Re: [otrs] LDAP tls authentication Fun

Thu, 06 Aug 2009 07:08:51 -0700 

2009/8/6 Mauricio Tavares <raubvo...@gmail.com>:

>        I have no problems if otrs cannot edit ldap. What I would like is to
> be able to define which group someone belongs to in ldap and then otrs will
> see the groups memberships and then grant the said user rights according to
> the memberships.

I'm kinda guessing here but you may be able to find more with a quick google;
I think the following piece of config will add any user, who logs in
for the first time, to the specified group in OTRS

    # AuthSyncModule::LDAP::UserSyncInitialGroups
    # (sync following group with rw permission after initial create of
first agent
    # login)
    $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
        'users',
    ];

But that could be syncing groups from ldap to the DB. I know I've seen
more about this in the docs or on this list but I havn't found it yet.


>        Well, what I have found so far (I might be wrong) is that the user
> has to be in the local db; the password can be kept in ldap but you have to
> create an user in otrs. What I did was after setting ldap up, I tried to
> login as one of the users from the ldap group (cn=users) I gave otrs as the
> GroupDN. It cheerfully ignored that user. THen I created an user with the
> same username inside otrs but did not give a password. I was able to login
> as the said user.

That's fits with how I understand this to work. If you don't have the
sync config added it doesn't know to pull the user from ldap so it
can't find them in the DB and fails. Once you create them in the DB
you're golden.
The sync has the benefit that you can pull across some extra info into
the DB e.g.;

    $Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
        # DB -> LDAP
        UserFirstname => 'givenName',
        UserLastname  => 'sn',
        UserEmail     => 'mail',
    };

I wonder if that can be used to pull across the group info too?

>> My ideas on this are all open to questioning tho as I don't know this for
>> fact.
>>
>        Do you think I do? =) I am still figuring this program out.

I was kinda hoping somebody was gonna come along and tell that I was right :)

Rory
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/

Reply via email to