Hi Michiel, Thanks for the info. I'm trying to use the SyncRolesDefinition and I've added the following to the config;
# Sync LDAP group to role in OTRS # AuthSyncModule::LDAP::UserSyncRolesDefinition $Self->{'AuthSyncModule::LDAP::UserSyncRolesDefinition'} = { # ldap group 'CN=IT,OU=Groups,OU=IT,OU=Departments' => { # otrs role 'r_IT' => 1, }, }; I prefix all my roles in otrs with r_ to try to keep things clear (group with g_ too) Support my 365 Challenge in aid of the Irish Cancer Society www.365challenge.ie 2009/8/7 Michiel Beijen <mich...@beefreeit.nl>: > Hi Rory and Mauricio, > > Let me first state that if you have configured the AuthSyncModule the > OTRS will sync agent data every time a user logs in to OTRS. If you'd > change the user properties in active directory; they would be updated > in OTRS as soon as the agent logs in. > And of course, if the account is disabled in the AD, the user will not > be able to log in to OTRS. > > the UserSyncInitialGroups can be used to define a standard group for > every user from a certain source. For instance, you could define it so > that every LDAP user is automatically put in the groups Users and FAQ. > > If you would like to manage your OTRS groups from your LDAP source, > that is also possible. Please look into the Defaults.pm file, under > UserSyncGroupsDefinition: modify, unquote and put into your Custom.pm > > Regards, > > Michiel > > # AuthSyncModule::LDAP::UserSyncGroupsDefinition > # (If "LDAP" was selected for AuthModule and you want to sync LDAP > # groups to otrs groups, define the following.) > # $Self->{'AuthSyncModule::LDAP::UserSyncGroupsDefinition'} = { > # # ldap group > # 'cn=agent,o=otrs' => { > # # otrs group > # 'admin' => { > # # permission > # rw => 1, > # ro => 1, > # }, > # 'faq' => { > # rw => 0, > # ro => 1, > # }, > # }, > # 'cn=agent2,o=otrs' => { > # 'users' => { > # rw => 1, > # ro => 1, > # }, > # } > # }; > > # AuthSyncModule::LDAP::UserSyncRolesDefinition > # (If "LDAP" was selected for AuthModule and you want to sync LDAP > # groups to otrs roles, define the following.) > # $Self->{'AuthSyncModule::LDAP::UserSyncRolesDefinition'} = { > # # ldap group > # 'cn=agent,o=otrs' => { > # # otrs role > # 'role1' => 1, > # 'role2' => 0, > # }, > # 'cn=agent2,o=otrs' => { > # 'role3' => 1, > # } > # }; > > > > -- > Michiel Beijen > Software Consultant > +31 6 - 457 42 418 > Bee Free IT + http://beefreeit.nl > > > > On Thu, Aug 6, 2009 at 16:08, Rory<rcler...@gmail.com> wrote: >> 2009/8/6 Mauricio Tavares <raubvo...@gmail.com>: >> >>> I have no problems if otrs cannot edit ldap. What I would like is to >>> be able to define which group someone belongs to in ldap and then otrs will >>> see the groups memberships and then grant the said user rights according to >>> the memberships. >> >> I'm kinda guessing here but you may be able to find more with a quick google; >> I think the following piece of config will add any user, who logs in >> for the first time, to the specified group in OTRS >> >> # AuthSyncModule::LDAP::UserSyncInitialGroups >> # (sync following group with rw permission after initial create of >> first agent >> # login) >> $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [ >> 'users', >> ]; >> >> But that could be syncing groups from ldap to the DB. I know I've seen >> more about this in the docs or on this list but I havn't found it yet. >> >> >>> Well, what I have found so far (I might be wrong) is that the user >>> has to be in the local db; the password can be kept in ldap but you have to >>> create an user in otrs. What I did was after setting ldap up, I tried to >>> login as one of the users from the ldap group (cn=users) I gave otrs as the >>> GroupDN. It cheerfully ignored that user. THen I created an user with the >>> same username inside otrs but did not give a password. I was able to login >>> as the said user. >> >> That's fits with how I understand this to work. If you don't have the >> sync config added it doesn't know to pull the user from ldap so it >> can't find them in the DB and fails. Once you create them in the DB >> you're golden. >> The sync has the benefit that you can pull across some extra info into >> the DB e.g.; >> >> $Self->{'AuthSyncModule::LDAP::UserSyncMap'} = { >> # DB -> LDAP >> UserFirstname => 'givenName', >> UserLastname => 'sn', >> UserEmail => 'mail', >> }; >> >> I wonder if that can be used to pull across the group info too? >> >>>> My ideas on this are all open to questioning tho as I don't know this for >>>> fact. >>>> >>> Do you think I do? =) I am still figuring this program out. >> >> I was kinda hoping somebody was gonna come along and tell that I was right :) >> >> Rory >> --------------------------------------------------------------------- >> OTRS mailing list: otrs - Webpage: http://otrs.org/ >> Archive: http://lists.otrs.org/pipermail/otrs >> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs >> >> NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! >> http://www.otrs.com/en/support/enterprise-subscription/ >> > --------------------------------------------------------------------- > OTRS mailing list: otrs - Webpage: http://otrs.org/ > Archive: http://lists.otrs.org/pipermail/otrs > To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs > > NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! > http://www.otrs.com/en/support/enterprise-subscription/ --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/