OTRs Active Directory

[seb1207]

Dear All,
I want to use active directory for customer authentification and to have information about the active directory database.
I my organisation we have a lot of OU and do i prefer to huse a specific group for custumer authentification and information.
I modify my config.pm but i have all objet (user group, PC, ...) of my active directory in my OTRS
so how i can delete the wrong element in the OTRS database and what the configuration for have only information about a specific active directorry group in OTRS database.
See after my config .pm

Code: Select all

# Authentification client via Acitve directory.
	   $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
	   $Self->{'Customer::AuthModule::LDAP::Host'} = 'my.company.lan';
	   $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=company,dc=lan';
	   $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
	 # Compte pour parcourir AD car compte anonyme par permission  
	   $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=OTRS LDAP,cn=Users,dc=company,dc=lan';
	   $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'xxxx';
	   
	# CustomerUser
	# (customer user ldap backend and settings)
		$Self->{CustomerUser} = {
		 Name => 'LDAP Backend',
		 Module => 'Kernel::System::CustomerUser::LDAP',
		 Params => {
         Host => my.company.lan',
         BaseDN => 'CN=OTRSclient,CN=Users,DC=mycompany,DC=lan',
		 SSCOPE => 'sub',
         UserDN => 'OTRS@mycompany.lan',
         UserPw => 'xxxx',
		 AlwaysFilter => '(objectclass=user)' ,
		 SourceCharset => 'utf-8',
		 DestCharset => 'iso-8859-1',
		 },	 
		# customer unique id
			CustomerKey => 'sAMAccountName',
		# customer #
			CustomerID => 'mail',
			CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
			CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
			CustomerUserSearchPrefix => '',
			CustomerUserSearchSuffix => '*',
			CustomerUserSearchListLimit => 250,
			CustomerUserPostMasterSearchFields => ['mail'],
			CustomerUserNameFields => ['givenname', 'sn'],
			Map => [
			# note: Login, Email and CustomerID needed!
			# var, frontend, storage, shown, required, storage-type
			#[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
			[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
			[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
			[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
			[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
			[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
			[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
		  #[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
		  #[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
			],
		};
  
#Add the following lines when only users are allowed to login if they reside in the spicified security group
#Remove these lines if you want to provide login to all users specified in the User Base DN
#example: $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=BaseOU, dc=example, dc=com';
  $Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'CN=OTRSclient,CN=Users,DC=company,DC=lan';
  $Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
  $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN';	

Thanks
Best Regards
Seb

[crythias]

This line is part of it (list):

Code: Select all

 AlwaysFilter => '(objectclass=user)' ,

and this (authentication):

Code: Select all

  $Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'CN=OTRSclient,CN=Users,DC=company,DC=lan';

You may also check your BaseDN for the list.

[seb1207]

Thank,
But I don't understand something, and i'm not very comfortable with LDAP and Perl syntax.
So when in my config when i have:

Code: Select all

BaseDN => 'DC=mycompany,DC=lan',

and

Code: Select all

AlwaysFilter => '(objectclass=user)' ,

I have in my OTRS customer list all active directory objet (user groupe, pc, users, ...)
When i change witch:

Code: Select all

BaseDN => 'CN=OTRSclient,CN=Users,DC=mycompany,DC=lan'

and

Code: Select all

AlwaysFilter => '(objectclass=user)' ,

I have nobody in my OTRS customer list.
if i understand this

Code: Select all

$Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'CN=OTRSclient,CN=Users,DC=company,DC=lan';

it's for allow only people to log in the custumer interfaces if he is in this specific group.

Thanks in advance

Seb

[crythias]

So far it sounds reasonable. In my opinion, the list of customers doesn't matter if it's too big because it's a query. That is to say, the only problem with having too many customers in a list is if an agent assigns a ticket to a customer that can't log on because authentication is more restrictive.

BaseDN should be the same: dc=company,dc=lan for auth and list

[syalcin]

I'm having a problem with the AD also..Here is what i'm getting from 3b2

[Notice][Kernel::System::CustomerAuth::LDAP::Auth] CustomerUser: xxxx (CN=xxx,OU=private,DC=lan,DC=local) authentication ok (REMOTE_ADDR: ).
Sep 7 09:30:08 d-128-95-129-129 OTRS-CGI-10[27233]: [Error][Kernel::System::CustomerUser::SetPreferences][Line:493]: No such user 'xxxx'!

any ideas?

[fbobraga]

I modify my config.pm but i have all objet (user group, PC, ...) of my active directory in my OTRS
so how i can delete the wrong element

I have in my OTRS customer list all active directory objet (user groupe, pc, users, ...)

There are two sections on Config.pm related to it: Auth (through $Self->{'Customer::AuthModule'}) and "List" (through $Self->{CustomerUser}).
The AlwaysFilter param must be at the second "place" (not on Auth!), to achieve the desired results

see: http://forums.otrs.org/viewtopic.php?f= ... 773#p23773

[croffler]

Same here, did you find a solution to this problem ?

Chris

I'm having a problem with the AD also..Here is what i'm getting from 3b2

[Notice][Kernel::System::CustomerAuth::LDAP::Auth] CustomerUser: xxxx (CN=xxx,OU=private,DC=lan,DC=local) authentication ok (REMOTE_ADDR: ).
Sep 7 09:30:08 d-128-95-129-129 OTRS-CGI-10[27233]: [Error][Kernel::System::CustomerUser::SetPreferences][Line:493]: No such user 'xxxx'!

any ideas?

[crythias]

Chris, I believe this topic was solved for the OP. (or else the OP gave up... )

If you would like to open your own topic and post your redacted Config.pm, I'm sure it can be addressed.