Hi Michiel,
Thanks for the info. I'm trying to use the SyncRolesDefinition and
I've added the following to the config;
# Sync LDAP group to role in OTRS
# AuthSyncModule::LDAP::UserSyncRolesDefinition
$Self->{'AuthSyncModule::LDAP::UserSyncRolesDefinition'} = {
# ldap group
'CN=IT,OU=Groups,OU=IT,OU=Departments' => {
# otrs role
'r_IT' => 1,
},
};
I prefix all my roles in otrs with r_ to try to keep things clear
(group with g_ too)
Support my 365 Challenge in aid of the Irish Cancer Society
www.365challenge.ie
2009/8/7 Michiel Beijen <mich...@beefreeit.nl>:
> Hi Rory and Mauricio,
>
> Let me first state that if you have configured the AuthSyncModule the
> OTRS will sync agent data every time a user logs in to OTRS. If you'd
> change the user properties in active directory; they would be updated
> in OTRS as soon as the agent logs in.
> And of course, if the account is disabled in the AD, the user will not
> be able to log in to OTRS.
>
> the UserSyncInitialGroups can be used to define a standard group for
> every user from a certain source. For instance, you could define it so
> that every LDAP user is automatically put in the groups Users and FAQ.
>
> If you would like to manage your OTRS groups from your LDAP source,
> that is also possible. Please look into the Defaults.pm file, under
> UserSyncGroupsDefinition: modify, unquote and put into your Custom.pm
>
> Regards,
>
> Michiel
>
> # AuthSyncModule::LDAP::UserSyncGroupsDefinition
> # (If "LDAP" was selected for AuthModule and you want to sync LDAP
> # groups to otrs groups, define the following.)
> # $Self->{'AuthSyncModule::LDAP::UserSyncGroupsDefinition'} = {
> # # ldap group
> # 'cn=agent,o=otrs' => {
> # # otrs group
> # 'admin' => {
> # # permission
> # rw => 1,
> # ro => 1,
> # },
> # 'faq' => {
> # rw => 0,
> # ro => 1,
> # },
> # },
> # 'cn=agent2,o=otrs' => {
> # 'users' => {
> # rw => 1,
> # ro => 1,
> # },
> # }
> # };
>
> # AuthSyncModule::LDAP::UserSyncRolesDefinition
> # (If "LDAP" was selected for AuthModule and you want to sync LDAP
> # groups to otrs roles, define the following.)
> # $Self->{'AuthSyncModule::LDAP::UserSyncRolesDefinition'} = {
> # # ldap group
> # 'cn=agent,o=otrs' => {
> # # otrs role
> # 'role1' => 1,
> # 'role2' => 0,
> # },
> # 'cn=agent2,o=otrs' => {
> # 'role3' => 1,
> # }
> # };
>
>
>
> --
> Michiel Beijen
> Software Consultant
> +31 6 - 457 42 418
> Bee Free IT + http://beefreeit.nl
>
>
>
> On Thu, Aug 6, 2009 at 16:08, Rory<rcler...@gmail.com> wrote:
>> 2009/8/6 Mauricio Tavares <raubvo...@gmail.com>:
>>
>>> I have no problems if otrs cannot edit ldap. What I would like is to
>>> be able to define which group someone belongs to in ldap and then otrs will
>>> see the groups memberships and then grant the said user rights according to
>>> the memberships.
>>
>> I'm kinda guessing here but you may be able to find more with a quick google;
>> I think the following piece of config will add any user, who logs in
>> for the first time, to the specified group in OTRS
>>
>> # AuthSyncModule::LDAP::UserSyncInitialGroups
>> # (sync following group with rw permission after initial create of
>> first agent
>> # login)
>> $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
>> 'users',
>> ];
>>
>> But that could be syncing groups from ldap to the DB. I know I've seen
>> more about this in the docs or on this list but I havn't found it yet.
>>
>>
>>> Well, what I have found so far (I might be wrong) is that the user
>>> has to be in the local db; the password can be kept in ldap but you have to
>>> create an user in otrs. What I did was after setting ldap up, I tried to
>>> login as one of the users from the ldap group (cn=users) I gave otrs as the
>>> GroupDN. It cheerfully ignored that user. THen I created an user with the
>>> same username inside otrs but did not give a password. I was able to login
>>> as the said user.
>>
>> That's fits with how I understand this to work. If you don't have the
>> sync config added it doesn't know to pull the user from ldap so it
>> can't find them in the DB and fails. Once you create them in the DB
>> you're golden.
>> The sync has the benefit that you can pull across some extra info into
>> the DB e.g.;
>>
>> $Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
>> # DB -> LDAP
>> UserFirstname => 'givenName',
>> UserLastname => 'sn',
>> UserEmail => 'mail',
>> };
>>
>> I wonder if that can be used to pull across the group info too?
>>
>>>> My ideas on this are all open to questioning tho as I don't know this for
>>>> fact.
>>>>
>>> Do you think I do? =) I am still figuring this program out.
>>
>> I was kinda hoping somebody was gonna come along and tell that I was right :)
>>
>> Rory
>> ---------------------------------------------------------------------
>> OTRS mailing list: otrs - Webpage: http://otrs.org/
>> Archive: http://lists.otrs.org/pipermail/otrs
>> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
>>
>> NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
>> http://www.otrs.com/en/support/enterprise-subscription/
>>
> ---------------------------------------------------------------------
> OTRS mailing list: otrs - Webpage: http://otrs.org/
> Archive: http://lists.otrs.org/pipermail/otrs
> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
>
> NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
> http://www.otrs.com/en/support/enterprise-subscription/
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/
