Hello All !
I'm having problems with multi domain integration, here's our scene:
We have a Windows 2003 Forest with 8 living domains in our Offices
corp.intra (parent domain)
--------------office1.corp.intra
--------------office2.corp.intra
--------------office3.corp.intra
--------------office4.corp.intra
--------------office5.corp.intra
--------------office6.corp.intra
--------------office7.corp.intra
--------------office8.corp.intra
Each domain has its domain controllers installed in their own site, they
are linked to our main site through a 2mbps WAN link.
I need to set OTRS to authenticate and get data fron the users from
these domains,
The only way I found to authenticate and get userdata from these domains
was building a list with multiple LDAP entries in my Config.pm.
It worked, but the web interface became extremally slow after these
multi domain integration. It doesn't matter where you click, each and
every link gets very slow, and the index.pl gets very CPU intensive,
taking a long time to finish working.
What would be the right solution for integration with an Active
Directory multi Domain Environment like this?
Any help will be very appreciated!
Here goes my Config.pm authentication settings
# AUTHENTICATION SETTINGS - LDAP STUFF #
#----Autenticacao Office1----#
#Enable LDAP authentication for Customers / Users
$Self->{'Customer::AuthModule'} =
'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = '10.0.2.19';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} =
'ou=Office1,dc=office1,dc=corp,dc=intra';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} =
'CN=otrs_ldap,OU=Integracao_OTRS,DC=corp,DC=intra';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'password;
#----Autenticacao Office2----#
$Self->{'Customer::AuthModule1'} =
'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host1'} = '192.168.40.2';
$Self->{'Customer::AuthModule::LDAP::BaseDN1'} =
'ou=Office2,dc=office2,dc=corp,dc=intra';
$Self->{'Customer::AuthModule::LDAP::UID1'} = 'sAMAccountName';
#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
$Self->{'Customer::AuthModule::LDAP::SearchUserDN1'} =
'CN=otrs_ldap,OU=Integracao_OTRS,DC=corp,DC=intra';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw1'} = 'password';
#----Autenticacao Office3----#
$Self->{'Customer::AuthModule2'} =
'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host2'} = '192.168.42.2';
$Self->{'Customer::AuthModule::LDAP::BaseDN2'} =
'ou=Office3,dc=office3,dc=corp,dc=intra';
$Self->{'Customer::AuthModule::LDAP::UID2'} = 'sAMAccountName';
#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
$Self->{'Customer::AuthModule::LDAP::SearchUserDN2'} =
'CN=otrs_ldap,OU=Integracao_OTRS,DC=corp,DC=intra';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw2'} = 'password';
#----Autenticacao Office4----#
$Self->{'Customer::AuthModule3'} =
'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host3'} = '192.168.43.2';
$Self->{'Customer::AuthModule::LDAP::BaseDN3'} =
'OU=Office4,dc=office4,dc=corp,dc=intra';
$Self->{'Customer::AuthModule::LDAP::UID3'} = 'sAMAccountName';
#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
$Self->{'Customer::AuthModule::LDAP::SearchUserDN3'} =
'CN=otrs_ldap,OU=Integracao_OTRS,DC=corp,DC=intra';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw3'} = 'password';
#----Autenticacao Office5----#
$Self->{'Customer::AuthModule4'} =
'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host4'} = '192.168.70.2';
$Self->{'Customer::AuthModule::LDAP::BaseDN4'} =
'OU=Office5,dc=office5,dc=corp,dc=intra';
$Self->{'Customer::AuthModule::LDAP::UID4'} = 'sAMAccountName';
#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
$Self->{'Customer::AuthModule::LDAP::SearchUserDN4'} =
'CN=otrs_ldap,OU=Integracao_OTRS,DC=corp,DC=intra';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw4'} = 'password';
#--------------------- GET USER DATA --------------------------#
# Office1 #
#CustomerUser
#(customer user database backend and settings)
$Self->{CustomerUser} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => '10.0.2.19',
BaseDN => 'OU=Office1,dc=office1,dc=corp,dc=intra',
SSCOPE => 'sub',
UserDN =>'CN=otrs_ldap,OU=Integracao_OTRS,DC=corp,DC=intra',
UserPw => 'password',
},
# customer unique id
CustomerKey => 'sAMAccountName',
# customer #
CustomerID => 'sAMAccountName',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
#[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'sAMAccountName', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
#[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
#[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
[ 'UserComment', 'Comment', 'department', 1, 0, 'var' ],
],
};
# Office2 #
#CustomerUser
#(customer user database backend and settings)
$Self->{CustomerUser} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => '192.168.40.2',
BaseDN => 'OU=Office2,dc=office2,dc=corp,dc=intra',
SSCOPE => 'sub',
UserDN =>'CN=otrs_ldap,OU=Integracao_OTRS,DC=corp,DC=intra',
UserPw => 'password',
},
# customer unique id
CustomerKey => 'sAMAccountName',
# customer #
CustomerID => 'sAMAccountName',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
#[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'sAMAccountName', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
#[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
#[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
[ 'UserComment', 'Comment', 'department', 1, 0, 'var' ],
],
};
# Office3 #
#CustomerUser
#(customer user database backend and settings)
$Self->{CustomerUser} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => '192.168.42.2',
BaseDN => 'OU=Office3,dc=office3,dc=corp,dc=intra',
SSCOPE => 'sub',
UserDN =>'CN=otrs_ldap,OU=Integracao_OTRS,DC=corp,DC=intra',
UserPw => 'password',
},
# customer unique id
CustomerKey => 'sAMAccountName',
# customer #
CustomerID => 'sAMAccountName',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
#[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'sAMAccountName', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
#[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
#[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
[ 'UserComment', 'Comment', 'department', 1, 0, 'var' ],
],
};
# Office4 #
#CustomerUser
#(customer user database backend and settings)
$Self->{CustomerUser} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => '192.168.43.2',
BaseDN => 'OU=Office4,dc=office4,dc=corp,dc=intra',
SSCOPE => 'sub',
UserDN =>'CN=otrs_ldap,OU=Integracao_OTRS,DC=corp,DC=intra',
UserPw => 'password',
},
# customer unique id
CustomerKey => 'sAMAccountName',
# customer #
CustomerID => 'sAMAccountName',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
#[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'sAMAccountName', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
#[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
#[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
[ 'UserComment', 'Comment', 'department', 1, 0, 'var' ],
],
};
# Office5 #
#CustomerUser
#(customer user database backend and settings)
$Self->{CustomerUser} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => '192.168.70.2',
BaseDN => 'OU=Office5,dc=office5,dc=corp,dc=intra',
SSCOPE => 'sub',
UserDN =>'CN=otrs_ldap,OU=Integracao_OTRS,DC=corp,DC=intra',
UserPw => 'password',
},
# customer unique id
CustomerKey => 'sAMAccountName',
# customer #
CustomerID => 'sAMAccountName',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
#[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'sAMAccountName', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
#[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
#[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
[ 'UserComment', 'Comment', 'department', 1, 0, 'var' ],
],
};
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/
