I've got an installation of OTRS 2.3.4 (with ITSM 1.2.3 integrated).
I've successfully integrated everything perfectly with our Active
Directory structure - both agents and customers can login (only to
their respective front ends) and operate correctly authenticated with
AD.
The one remaining issue is to get Company Tickets working, or some
other method of allowing customers to view each others tickets.
If I'm reading correctly, UserCustomerIDs should contain a list of
multiple UserCustomerID. When the UserCustomerID for the customer is
present in the UserCustomerIDs of a ticket the customer should be able
to see the ticket, even when they aren't the submitter of the ticket.
Am I correct?
If so, unfortunately we want *every* customer to be able to see every
other customers tickets in certain queues. UserCustomerIDs (and the
respective entries in AD) would be a ridiculous size!
Instead, I've looked at Customer Groups, which (again if I'm reading
correctly) should do what we want. It's set up, queues are assigned
certain groups, the customer users are defaulted into these groups,
but they cannot see other customers tickets.
Does anyone have any suggestions? I'm utterly stumped.
Thanks
Matthew
Note: I've pasted Config.pm below for anyone else to take advantage of
- it's taken me a while to get OTRS fully happy with AD.
### CUSTOM SETTINGS START
## OPTIONS START
# Show lost password feature
$Self->{LostPassword} = 1;
# Show MOTD - Kernel/Output/HTML/Standard/Motd.dtl on login screen
$Self->{ShowMotd} = 0;
# Show customer info on Compose (Phone and Email), Zoom and Queue view)
$Self->{ShowCustomerInfoCompose} = 1;
$Self->{ShowCustomerInfoZoom} = 1;
$Self->{ShowCustomerInfoQueue} = 0;
# Show Owner Info
# $Self->{PhoneViewOwnerSelection} = 1;
# SendmailModule
$Self->{'SendmailModule'} = 'Kernel::System::Email::SMTP';
$Self->{'SendmailModule::Host'} = 'xxxxxxxx.co.uk';
$Self->{'SendmailModule::AuthUser'} = '';
$Self->{'SendmailModule::AuthPassword'} = '';
## OPTIIONS END
## AGENT AUTHENTICATION START
# Authenticate agent with Active Directory
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'xxxx.xxxxxxxx.co.uk';
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=xxxxxxxx,dc=co,dc=uk';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
# Check if the agent is in correct group
$Self->{'AuthModule::LDAP::GroupDN'} = 'cn=OTRS
Users,ou=Local Groups,dc=xxxxxxxx,dc=co,dc=uk';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
# User to perform search with - required if anonymous LDAP
searches aren't allowed
$Self->{'AuthModule::LDAP::SearchUserDN'} =
'xxxxx...@xxxxxxxx.co.uk';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'xxxxxxxx';
# Die if backend can't work, e. g. can't connect to server.
$Self->{'AuthModule::LDAP::Die'} = 1;
# Map of fields in Active Directory to OTRS
$Self->{UserSyncLDAPMap} = {
# DB -> LDAP
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
# If Active Directory user has not logged in before, add them
to the following user groups in OTRS
$Self->{UserSyncLDAPGroups} = [
'users',
];
# Database table and columns where user details are stored
$Self->{DatabaseUserTable} = 'users';
$Self->{DatabaseUserTableUserID} = 'id';
$Self->{DatabaseUserTableUserPW} = 'pw';
$Self->{DatabaseUserTableUser} = 'login';
## AGENT AUTHENTICATION END
## CUSTOMER AUTHENTICATION START
# Authenticate customer with Active Directory
$Self->{'Customer::AuthModule'} =
'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} =
'xxxx.xxxxxxxx.co.uk';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} =
'dc=xxxxxxxx, dc=co, dc=uk';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
# User to perform search with - required if anonymous LDAP
searches aren't allowed
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} =
'xxxxx...@xxxxxxxx.co.uk';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} =
'xxxxxxxx';
## CUSTOMER AUTHENTICATION END
## CUSTOMER DETAILS START
# Get customer information from Active Directory
$Self->{CustomerUser} = {
Name => 'Active Directory',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'xxxx.xxxxxxxx.co.uk',
BaseDN => 'dc=xxxxxxxx, dc=co, dc=uk',
SSCOPE => 'sub',
AlwaysFilter => '(mail=*)',
UserDN => 'xxxxx...@xxxxxxxx.co.uk',
UserPw => 'xxxxxxxx',
},
CustomerKey => 'sAMAccountName',
CustomerID => 'mail',
CustomerUserListFields => ['cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName',
'cn', 'mail'],
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
# Hide customers tickets in CompanyTickets view
CustomerUserExcludePrimaryCustomerID => 1,
# Is admin allowed to change customer preferences
AdminSetPreferences => 0,
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
[ 'UserSalutation', 'Title', 'title',
1, 0, 'var' ],
[ 'UserFirstname', 'Firstname',
'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1,
1, 'var' ],
[ 'UserLogin', 'Login',
'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID',
'mail', 0, 1, 'var' ],
[ 'UserPhone', 'Phone',
'telephonenumber', 1, 0, 'var' ],
[ 'UserAddress', 'Address',
'postaladdress', 1, 0, 'var' ],
[ 'UserComment', 'Comment',
'description', 1, 0, 'var' ],
],
};
## CUSTOMER DETAILS END
### CUSTOM SETTINGS END
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/
