I have a little problem here regarding syncing users from LDAP to the DB. and i searched the whole internet and tried so many possibilities and still didn't manage to make it work, your help is much appreciated.
Our scenario is as follows:
we want to use Znuny for security incident handling, and in incident response we have multiple teams;
1. the core team (security team)
2. support team from networking department
3. support team from infrastructure operations department
4. etc...
i want to authenticate each of these teams separately, and i did that with no problem with the below config for each team:
Code: Select all
$Self->{AuthModule3} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host3'} = 'X.X.X.X';
$Self->{'AuthModule::LDAP::BaseDN3'} = 'OU=<TEAM USERS DIRECTORY>,OU=Users,OU=XXXXX,DC=XXXXX,DC=XXXXX';
$Self->{'AuthModule::LDAP::UID3'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::GroupDN3'} = 'CN=<TEAM GROUP>,CN=Users,DC=XXXXX,DC=XXXXX';
$Self->{'AuthModule::LDAP::AccessAttr3'} = 'member';
$Self->{'AuthModule::LDAP::UserAttr3'} = 'DN';
$Self->{'AuthModule::LDAP::SearchUserDN3'} = 'AD_USER_FOR_AUTH';
$Self->{'AuthModule::LDAP::SearchUserPw3'} = '<PASSWORD>';
$Self->{'AuthModule::LDAP::AlwaysFilter3'} = '(ObjectClass=user)';
$Self->{'AuthModule::LDAP::UserLowerCase3'} = 0;
$Self->{'AuthModule::LDAP::Params3'} = {
port => 389,
timeout => 10, # original value is 120
async => 0,
version => 3,
};
$Self->{'AuthModule::LDAP::Die3'} = 1;
$Self->{'AuthModule::UseSyncBackend3'} = 'AuthSyncBackend';
here is the sync settings:
Code: Select all
$Self->{AuthSyncModule} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = 'XXXX';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'XXXX';
$Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'XXXX';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'XXXX';
$Self->{'AuthSyncModule::LDAP::AlwaysFilter'} = '';
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'EmailAddress',
};
$Self->{'AuthSyncModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
$Self->{'AuthSyncModule::LDAP::Die'} = 1;
# Attributes needed for group syncs
$Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthSyncModule::LDAP::UserAttr'} = 'DN';
$Self->{'AuthSyncModule::LDAP::NestedGroupSearch'} = 1;
$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
'users',
];
$Self->{'AuthSyncModule::LDAP::UserSyncGroupsDefinition'} = {
'CN=SECURITYTEAM,OU=Groups,OU=XXXX,DC=XXXX,DC=XXXX' => {
'admin' => {
rw => 1,
},
'SOC' => {
rw => 1,
},
},
'CN=NETWORKTEAM,OU=Groups,OU=XXXX,DC=XXXX,DC=XXXX' => {
'CNI' => {
rw => 1,
},
},
'CN=INFRATEAM,OU=Groups,OU=XXXX,DC=XXXX,DC=XXXX' => {
'Infra-OPS' => {
rw => 1,
},
}
};
# Attributes needed for role syncs
$Self->{'AuthSyncModule::LDAP::UserSyncRolesDefinition'} = {
'CN=SECURITYTEAM,OU=XXXX,OU=XXXX,DC=XXXX,DC=XXXX' => {
'SOC L2' => 1,
},
'CN=NETWORKTEAM,OU=Groups,OU=XXXX,DC=XXXX,DC=XXXX' => {
'CNI' => 1,
},
'CN=INFRATEAM,OU=Groups,OU=XXXX,DC=XXXX,DC=XXXX' => {
'Infra-OPS' => 1,
}
};