Syncing user data when authenticating against an LDAP database is possible. The problem is, though, that if you do Single Sign On, there will be no authentication as this is handled by the webserver and not by OTRS. So if you implement SSO you would need to set up a script such as otrs/scripts/tools/sync-ldap2db.pl to synchronize users from AD to OTRS.
Hope this helps, ((enjoy)) - Michiel Beijen R&D Follow me on Twitter: @otrsnl [https://twitter.com/otrsnl] OTRS AG Norsk-Data-Str 1. 61352 Bad Homburg Germany T: +31 (0) 6457 42418 F: +49 (0) 9421 56818-18 I: http://www.otrs.com/ Business Location: Bad Homburg, Country Court: Bad Homburg, Commercial register: 10751, Tax ID: 003 240 97505 Chairman of the Board: Burchard Steinbild, Managing Board: André Mindermann (CEO), Martin Edenhofer On Wed, Apr 7, 2010 at 11:09 AM, Jesus Peña Martinez <jp...@bankinter.es> wrote: > Hi, > > It is necessary to add user identifier manually but you could update remain > data from AD when authenticates. > > These are Config.pm changes for achieve this function: > > $Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP'; > $Self->{'AuthSyncModule::LDAP::Host'} = 'myldaphost.com'; > $Self->{'AuthSyncModule::LDAP::BaseDN'} = > 'cn=Users,dc=mycompany,dc=com'; > > # AD user identifier > $Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName'; > > # AD query user if not anonymous > $Self->{'AuthSyncModule::LDAP::SearchUserDN'} = > 'cn=QUERYUSER,cn=Users,dc=mycompany,dc=com'; > $Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'xxxxxxx'; > > # query filter (if necessary) > $Self->{'AuthSyncModule::LDAP::AlwaysFilter'} = '(&(| > (CN=Users)(USER=*)))'; > > # LDAP to DB parameters map > $Self->{'AuthSyncModule::LDAP::UserSyncMap'} = { > # DB -> LDAP > UserFirstname => 'givenName', > UserLastname => 'sn', > UserEmail => 'mail', > # all other data you need > }; > > # character set from ldap utf-8 to local (if necessary) > $Self->{'AuthSyncModule::LDAP::Charset'} = 'iso-8859-1'; > > # UserTable > $Self->{DatabaseUserTable} = 'users'; > $Self->{DatabaseUserTableUserID} = 'id'; > $Self->{DatabaseUserTableUserPW} = 'pw'; > $Self->{DatabaseUserTableUser} = 'login'; > > I hope this helps. > Regards. > > > > > Erling Lothe > <e...@adell.no> > Para > Enviado por: "User questions and discussions > otrs-boun...@otrs about OTRS." <otrs@otrs.org> > .org cc > > 06/04/2010 16:59 Asunto > Re: [otrs] SSO with > Por favor, Kernel::System::CustomerAuth::HTTPB > responda a asicAuth display Panic! No > "User questions UserData!!! Error > and discussions > about OTRS." > <otrs@otrs.org> > > > > > > > > Hello again, > > I dont think that is possible in OTRS. We have allways added the user > manually due to group setup and then let AD work as authentication. > If you do some scripting you can loop trought the AD and then add the users > to the mySQL user table in OTRS. > > Vennlig hilsen - Best regards - Saludos Cordiales > > Erling Lothe > IT Consultant > > > ----- Original Message ----- > From: "Arnault Tovar" <arnault.to...@pronatura.com> > To: otrs@otrs.org > Sent: Tuesday, April 6, 2010 3:15:07 PM > Subject: [otrs] SSO with Kernel::System::CustomerAuth::HTTPBasicAuth > display Panic! No UserData!!! Error > > Thank you Erling, > > How could I insert automatically email and name from AD to OTRS database > ? > > > > ------------------------------------------ > > The user needs to be in the OTRS user database. It is important that the > username in OTRS match the user in the AD. > > > > It will then authenticate with the username and password from the AD and > not the OTRS but use the userinformation from OTRS. ( Email, name, > groups e.t.c. ) > > ----- Original Message ----- > From: "Arnault Tovar" <arnault.tovar at pronatura.com> > To: otrs at otrs.org > Sent: Tuesday, April 6, 2010 1:51:42 PM > Subject: [otrs] SSO with Kernel::System::CustomerAuth::HTTPBasicAuth > display Panic! No UserData!!! Error > > Hi everyone, > > I try to configure my OTRS customer interface with SSO Active Directory > over Apache. > My Apache authentification works with the sspi module and it looks > great. > > My config.pm works fine with LDAP configuration with this configuration: > > $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; > $Self->{'Customer::AuthModule::LDAP::Host'} = 'svr.xx.yy.com'; > $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=xx,dc=yy,dc=com'; > $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName'; > $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'CN=Helpdesk, > OU=yy,DC=xx,DC=yy,DC=com'; > $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'Glpi84@'; > $Self->{'Customer::AuthModule::LDAP::Params'} = { > port => 389, > timeout => 120, > async => 0, > version => 3, > }; > > $Self->{CustomerUser} = { > Module => 'Kernel::System::CustomerUser::LDAP', > Params => { > Host => 'svr.xx.yy.com', > BaseDN => 'OU=yy,DC=xx,DC=yy,DC=com', > SSCOPE => 'sub', > UserDN =>'CN=Helpdesk,OU=yy,DC=xx,DC=yy,DC=com', > UserPw => 'Glpi84@', > #SourceCharset => 'iso-8859-1', > #DestCharset => 'utf-8', > }, > > # customer unique id > CustomerKey => 'sAMAccountName', > # customer # > CustomerID => 'sAMAccountName', > #CustomerValid => 'valid_id', > CustomerUserListFields => ['sAMAccountName', 'sn', > 'mail'], > CustomerUserSearchFields => ['sAMAccountName', 'sn', > 'mail'], > CustomerUserSearchPrefix => '', > CustomerUserSearchSuffix => '*', > CustomerUserSearchListLimit => 250, > CustomerUserPostMasterSearchFields => ['mail'], > CustomerUserNameFields => ['givenname', 'sn'], > Map => [ > # note: Login, Email and CustomerID needed! > # var, frontend, storage, shown, required, > storage-type > #[ 'UserSalutation', 'Title', 'title', 1, 0, > 'var' ], > [ 'UserFirstname', 'Firstname', 'givenname', 1, > 1, 'var' ], > [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' > ], > [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, > 'var' ], > #['UserPassword', 'Password', 'pw', 0, 1, > 'var'], > [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ], > [ 'UserCustomerID', 'CustomerID', > 'sAMAccountName', 0, 1, 'var' ], > [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, > > 'var' ], > #[ 'UserAddress', 'Address', 'postaladdress', 1, > > 0, 'var' ], > #[ 'UserComment', 'Comment', 'description', 1, > 0, 'var' ], > ], > }; > > But when I want to activate the HTTPBasicAuth because I want that my > users login automatically with their windows authentication, it doesn't > work. I have an error message in the login forms "Panic! No > UserData!!!". I have this on my config.pm for HTTPBasicAuth : > # This is an example configuration for an apache ($ENV{REMOTE_USER}) > > # auth. backend. Use it if you want to have a singe login through > # apache http-basic-auth > $Self->{'Customer::AuthModule'} = > 'Kernel::System::CustomerAuth::HTTPBasicAuth'; > > # In case there is a leading domain in the REMOTE_USER, you can > # replace it by the next config option. > $Self->{'Customer::AuthModule::HTTPBasicAuth::Replace'} = > 'terreor\\'; > > $Self->{CustomerUser} = { > Module => 'Kernel::System::CustomerUser::LDAP', > Params => { > Host => 'svr.xx.yy.com', > BaseDN => 'OU=yy,DC=xx,DC=yy,DC=com', > SSCOPE => 'sub', > UserDN =>'CN=Helpdesk,OU=yy,DC=xx,DC=yy,DC=com', > UserPw => 'Glpi84@', > #SourceCharset => 'iso-8859-1', > #DestCharset => 'utf-8', > }, > > # customer unique id > CustomerKey => 'sAMAccountName', > # customer # > CustomerID => 'sAMAccountName', > #CustomerValid => 'valid_id', > CustomerUserListFields => ['sAMAccountName', 'sn', > 'mail'], > CustomerUserSearchFields => ['sAMAccountName', 'sn', > 'mail'], > CustomerUserSearchPrefix => '', > CustomerUserSearchSuffix => '*', > CustomerUserSearchListLimit => 250, > CustomerUserPostMasterSearchFields => ['mail'], > CustomerUserNameFields => ['givenname', 'sn'], > Map => [ > # note: Login, Email and CustomerID needed! > # var, frontend, storage, shown, required, > storage-type > #[ 'UserSalutation', 'Title', 'title', 1, 0, > 'var' ], > [ 'UserFirstname', 'Firstname', 'givenname', 1, > 1, 'var' ], > [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' > ], > [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, > 'var' ], > #['UserPassword', 'Password', 'pw', 0, 1, > 'var'], > [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ], > [ 'UserCustomerID', 'CustomerID', > 'sAMAccountName', 0, 1, 'var' ], > [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, > > 'var' ], > #[ 'UserAddress', 'Address', 'postaladdress', 1, > > 0, 'var' ], > #[ 'UserComment', 'Comment', 'description', 1, > 0, 'var' ], > ], > }; > > I tried a lot of different config found on this mailing list but it > doesn't work. > > Laouache > --------------------------------------------------------------------- > OTRS mailing list: otrs - Webpage: http://otrs.org/ > Archive: http://lists.otrs.org/pipermail/otrs > To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs > > NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! > http://www.otrs.com/en/support/enterprise-subscription/ > --------------------------------------------------------------------- > OTRS mailing list: otrs - Webpage: http://otrs.org/ > Archive: http://lists.otrs.org/pipermail/otrs > To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs > > NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! > http://www.otrs.com/en/support/enterprise-subscription/ > > --------------------------------------------------------------------- > OTRS mailing list: otrs - Webpage: http://otrs.org/ > Archive: http://lists.otrs.org/pipermail/otrs > To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs > > NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! > http://www.otrs.com/en/support/enterprise-subscription/ > --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
