I want to use active directory for customer authentification and to have information about the active directory database.
I my organisation we have a lot of OU and do i prefer to huse a specific group for custumer authentification and information.
I modify my config.pm but i have all objet (user group, PC, ...) of my active directory in my OTRS
so how i can delete the wrong element in the OTRS database and what the configuration for have only information about a specific active directorry group in OTRS database.
See after my config .pm
Code: Select all
# Authentification client via Acitve directory.
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'my.company.lan';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=company,dc=lan';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
# Compte pour parcourir AD car compte anonyme par permission
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=OTRS LDAP,cn=Users,dc=company,dc=lan';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'xxxx';
# CustomerUser
# (customer user ldap backend and settings)
$Self->{CustomerUser} = {
Name => 'LDAP Backend',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => my.company.lan',
BaseDN => 'CN=OTRSclient,CN=Users,DC=mycompany,DC=lan',
SSCOPE => 'sub',
UserDN => 'OTRS@mycompany.lan',
UserPw => 'xxxx',
AlwaysFilter => '(objectclass=user)' ,
SourceCharset => 'utf-8',
DestCharset => 'iso-8859-1',
},
# customer unique id
CustomerKey => 'sAMAccountName',
# customer #
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
#[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
#[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
#[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
#Add the following lines when only users are allowed to login if they reside in the spicified security group
#Remove these lines if you want to provide login to all users specified in the User Base DN
#example: $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=BaseOU, dc=example, dc=com';
$Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'CN=OTRSclient,CN=Users,DC=company,DC=lan';
$Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN';
Best Regards
Seb