OTRS AD Authentication - sub groups

Dont create your support topics here! No new topics with questions allowed!

Moderator: crythias

Forum rules
Dont create your support topics here! No new topics with questions allowed!
Post Reply
PLANCHENAULT
Znuny newbie
Posts: 3
Joined: 28 Aug 2018, 09:19
Znuny Version: 6.0.10
Real Name: Philippe PLANCHENAULT
Company: STIC

OTRS AD Authentication - sub groups

Post by PLANCHENAULT »

Hi,

I configure an authentication to my Active Directory. I create a group "OTRS_Users" which contains the users : the authentication works.

Now, I want to authorize a subgroup of users under OTRS_Users. In this case, the authentication doesn't work.

Is this setting possible ? See below my actual settings (the users are in the group "OTRS_Users") :

Best regards

Code: Select all

# This is a configuration for agents
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'my_Host';
$Self->{'AuthModule::LDAP::BaseDN'} = 'my_BaseDN';
$Self->{'AuthModule::LDAP::UID'} = 'my_UID';

# Check if the user is allowed to auth in a posixGroup
$Self->{'AuthModule::LDAP::GroupDN'} = 'my_GroupDN';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';

# Bind credentials to log into AD
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'my_SearchUserDN';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'my_SearchUserPw';

# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'AuthModule::LDAP::Params'} = {
port => my_port,
timeout => 120,
async => 0,
version => 3,
};

# Now sync data with OTRS DB
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = 'my_Host';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'my_BaseDN';
$Self->{'AuthSyncModule::LDAP::UID'} = 'my_UID';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'my_SearchUserDN';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'my_SearchUserPw';
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {# DB -> LDAP
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
Post Reply