Chez Olivier,
please find attached a working config; Auth against userdb and AD for agents
and customers
Have fun
Wolfgang
#--> activate LDAP
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'dcserver';
$Self->{'AuthModule::LDAP::BaseDN'} = 'DC=x,DC=y,DC=z';
$Self->{'AuthModule::LDAP::UID'} = 'uid';
# ----------------------------------------------------------------------------
# -> see internal Asamer - LDAP settings
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
#<--
# The following is valid but would only be necessary if the
# anonymous user do NOT have permission to read from the LDAP tree
#
-------------------------------------------------------------------------------------------------------------------------
# we have our own search-user defined for LDAP sync. functionality
#
-------------------------------------------------------------------------------------------------------------------------
# -->
$Self->{'AuthModule::LDAP::SearchUserDN'} =
'CN=some_searchuser,OU=whatever,DC=x,DC=y,DC=z';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'somepassword';
#<--
#
-------------------------------------------------------------------------------------------------------------------------
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter =>
'(objectclass=user)'
# -->
$Self->{'AuthModule::LDAP::AlwaysFilter'} = '(objectclass=user)'; # <--
#
-------------------------------------------------------------------------------------------------------------------------
# in case you want to add a suffix to each login name, then
# you can use this option. e. g. user just want to use user but
# in your ldap directory exists u...@domain.
# $Self->{'AuthModule::LDAP::UserSuffix'} = '@domain.com';
# In case you want to convert all given usernames to lower letters you
# should activate this option. It might be helpfull if databases are
# in use that do not distinguish selects for upper and lower case letters
# (Oracle, postgresql). User might be synched twice, if this option
# is not in use.
# $Self->{'AuthModule::LDAP::UserLowerCase'} = 0;
# In case you need to use OTRS in iso-charset, you can define this
# by using this option (converts utf-8 data from LDAP to iso).
$Self->{'AuthModule::LDAP::Charset'} = 'utf-8';
# --> activate LDAP
# # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120, #--> activate LDAP 120,
async => 0,
version => 3,
};
# Sync
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = 'dcserver';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'DC=x,DC=y,DC=z';
$Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} =
'CN=some_searchuser,OU=whatever,DC=x,DC=y,DC=z';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'somepassword';
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
# <--
#
-------------------------------------------------------------------------------------------------------------------------
# Die if backend can't work, e. g. can't connect to server.
# $Self->{'AuthModule::LDAP::Die'} = 1;
# ---------------------------------------------------- #
# UserSyncLDAPMap
# ---------------------------------------------------- #
# (map if agent should create/synced from LDAP to DB after login)
$Self->{UserSyncLDAPMap} = {
# DB -> LDAP
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
# UserSyncLDAPGroups
# (If "LDAP" was selected for AuthModule, you can specify initial
# user groups for first login.)
#--> activate LDAP
$Self->{UserSyncLDAPGroups} = ['user',];
# ==================================================== #
# ---- LDAP/DB Customer Configuration settings ------ #
# ==================================================== #
# CustomerUser
# (customer user database backend and settings)
$Self->{CustomerUser} = {
Name => 'Database Backend',
Module => 'Kernel::System::CustomerUser::DB',
Params => {
Table => 'customer_user',
},
# customer uniq id
CustomerKey => 'login',
# customer #
CustomerID => 'customer_id',
CustomerValid => 'valid_id',
CustomerUserListFields => [ 'first_name', 'last_name', 'email' ],
CustomerUserListFields => ['login', 'first_name', 'last_name', 'customer_id',
'email'],
CustomerUserSearchFields => [ 'login', 'first_name', 'last_name', 'customer_id'
],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['email'],
CustomerUserNameFields => [ 'salutation', 'first_name', 'last_name' ],
#CustomerUserEmailUniqCheck => 1,##
# show now own tickets in customer panel, CompanyTickets
#CustomerUserExcludePrimaryCustomerID => 0,
# generate auto logins
#AutoLoginCreation => 0,
# generate auto login prefix
#AutoLoginCreationPrefix => 'auto',
# admin can change customer preferences
#AdminSetPreferences => 1,
# use customer company support (reference to company, See CustomerCompany
settings)
#CustomerCompanySupport => 1,
# cache time to life in sec. - cache any database queris
#CacheTTL => 0,
# just a read only source
ReadOnly => 1,
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown (1=always,2=lite), required, storage-type,
http-link, readonly, http-link-target
# [ 'UserSalutation', 'Salutation', 'salutation', 1, 0, 'var', '', 0 ],
[ 'UserFirstname', 'Firstname', 'first_name', 1, 1, 'var', '', 0 ],
[ 'UserLastname', 'Lastname', 'last_name', 1, 1, 'var', '', 0 ],
[ 'UserLogin', 'Username', 'login', 1, 1, 'var', '', 0 ],
# [ 'UserPassword', 'Password', 'pw', 1, 1, 'var', '', 0 ],
[ 'UserEmail', 'Email', 'email', 1, 1, 'var', '', 0 ],
[ 'UserCustomerID', 'CustomerID', 'customer_id', 0, 1, 'var', '', 0 ],
[ 'UserPhone', 'Phone', 'phone', 1, 0,'var', '', 0 ],
[ 'UserMobile', 'Mobile', 'mobile', 1, 0,'var', '', 0 ],
# [ 'UserEmail', 'Email', 'email',1, 1, 'var',
'$Env{"CGIHandle"}?Action=AgentTicketCompose&ResponseID=1&TicketID=$Data{"TicketID"}&ArticleID=$Data{"ArticleID"}',
0 ],
# [ 'UserCustomerIDs', 'CustomerIDs', 'customer_ids', 1, 0, 'var', '', 0 ],
# [ 'UserComment', 'Comment', 'comments', 1, 0, 'var', '', 0 ],
# [ 'ValidID', 'Valid', 'valid_id', 0, 1, 'int', '', 0 ],
],
# default selections
# Selections => {
# UserSalutation => {
# 'Mr.' => 'Mr.',
# 'Mrs.' => 'Mrs.',
# },
# },
};
# ===================================================
# LDAP Customer User Authentication [WF] #
===================================================
$Self->{CustomerUser1} = {
Name => 'Active Directory <holding.ah>',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'aohdc03.asamer.holding.ah',
BaseDN => 'DC=holding,DC=ah',
SSCOPE => 'sub',
UserDN => 'CN=some_searchuser,OU=whatever,DC=x,DC=y,DC=z',
UserPw => 'somepassword',
AlwaysFilter => '(objectclass=user)',
DestCharset => 'iso-8859-1',
SourceCharset => 'utf-8',
Params => {
port => 3268,
timeout => 120,
async => 0,
version => 3,
},
},
CustomerKey => 'sAMAccountName',
CustomerID => 'mail',
CustomerUserListFields => ['cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
CustomerUserExcludePrimaryCustomerID => 0,
AdminSetPreferences => 0,
Map => [
#[ 'UserSalutation', 'Title', 'title', 1, 0, 'var', '', 0 ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1,'var', '', 0 ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1,'var', '', 0 ],
[ 'UserLogin', 'Username', 'sAMAccountName', 1, 1,'var', '', 0 ],
[ 'UserEmail', 'Email', 'mail', 1, 1,'var', '', 0 ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1,'var', '', 0 ],
[ 'UserPhone', 'Phone', 'phone', 1, 0,'var', '', 0 ],
[ 'UserMobile', 'Mobile', 'mobile', 1, 0,'var', '', 0 ],
# [ 'UserAddress', 'Address', 'postaladdress', 1, 0,'var', '', 0 ],
# [ 'UserComment', 'Comment', 'description', 1, 0,'var', '', 0 ],
],
};
# This is the auth. module againt the otrs db
$Self->{'Customer::AuthModule1'} = 'Kernel::System::CustomerAuth::DB';
$Self->{'Customer::AuthModule::DB::Table1'} = 'customer_user';
$Self->{'Customer::AuthModule::DB::CustomerKey1'} = 'login';
$Self->{'Customer::AuthModule::DB::CustomerPassword1'} = 'pw';
$Self->{'Customer::AuthModule2'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host2'} = 'dcserver';
$Self->{'Customer::AuthModule::LDAP::BaseDN2'} = 'DC=x,DC=y';
$Self->{'Customer::AuthModule::LDAP::UID2'} = 'sAMAccountName';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN2'} =
'CN=some_searchuser,OU=whatever,DC=x,DC=y,DC=z';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw2'} = 'somepassword';
$Self->{'Customer::AuthModule::LDAP::AlwaysFilter2'} = '(objectclass=user)';
$Self->{'Customer::AuthModule::LDAP::Params2'} = {
port => 3268,
timeout => 120,
async => 0,
version => 3,
};
# ---------------------------------------------------- #
# #
# ---------------------------------------------------- #
$Self->{PostmasterDefaultQueue} = 'Postmaster';
# ---------------------------------------------------- #
# #
# End of your own config options!!! #
# #
# ---------------------------------------------------- #
# ---------------------------------------------------- # }
# ---------------------------------------------------- #
# needed system stuff (don't edit this) #
# ---------------------------------------------------- # use strict; use
warnings;
use vars qw(@ISA $VERSION);
use Kernel::Config::Defaults;
push (@ISA, 'Kernel::Config::Defaults');
use vars qw(@ISA $VERSION);
$VERSION = qw($Revision: 1.20 $)[1];
# -----------------------------------------------------#
1;
________________________________
Von: otrs-boun...@otrs.org [mailto:otrs-boun...@otrs.org] Im Auftrag von
olivier.villege...@sic.nc
Gesendet: Donnerstag, 04. Juni 2009 08:11
An: otrs@otrs.org
Betreff: [otrs] OTRS and Active Directory
Hi,
I have recently install OTRS and I want connect it to my Active Directory. I
have found an example in the docs but I don't see which file I need to edit,
... Can you help me ?
Regards,
_____________________
Olivier VILLEGENTE
Administrateur système & réseau
Société Immobilière de Nouvelle-Calédonie
Tél : (687) 28.03.78
Fax : (687) 28.43.56
e-Mail : olivier.villege...@sic.nc
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/
