Hi,
I've manually installed v2.2.1 on Debian Etch and I'm working my way
through the configuration process.
I have LDAP Authentication working for both Agents and Users.
What I'm not clear about is whether I need to create the initial agent
and user accounts in OTRS.
At the moment I do.
I have the AD users in two groups OTRS-Agents and OTRS-Users, I though
this distinction would be used to autocreate the initial accounts on
first login.
Is that right ?
Here the LDAP settings I'm using (thanks to all the usful posts in the
archive, etc)
#------------------------------------------------------#
# LDAP CONFIGURATION #
#------------------------------------------------------#
my $ldapuser='cn=otrs,cn=Users,dc=xxx,dc=xxx';
my $ldapuserpw='xxxx';
my $ldaphost='x.x.x.x';
my $basedn='OU=Institute,dc=xxx,dc=xxx';
my $agentgroupdn='cn=OTRS-Agents,ou=Groups,dc=xxx,dc=xxx';
my $custgroupdn='cn=OTRS-Users,ou=Groups,dc=xxx,dc=xxx';
#Agents to use LDAP for Auth
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = $ldaphost;
$Self->{'AuthModule::LDAP::BaseDN'} = $basedn;
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::SearchUserDN'} =$ldapuser;
$Self->{'AuthModule::LDAP::SearchUserPw'} = $ldapuserpw;
#Users to Auth using LDAP
$Self->{'Customer::AuthModule'} =
'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = $ldaphost;
$Self->{'Customer::AuthModule::LDAP::BaseDN'} =$basedn;
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} =$ldapuser;
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} =$ldapuserpw;
$Self->{CustomerUser} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => $ldaphost,
BaseDN => $basedn,
SSCOPE => 'sub',
UserDN => $ldapuser,
UserPw => $ldapuserpw,
AlwaysFilter => '(mail=*)',
},
CustomerKey => 'sAMAccountName',
CustomerID => 'sAMAccountName',
CustomerUserListFields => ['displayName'],
CustomerUserSearchFields => ['displayName', 'sAMAccountName'],
CustomerUserPostMasterSearchFields => ['sAMAccountName'],
CustomerUserNameFields => ['givenName', 'sn'],
Map => [
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'Name', 0, 1, 'var' ],
],
};
$Self->{'AuthModule::LDAP::GroupDN'} =$agentgroupdn;
$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
$Self->{'Customer::AuthModule::LDAP::GroupDN'} = $custgroupdn;
$Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN';
# UserSyncLDAPMap
$Self->{UserSyncLDAPMap} = {
Firstname => 'givenName',
Lastname => 'sn',
Email => 'mail',
};
# UserSyncLDAPGroups
# (If "LDAP" was selected for AuthModule, you can specify
# initial user groups for first login.)
$Self->{UserSyncLDAPGroups} = [
'users',
];
I guess if we have to create accounts we will, but it would seem like a
step which could be automated as the group membership determines the
need and AD provides the details.
Help welcomed.
Thanks
Matthew Joyce
02 9382 0051 | IT Manager | Children's Cancer Institute Australia for
Medical Research
_______________________________________________
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support or consulting for your OTRS system?
=> http://www.otrs.com/
