Re: [otrs] Need to set customers/agents's auth witn LDAP.

Thu, 07 Feb 2013 09:20:03 -0800 

don't change defaults.pm only config.pm


On Thu, Feb 7, 2013 at 11:56 AM, Israel Garcia <iga3...@yahoo.com> wrote:

> HI,
>
> From the manual, I see I have to add all these lines to get agents and
> customers authenticating with ldap (AD), but not sure if we have to add it
> to /opt/otrs/Kernel/Config.pm or /opt/otrs/Kernel/Config/Default.pm? Or in
> other place.
>
> For agents:
> # This is an example configuration for an LDAP auth. backend.
> # (Make sure Net::LDAP is installed!)
> $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
> $Self->{'AuthModule::LDAP::Host'} = 'israelDC2.israel.NET';
> $Self->{'AuthModule::LDAP::BaseDN'} =
> 'cn=otrs_allow_company,ou=generics,ou=usuaris,ou=israel,dc=israel,dc=net';
> $Self->{'AuthModule::LDAP::UID'} = 'uid';
>
> # Check if the user is allowed to auth in a posixGroup
> # (e. g. user needs to be in a group xyz to use otrs)
> $Self->{'AuthModule::LDAP::GroupDN'} =
> 'ou=generics,ou=usuaris,ou=israel,dc=israel,dc=net';
> $Self->{'AuthModule::LDAP::AccessAttr'} = 'memberUid';
> # for ldap posixGroups objectclass (just uid)
> #  $Self->{'AuthModule::LDAP::UserAttr'} = 'UID';
> # for non ldap posixGroups objectclass (with full user dn)
> #  $Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
>
> # The following is valid but would only be necessary if the
> # anonymous user do NOT have permission to read from the LDAP tree
> $Self->{'AuthModule::LDAP::SearchUserDN'} = 'otrs_ldap';
> $Self->{'AuthModule::LDAP::SearchUserPw'} = 'OTRisrael24';
>
> # in case you want to add always one filter to each ldap query, use
> # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter =>
> '(objectclass=user)'
> $Self->{'AuthModule::LDAP::AlwaysFilter'} = '';
>
> # in case you want to add a suffix to each login name, then
> # you can use this option. e. g. user just want to use user but
> # in your ldap directory exists user@domain.
> #    $Self->{'AuthModule::LDAP::UserSuffix'} = '@israel.domain';
>
> # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
> $Self->{'AuthModule::LDAP::Params'} = {
>     port => 389,
>     timeout => 120,
>     async => 0,
>     version => 3,
> };
>
>
> For customers:
> # This is an example configuration for an LDAP auth. backend.
> # (make sure Net::LDAP is installed!)
> $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
> $Self->{'Customer::AuthModule::LDAP::Host'} = 'israelDC2.israel.NET';
> $Self->{'Customer::AuthModule::LDAP::BaseDN'} =
> 'cn=otrs_allow_israel,ou=generics,ou=usuaris,ou=israel,dc=israel,dc=net';
> $Self->{'Customer::AuthModule::LDAP::UID'} = 'uid';
>
> # Check if the user is allowed to auth in a posixGroup
> # (e. g. user needs to be in a group xyz to use otrs)
> $Self->{'Customer::AuthModule::LDAP::GroupDN'} =
> 'ou=generics,ou=usuaris,ou=israel,dc=israel,dc=net';
> $Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'memberUid';
> # for ldap posixGroups objectclass (just uid)
> $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID';
> # for non ldap posixGroups objectclass (full user dn)
> #$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN';
>
> # The following is valid but would only be necessary if the
> # anonymous user does NOT have permission to read from the LDAP tree
> $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrs_ldap';
> $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'OTRisrael24';
>
> # in case you want to add always one filter to each ldap query, use
> # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter =>
> '(objectclass=user)'
> $Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '';
>
> # in case you want to add a suffix to each customer login name, then
> # you can use this option. e. g. user just want to use user but
> # in your ldap directory exists user@domain.
> #$Self->{'Customer::AuthModule::LDAP::UserSuffix'} = '@israel.domain';
>
> # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
> $Self->{'Customer::AuthModule::LDAP::Params'} = {
> port => 389,
> timeout => 120,
> async => 0,
> version => 3,
> };
>
> Thanks once more.
> regards
> Israel.
>
> ---------------------------------------------------------------------
> OTRS mailing list: otrs - Webpage: http://otrs.org/
> Archive: http://lists.otrs.org/pipermail/otrs
> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
>

---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

Reply via email to