I use Active Directory (Windows 2000) exclusively for Agent
Auth, Customer Web Interface Auth, and Customer Database. There are
several tweaks that have to be made to read from Active Directory properly, but
the easiest way to explain them is to show a working config. I have
attached my AD settings that are in my Config.pm.
Tyler
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Covert, JakeSent:
Wednesday, July 28, 2004 9:46 AMTo: [EMAIL PROTECTED]Subject:
[otrs] Active Directory as customer backend
Has anyone been able to configure
OTRS to use Windows 2003 Active Directory as the customer backend? If so,
are there any quick and dirty guides?
The install documents reference
using LDAP as the backend, but I’m not quite sure how AD <==> LDAP
mappings would look.
(btw, my Active Dir. config is
pretty vanilla from what I understand…)
Thanks in
advance.
:-)
Jake
Covert
IT
Administrator
Enterprise Automotive
Systems (EAS)
Phone: 586.755.3180 x
147
Fax:
586.759.3679
my @hosts = ('prvsrvdc.nspnet.net','prvsrvdns.nspnet.net');
#--#
# Agent LDAP Authentication Settings #
#--#
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = [EMAIL PROTECTED];
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=domain,dc=com';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'user'; # Needs to be
fully qualified active directory domain name ([EMAIL PROTECTED])
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'pass';
$Self->{'AuthModule::LDAP::GroupDN'} =
'cn=otrs,cn=Users,dc=domain,dc=com';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
#--#
# Customer Search Form Populator #
#--#
$Self->{CustomerUser} = {
Name => 'LDAP Source',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
# ldap host
Host => [EMAIL PROTECTED],
# ldap base dn
BaseDN => 'dc=domain,dc=com',
# search scope (one|sub)
SSCOPE => 'sub',
# The following is valid but would only be necessary if the
# anonymous user does NOT have permission to read from the
LDAP tree
# Absolutely necessary for Active Directory
UserDN => 'user', # Needs to be fully qualified active
directory domain name ([EMAIL PROTECTED])
UserPw => 'pass',
},
# customer uniq id
CustomerKey => 'sAMAccountName',
# customer #
CustomerID => 'url',
CustomerUserListFields => ['givenname', 'sn', 'mail'],
CustomerUserSearchFields =>
['displayName','sAMAccountName','givenname', 'sn', 'mail','description'],
CustomerUserPostMasterSearchFields =>
['displayName','sAMAccountName','givenname','sn','mail','description'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'url', 0, 1, 'var' ],