ich habe unser AD als Kunden bzw. Agentenbackend eingerichtet. Soweit funktioniert alles.
Nun dachte ich mir, ich binde das AD als zweites Backend ein, um auf die E-Mailverteilerlisten los zu gehen, die ich gern im Adressbuch haben möchte. Die Idee kam mir aus dem Beitrag:
http://www.otrs-forum.de/viewtopic.php?f=17&t=4116
Ich habe mir also zwei CustomerUser-Backends angelegt:
Code: Select all
$Self->{CustomerUser1} = {
Name => 'Backend1',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
# ldap host
Host => '10xxx',
# ldap base dn
BaseDN => 'ou=xx,dc=xx,dc=xx,dc=de',
# search scope (one|sub)
SSCOPE => 'sub',
# The following is valid but would only be necessary if the
# anonymous user does NOT have permission to read from the LDAP tree
UserDN => 'user',
UserPw => 'Password',
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
# Filter im AD: um die Funktionsaccounts auszuschließen, müssen die Felder
# E-MAil, Department und Description (info) belegt sein!
AlwaysFilter => '(&(mail=*)(department=*) (info=*)(givenname=*))',
# if your frontend is e. g. iso-8859-1 and the charset of your
# ldap server is utf-8, use this options (if not, ignore it)
SourceCharset => 'utf-8',
DestCharset => 'utf-8',
# die if backend can't work, e. g. can't connect to server
Die => 0,
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
Params => {
port => 389,
timeout => 120,
async => 0,
version => 3,
},
},
# customer uniq id
CustomerKey => 'samaccountname',
# customer #
CustomerID => 'info',
CustomerUserListFields => ['givenname', 'sn', 'mail'],
CustomerUserSearchFields => ['mail','cn','telephonenumber','sn','samaccountname','department'],
CustomerUserSearchPrefix => '*',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
# show now own tickets in customer panel, CompanyTickets
CustomerUserExcludePrimaryCustomerID => 0,
# add a ldap filter for valid users (expert setting)
# CustomerUserValidFilter => '((accountExpires=0))',
# admin can't change customer preferences
AdminSetPreferences => 0,
# cache time to life in sec. - cache any ldap queris
CacheTTL => 240,
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly
[ 'UserSalutation', 'Title', 'title', 1, 0, 'var', '', 0 ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var', '', 0 ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var', '', 0 ],
[ 'UserLogin', 'Username', 'samaccountname', 0, 1, 'var', '', 0 ],
[ 'UserEmail', 'Email', 'mail', 0, 1, 'var', '', 0 ],
[ 'UserCustomerID', 'CustomerID', 'department', 1, 1, 'var', '', 0 ],
[ 'UserCustomerIDs', 'CustomerIDs', 'info', 0, 1, 'var', '', 0 ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var', 'javascript:launchWebDialerServlet(\'$Data{"UserPhone"}\')', 0 ],
],
};
# (take care that Net::LDAP is installed!)
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host1'} = '10xxx';
$Self->{'Customer::AuthModule::LDAP::BaseDN1'} = 'ou=xx,dc=xx,dc=xx,dc=de';
$Self->{'Customer::AuthModule::LDAP::UID1'} ='samaccountname';
# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group xyz to use otrs)
# for ldap posixGroups objectclass (just uid)
# for non ldap posixGroups objectclass (full user dn)
# The following is valid but would only be necessary if the
# anonymous user do NOT have permission to read from the LDAP tree
$Self->{'Customer::AuthModule::LDAP::SearchUserDN1'} = 'user';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw1'} = 'Password';
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
# $Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '';
# in case you want to add a suffix to each customer login name, then
# you can use this option. e. g. user just want to use user but
# in your ldap directory exists user@domain.
# $Self->{'Customer::AuthModule::LDAP::UserSuffix'} = '@domain.com';
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'Customer::AuthModule::LDAP::Params1'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
# Die if backend can't work, e. g. can't connect to server.
$Self->{'Customer::AuthModule::LDAP::Die1'} = 0;
Für die Verteilerlisten noch mal eins, ohne die Authentifizierung:
Code: Select all
$Self->{CustomerUser2} = {
Name => 'Backend2',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
# ldap host
Host => '10xxx',
# ldap base dn
BaseDN => 'ou=verteilerlisten,ou=xy,dc=xy,dc=xy,dc=de',
# search scope (one|sub)
SSCOPE => 'sub',
# The following is valid but would only be necessary if the
# anonymous user does NOT have permission to read from the LDAP tree
UserDN => 'user',
UserPw => 'Password',
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
SourceCharset => 'utf-8',
DestCharset => 'utf-8',
# die if backend can't work, e. g. can't connect to server
Die => 0,
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
Params => {
port => 389,
timeout => 120,
async => 0,
version => 3,
},
},
# customer uniq id
CustomerKey => 'samaccountname',
# customer #
CustomerID => 'mail',
CustomerUserListFields => ['mail', 'samaccountname'],
CustomerUserSearchFields => ['mail', 'samaccountname',],
CustomerUserSearchPrefix => '*',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['name'],
# show now own tickets in customer panel, CompanyTickets
CustomerUserExcludePrimaryCustomerID => 0,
# add a ldap filter for valid users (expert setting)
# CustomerUserValidFilter => '((accountExpires=0))',
# admin can't change customer preferences
AdminSetPreferences => 0,
# cache time to life in sec. - cache any ldap queris
CacheTTL => 240,
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly
[ 'UserLogin', 'Username', 'samaccountname', 0, 1, 'var', '', 0 ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var', '', 0 ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var', '', 0 ],
],
};
Error-Log:
Thu Jan 28 14:39:20 2010 error OTRS-CGI-45 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of:
Thu Jan 28 14:39:19 2010 error OTRS-CGI-45 FEHLER: Spalte »sn« existiert nicht
Thu Jan 28 14:39:02 2010 error OTRS-CGI-45 FEHLER: Spalte »sn« existiert nicht
Bei einem Verteilereintrag hab ich aber keine sn im AD!
Geht das also nicht? Oder denk ich irgendwie falsch bzw. hab ich was vergessen?
Danke für jeden Tipp!