dc=xxx'; my $ldapuserpw='xxxx'; my $ldaphost='x.x.x.x'; my $basedn='OU=Institute,dc=xxx,dc=xxx'; my $agentgroupdn='cn=OTRS-Agents,ou=Groups,dc=xxx,dc=xxx'; my $custgroupdn='cn=OTRS-Users,ou=Groups,dc=xxx,dc=xxx'; #Agents to use LDAP for Auth $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self->{'AuthModule::LDAP::Host'} = $ldaphost; $Self->{'AuthModule::LDAP::BaseDN'} = $basedn; $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self->{'AuthModule::LDAP::SearchUserDN'} =$ldapuser; $Self->{'AuthModule::LDAP::SearchUserPw'} = $ldapuserpw; #Users to Auth using LDAP $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self->{'Customer::AuthModule::LDAP::Host'} = $ldaphost; $Self->{'Customer::AuthModule::LDAP::BaseDN'} =$basedn; $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} =$ldapuser; $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} =$ldapuserpw; $Self->{CustomerUser} = { Module => 'Kernel::System::CustomerUser::LDAP', Params => { Host => $ldaphost, BaseDN => $basedn, SSCOPE => 'sub', UserDN => $ldapuser, UserPw => $ldapuserpw, AlwaysFilter => '(mail=*)', }, CustomerKey => 'sAMAccountName', CustomerID => 'sAMAccountName', CustomerUserListFields => ['displayName'], CustomerUserSearchFields => ['displayName', 'sAMAccountName'], CustomerUserPostMasterSearchFields => ['sAMAccountName'], CustomerUserNameFields => ['givenName', 'sn'], Map => [ [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ], [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ], [ 'UserCustomerID', 'CustomerID', 'Name', 0, 1, 'var' ], ], }; $Self->{'AuthModule::LDAP::GroupDN'} =$agentgroupdn; $Self->{'AuthModule::LDAP::AccessAttr'} = 'member'; $Self->{'AuthModule::LDAP::UserAttr'} = 'DN'; $Self->{'Customer::AuthModule::LDAP::GroupDN'} = $custgroupdn; $Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member'; $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN'; # UserSyncLDAPMap $Self->{UserSyncLDAPMap} = { Firstname => 'givenName', Lastname => 'sn', Email => 'mail', }; # UserSyncLDAPGroups # (If "LDAP" was selected for AuthModule, you can specify # initial user groups for first login.) $Self->{UserSyncLDAPGroups} = [ 'users', ]; I guess if we have to create accounts we will, but it would seem like a step which could be automated as the group membership determines the need and AD provides the details. Help welcomed. Thanks Matthew Joyce 02 9382 0051 | IT Manager | Children's Cancer Institute Australia for Medical Research
_______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support or consulting for your OTRS system? => http://www.otrs.com/