Chez Olivier, please find attached a working config; Auth against userdb and AD for agents and customers Have fun Wolfgang #--> activate LDAP
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self->{'AuthModule::LDAP::Host'} = 'dcserver'; $Self->{'AuthModule::LDAP::BaseDN'} = 'DC=x,DC=y,DC=z'; $Self->{'AuthModule::LDAP::UID'} = 'uid'; # ---------------------------------------------------------------------------- # -> see internal Asamer - LDAP settings $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName'; #<-- # The following is valid but would only be necessary if the # anonymous user do NOT have permission to read from the LDAP tree # ------------------------------------------------------------------------------------------------------------------------- # we have our own search-user defined for LDAP sync. functionality # ------------------------------------------------------------------------------------------------------------------------- # --> $Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=some_searchuser,OU=whatever,DC=x,DC=y,DC=z'; $Self->{'AuthModule::LDAP::SearchUserPw'} = 'somepassword'; #<-- # ------------------------------------------------------------------------------------------------------------------------- # in case you want to add always one filter to each ldap query, use # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)' # --> $Self->{'AuthModule::LDAP::AlwaysFilter'} = '(objectclass=user)'; # <-- # ------------------------------------------------------------------------------------------------------------------------- # in case you want to add a suffix to each login name, then # you can use this option. e. g. user just want to use user but # in your ldap directory exists u...@domain. # $Self->{'AuthModule::LDAP::UserSuffix'} = '@domain.com'; # In case you want to convert all given usernames to lower letters you # should activate this option. It might be helpfull if databases are # in use that do not distinguish selects for upper and lower case letters # (Oracle, postgresql). User might be synched twice, if this option # is not in use. # $Self->{'AuthModule::LDAP::UserLowerCase'} = 0; # In case you need to use OTRS in iso-charset, you can define this # by using this option (converts utf-8 data from LDAP to iso). $Self->{'AuthModule::LDAP::Charset'} = 'utf-8'; # --> activate LDAP # # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP) $Self->{'AuthModule::LDAP::Params'} = { port => 389, timeout => 120, #--> activate LDAP 120, async => 0, version => 3, }; # Sync $Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP'; $Self->{'AuthSyncModule::LDAP::Host'} = 'dcserver'; $Self->{'AuthSyncModule::LDAP::BaseDN'} = 'DC=x,DC=y,DC=z'; $Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName'; $Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'CN=some_searchuser,OU=whatever,DC=x,DC=y,DC=z'; $Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'somepassword'; $Self->{'AuthSyncModule::LDAP::UserSyncMap'} = { UserFirstname => 'givenName', UserLastname => 'sn', UserEmail => 'mail', }; # <-- # ------------------------------------------------------------------------------------------------------------------------- # Die if backend can't work, e. g. can't connect to server. # $Self->{'AuthModule::LDAP::Die'} = 1; # ---------------------------------------------------- # # UserSyncLDAPMap # ---------------------------------------------------- # # (map if agent should create/synced from LDAP to DB after login) $Self->{UserSyncLDAPMap} = { # DB -> LDAP UserFirstname => 'givenName', UserLastname => 'sn', UserEmail => 'mail', }; # UserSyncLDAPGroups # (If "LDAP" was selected for AuthModule, you can specify initial # user groups for first login.) #--> activate LDAP $Self->{UserSyncLDAPGroups} = ['user',]; # ==================================================== # # ---- LDAP/DB Customer Configuration settings ------ # # ==================================================== # # CustomerUser # (customer user database backend and settings) $Self->{CustomerUser} = { Name => 'Database Backend', Module => 'Kernel::System::CustomerUser::DB', Params => { Table => 'customer_user', }, # customer uniq id CustomerKey => 'login', # customer # CustomerID => 'customer_id', CustomerValid => 'valid_id', CustomerUserListFields => [ 'first_name', 'last_name', 'email' ], CustomerUserListFields => ['login', 'first_name', 'last_name', 'customer_id', 'email'], CustomerUserSearchFields => [ 'login', 'first_name', 'last_name', 'customer_id' ], CustomerUserSearchPrefix => '', CustomerUserSearchSuffix => '*', CustomerUserSearchListLimit => 250, CustomerUserPostMasterSearchFields => ['email'], CustomerUserNameFields => [ 'salutation', 'first_name', 'last_name' ], #CustomerUserEmailUniqCheck => 1,## # show now own tickets in customer panel, CompanyTickets #CustomerUserExcludePrimaryCustomerID => 0, # generate auto logins #AutoLoginCreation => 0, # generate auto login prefix #AutoLoginCreationPrefix => 'auto', # admin can change customer preferences #AdminSetPreferences => 1, # use customer company support (reference to company, See CustomerCompany settings) #CustomerCompanySupport => 1, # cache time to life in sec. - cache any database queris #CacheTTL => 0, # just a read only source ReadOnly => 1, Map => [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly, http-link-target # [ 'UserSalutation', 'Salutation', 'salutation', 1, 0, 'var', '', 0 ], [ 'UserFirstname', 'Firstname', 'first_name', 1, 1, 'var', '', 0 ], [ 'UserLastname', 'Lastname', 'last_name', 1, 1, 'var', '', 0 ], [ 'UserLogin', 'Username', 'login', 1, 1, 'var', '', 0 ], # [ 'UserPassword', 'Password', 'pw', 1, 1, 'var', '', 0 ], [ 'UserEmail', 'Email', 'email', 1, 1, 'var', '', 0 ], [ 'UserCustomerID', 'CustomerID', 'customer_id', 0, 1, 'var', '', 0 ], [ 'UserPhone', 'Phone', 'phone', 1, 0,'var', '', 0 ], [ 'UserMobile', 'Mobile', 'mobile', 1, 0,'var', '', 0 ], # [ 'UserEmail', 'Email', 'email',1, 1, 'var', '$Env{"CGIHandle"}?Action=AgentTicketCompose&ResponseID=1&TicketID=$Data{"TicketID"}&ArticleID=$Data{"ArticleID"}', 0 ], # [ 'UserCustomerIDs', 'CustomerIDs', 'customer_ids', 1, 0, 'var', '', 0 ], # [ 'UserComment', 'Comment', 'comments', 1, 0, 'var', '', 0 ], # [ 'ValidID', 'Valid', 'valid_id', 0, 1, 'int', '', 0 ], ], # default selections # Selections => { # UserSalutation => { # 'Mr.' => 'Mr.', # 'Mrs.' => 'Mrs.', # }, # }, }; # =================================================== # LDAP Customer User Authentication [WF] # =================================================== $Self->{CustomerUser1} = { Name => 'Active Directory <holding.ah>', Module => 'Kernel::System::CustomerUser::LDAP', Params => { Host => 'aohdc03.asamer.holding.ah', BaseDN => 'DC=holding,DC=ah', SSCOPE => 'sub', UserDN => 'CN=some_searchuser,OU=whatever,DC=x,DC=y,DC=z', UserPw => 'somepassword', AlwaysFilter => '(objectclass=user)', DestCharset => 'iso-8859-1', SourceCharset => 'utf-8', Params => { port => 3268, timeout => 120, async => 0, version => 3, }, }, CustomerKey => 'sAMAccountName', CustomerID => 'mail', CustomerUserListFields => ['cn', 'mail'], CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchListLimit => 250, CustomerUserPostMasterSearchFields => ['mail'], CustomerUserNameFields => ['givenname', 'sn'], CustomerUserExcludePrimaryCustomerID => 0, AdminSetPreferences => 0, Map => [ #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var', '', 0 ], [ 'UserFirstname', 'Firstname', 'givenname', 1, 1,'var', '', 0 ], [ 'UserLastname', 'Lastname', 'sn', 1, 1,'var', '', 0 ], [ 'UserLogin', 'Username', 'sAMAccountName', 1, 1,'var', '', 0 ], [ 'UserEmail', 'Email', 'mail', 1, 1,'var', '', 0 ], [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1,'var', '', 0 ], [ 'UserPhone', 'Phone', 'phone', 1, 0,'var', '', 0 ], [ 'UserMobile', 'Mobile', 'mobile', 1, 0,'var', '', 0 ], # [ 'UserAddress', 'Address', 'postaladdress', 1, 0,'var', '', 0 ], # [ 'UserComment', 'Comment', 'description', 1, 0,'var', '', 0 ], ], }; # This is the auth. module againt the otrs db $Self->{'Customer::AuthModule1'} = 'Kernel::System::CustomerAuth::DB'; $Self->{'Customer::AuthModule::DB::Table1'} = 'customer_user'; $Self->{'Customer::AuthModule::DB::CustomerKey1'} = 'login'; $Self->{'Customer::AuthModule::DB::CustomerPassword1'} = 'pw'; $Self->{'Customer::AuthModule2'} = 'Kernel::System::CustomerAuth::LDAP'; $Self->{'Customer::AuthModule::LDAP::Host2'} = 'dcserver'; $Self->{'Customer::AuthModule::LDAP::BaseDN2'} = 'DC=x,DC=y'; $Self->{'Customer::AuthModule::LDAP::UID2'} = 'sAMAccountName'; $Self->{'Customer::AuthModule::LDAP::SearchUserDN2'} = 'CN=some_searchuser,OU=whatever,DC=x,DC=y,DC=z'; $Self->{'Customer::AuthModule::LDAP::SearchUserPw2'} = 'somepassword'; $Self->{'Customer::AuthModule::LDAP::AlwaysFilter2'} = '(objectclass=user)'; $Self->{'Customer::AuthModule::LDAP::Params2'} = { port => 3268, timeout => 120, async => 0, version => 3, }; # ---------------------------------------------------- # # # # ---------------------------------------------------- # $Self->{PostmasterDefaultQueue} = 'Postmaster'; # ---------------------------------------------------- # # # # End of your own config options!!! # # # # ---------------------------------------------------- # # ---------------------------------------------------- # } # ---------------------------------------------------- # # needed system stuff (don't edit this) # # ---------------------------------------------------- # use strict; use warnings; use vars qw(@ISA $VERSION); use Kernel::Config::Defaults; push (@ISA, 'Kernel::Config::Defaults'); use vars qw(@ISA $VERSION); $VERSION = qw($Revision: 1.20 $)[1]; # -----------------------------------------------------# 1; ________________________________ Von: otrs-boun...@otrs.org [mailto:otrs-boun...@otrs.org] Im Auftrag von olivier.villege...@sic.nc Gesendet: Donnerstag, 04. Juni 2009 08:11 An: otrs@otrs.org Betreff: [otrs] OTRS and Active Directory Hi, I have recently install OTRS and I want connect it to my Active Directory. I have found an example in the docs but I don't see which file I need to edit, ... Can you help me ? Regards, _____________________ Olivier VILLEGENTE Administrateur système & réseau Société Immobilière de Nouvelle-Calédonie Tél : (687) 28.03.78 Fax : (687) 28.43.56 e-Mail : olivier.villege...@sic.nc
--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/