I've prepared a new config to attach second authentication backend to my OTRS. But before changing it maybe would you like to check it and maybe show me some errors in there?
Code: Select all
################### AGENT LDAP AUTH 1 DOMAIN ################
$Self->{'AuthModule1'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host1'} = '192.168.1.1';
$Self->{'AuthModule::LDAP::BaseDN1'} = 'DC=xxx,DC=xxx,DC=xxx';
$Self->{'AuthModule::LDAP::UID1'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::AccessAttr1'} = 'member';
$Self->{'AuthModule::LDAP::UserAttr1'} = 'UID';
# Bind credentials to log into AD
$Self->{'AuthModule::LDAP::SearchUserDN1'} = '[...]DC=xxx,DC=xxx,DC=xxx';
$Self->{'AuthModule::LDAP::SearchUserPw1'} = '*****';
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
# $Self->{'AuthModule::LDAP::AlwaysFilter1'} = '(mail=*)';
# in case you want to add a suffix to each login name, then
# you can use this option. e. g. user just want to use user but
# in your ldap directory exists user@domain.
#$Self->{'AuthModule::LDAP::UserSuffix1'} = '';
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'AuthModule::LDAP::Params1'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
################### CUSTOMER LDAP AUTH 1 DOMAIN ################
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = '192.168.1.1';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'DC=xxx,DC=xxx,DC=xxx';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = '[...]DC=xxx,DC=xxx,DC=xxx';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = '******';
$Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN';
$Self->{CustomerUser} = {
Name => 'LDAP Data Source',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
# ldap host
Host => '192.168.1.1',
# ldap base dn
BaseDN => 'DC=xxx,DC=xxx,DC=xxx',
SSCOPE => 'sub',
# # The following is valid but would only be necessary if the
# # anonymous user does NOT have permission to read from the LDAP tree
UserDN => '[...]DC=xxx,DC=xxx,DC=xxx',
UserPw => '********',
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
#AlwaysFilter => '(mail=*)',
# if your frontend is e. g. iso-8859-1 and the charset of your
# ldap server is utf-8, use these options.
# SourceCharset => 'utf-8',
# DestCharset => 'iso-8859-1',
# if both your frontend and your LDAP are unicode, use this:
SourceCharset => 'utf-8',
DestCharset => 'utf-8',
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
Params => {
port => 389,
timeout => 120,
async => 0,
version => 3,
},
},
ReadOnly => 1,
# customer unique id
CustomerKey => 'sAMAccountName',
CustomerID => 'sAMAccountName',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['name', 'sn'],
Map => [
['UserFirstname', 'Firstname', 'givenName', 1, 1, 'var'],
['UserLastname', 'Lastname', 'sn', 1, 1, 'var'],
['UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var'],
['UserEmail', 'Email', 'mail', 1, 0, 'var'],
['UserCustomerID', 'CustomerID', 'sAMAccountName', 0, 1, 'var'],
['UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var'],
[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var', '', 0 ],
[ 'UserCompany', 'Company', 'company', 1, 0, 'var', '', 0 ],
[ 'UserDepartment', 'Department', 'department', 1, 0, 'var', '', 0 ],
[ 'UserMobile', 'Mobile', 'mobile', 1, 0, 'var', '', 0 ],
[ 'UserFAX', 'FAX', 'facsimileTelepjoneNumber', 1, 0, 'var', '', 0 ],
[ 'UserMemberOf', 'Member Of', 'memberOf', 2, 0, 'var', '', 0 ],
#[ 'UserMemberOfs', 'Member Ofs', 'memberOfs', 1, 0, 'var', '', 0 ],
[ 'badPwdCount', 'badPwdCount', 'badPwdCount', 1, 0, 'var', '', 0 ],
[ 'lockoutTime', 'lockout Time', 'lockoutTime', 1, 0, 'var', '', 0 ],
],
};
################### AGENT LDAP AUTH 2 DOMAIN ################
$Self->{'AuthModule2'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host2'} = '192.168.2.1';
$Self->{'AuthModule::LDAP::BaseDN2'} = 'DC=yyy,DC=yyy,DC=yyy';
$Self->{'AuthModule::LDAP::UID2'} = 'sAMAccountName';
# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group OTRS_Agents to use otrs)
$Self->{'AuthModule::LDAP::AccessAttr2'} = 'member';
$Self->{'AuthModule::LDAP::UserAttr2'} = 'UID';
# Bind credentials to log into AD
$Self->{'AuthModule::LDAP::SearchUserDN2'} = '[...]DC=yyy,DC=yyy,DC=yyy';
$Self->{'AuthModule::LDAP::SearchUserPw2'} = '********';
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
#$Self->{'AuthModule::LDAP::AlwaysFilter2'} = '(mail=*)';
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'AuthModule::LDAP::Params2'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
################### CUSTOMER LDAP AUTH 2 DOMAIN################
$Self->{'Customer::AuthModule2'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host2'} = '192.168.2.1';
$Self->{'Customer::AuthModule::LDAP::BaseDN2'} = 'DC=yyy,DC=yyy,DC=yyy';
$Self->{'Customer::AuthModule::LDAP::UID2'} = 'sAMAccountName';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN2'} = '[...]DC=yyy,DC=yyy,DC=yyy';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw2'} = '********';
#$Self->{'Customer::AuthModule::LDAP::AlwaysFilter2'} = '(mail=*)';
$Self->{'Customer::AuthModule::LDAP::UserAttr2'} = 'DN';
$Self->{'Customer::AuthModule::LDAP::AccessAttr2'} = 'member';
$Self->{CustomerUser2} = {
Name => 'LDAP Data Source',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
# ldap host
Host => '192.168.2.1',
# ldap base dn
BaseDN => 'DC=yyy,DC=yyy,DC=yyy',
SSCOPE => 'sub',
# The following is valid but would only be necessary if the
# anonymous user does NOT have permission to read from the LDAP tree
UserDN => '[...]DC=yyy,DC=yyy,DC=yyy',
UserPw => '********',
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
#AlwaysFilter => '(mail=*)',
# if your frontend is e. g. iso-8859-1 and the charset of your
# ldap server is utf-8, use these options.
#SourceCharset => 'utf-8',
#DestCharset => 'iso-8859-1',
# if both your frontend and your LDAP are unicode, use this:
SourceCharset => 'utf-8',
DestCharset => 'utf-8',
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
Params => {
port => 389,
timeout => 120,
async => 0,
version => 3,
},
},
ReadOnly => 1,
# customer unique id
CustomerKey => 'sAMAccountName',
CustomerID => 'sAMAccountName',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['name', 'sn'],
Map => [
['UserFirstname', 'Firstname', 'givenName', 1, 1, 'var'],
['UserLastname', 'Lastname', 'sn', 1, 1, 'var'],
['UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var'],
['UserEmail', 'Email', 'mail', 1, 0, 'var'],
['UserCustomerID', 'CustomerID', 'sAMAccountName', 0, 1, 'var'],
['UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var'],
[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var', '', 0 ],
[ 'UserCompany', 'Company', 'company', 1, 0, 'var', '', 0 ],
[ 'UserDepartment', 'Department', 'department', 1, 0, 'var', '', 0 ],
[ 'UserMobile', 'Mobile', 'mobile', 1, 0, 'var', '', 0 ],
[ 'UserFAX', 'FAX', 'facsimileTelepjoneNumber', 1, 0, 'var', '', 0 ],
[ 'UserMemberOf', 'Member Of', 'memberOf', 2, 0, 'var', '', 0 ],
#[ 'UserMemberOfs', 'Member Ofs', 'memberOfs', 1, 0, 'var', '', 0 ],
[ 'badPwdCount', 'badPwdCount', 'badPwdCount', 1, 0, 'var', '', 0 ],
[ 'lockoutTime', 'lockout Time', 'lockoutTime', 1, 0, 'var', '', 0 ],
],
};