We've recently integrated with a second organisation however as we use LDAP for our Customer User lists, this has caused a few things to not work as desired (they can log a ticket using their LDAP however don't appear in the Customer Address Book.)
Below is our slightly odd way to add the users; however has anyone successfully integrated with greater than one LDAP domains for customers in the past?
Code: Select all
$Self->{'Customer::AuthModule::LDAP::Params'} = {
SourceCharset => 'utf-8',
DestCharset => 'utf-8'
};
#$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN'
# We only need to see users. Not computers and no disabled users.
$Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '(&(!(objectClass=Computer))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))';
####################################################################
$Self->{CustomerUser} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Name => 'Domain1 Active Directory',
Params => {
Host => 'dc01.domain1.com',
BaseDN => 'DC=domain1,DC=com',
SSCOPE => 'sub',
UserDN => 'CN=LDAP Search,OU=Service Accounts,OU=Administration,DC=domain1,DC=com',
UserPw => 'DodgyPassword!',
},
CustomerKey => 'sAMAccountName',
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephoneNumber', 1, 0, 'var' ],
[ 'UserAddress', 'Address', 'physicalDeliveryOfficeName', 1, 0, 'var' ],
# [ 'TicketFreeKey1', 'Address', 'physicalDeliveryOfficeName', 1, 0, 'var' ],
[ 'UserCountry', 'Country', 'country', 1, 0, 'var', '', 0 ],
[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
####################################################################
# Now sync data with OTRS DB
$Self->{'AuthModule::UseSyncBackend'} = 'AuthSyncBackend';
##end
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = 'dc01.domain1.com';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'DC=domain1,DC=com';
$Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'CN=LDAP Search,OU=Service Accounts,OU=Administration,DC=domain1,DC=com';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'DodgyPassword!';
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
# DB -> LDAP
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
####################################################################
#-------------------------------------------------------------------------------------------#
# DOMAIN2 Customer Authentication #
#-------------------------------------------------------------------------------------------#
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host1'} = 'dc1.domain2.com';
$Self->{'Customer::AuthModule::LDAP::BaseDN1'} = 'DC=domain2,DC=com';
$Self->{'Customer::AuthModule::LDAP::UID1'} = 'sAMAccountName';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN1'} = 'ldapsearch@domain2.com';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw1'} = 'InsecurePassword!';
#-------------------------------------------------------------------------------------------#
# Customerdata #
#-------------------------------------------------------------------------------------------#
$Self->{CustomerUser2} = {
Name => 'DOMAIN2',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'd1.domain2.com',
BaseDN => 'DC=DOMAIN2,DC=COM',
SSCOPE => 'sub',
UserDN => 'ldapsearch@Domain2.com',
UserPw => 'InsecurePassword!',
SourceCharset => 'utf-8',
DestCharset => 'utf-8',
},
CustomerKey => 'sAMAccountName',
CustomerID => 'UserPrincipalName',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail', 'UserPrincipalName'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail', 'UserPrincipalName'],
CustomerUserPostMasterSearchFields => ['UserPrincipalName'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
['UserSalutation', 'Title', 'title', '1', '0', 'var'],
['UserFirstname', 'Firstname', 'givenname', '1', '1', 'var'],
['UserLastname', 'Lastname', 'sn', '1', '1', 'var'],
['UserLogin', 'Login', 'sAMAccountName', '1', '1', 'var'],
['UserEmail', 'Email', 'UserPrincipalName', '1', '1', 'var'],
['UserCustomerID', 'CustomerID', 'UserPrincipalName', '0', '1', 'var'],
['UserPhone', 'Phone', 'telephonenumber', '1', '0', 'var'],
['UserAddress', 'Address', 'postaladdress', '1', '0', 'var'],
['UserComment', 'Comment', 'description', '1', '0', 'var'],
],
};
#-------------------------------------------------------------------------------------------#
# DOMAIN2 End #
#-------------------------------------------------------------------------------------------#
Adam,