ich bin einige Schritte weiter mit meinen OTRS Projekt.
Inzwischen kann ich mich mit einem OTRS-lokalem Benutzer als Agent anmelden.
Auch das Anmelden als Agent mit einem AD-Account funktioniert.
1) Kann ich auch dafür sorgen, das die Agents automatisch alle Rechte in OTRS bekommen? Bisher muss ich die Berechtigungen manuell nachsetzen.
Ist nur kosmetik...
2) Wenn ich mich als Kunde mit einem AD-Account anmelde, erhalte ich:
Authentication succeeded, but no customer record is found in the customer backend. Please contact your administrator.
IN meiner Config.pm habe ich den Sync eigentlich drinn, trotzdem klappt er nicht.
Nun meine Fragen:
- eigentlich sollte es eine otrs.log Datei unter /opt/otrs/var/log geben. Die gibt es leider nicht. Wo finde ich denn weitere Logfiles, wo eventuell etwas mehr drinnsteht? Es gbit hier im Verzeichnis nur SchedulerErr.log sowie TicketCounter.log und SchedulerOut.log
Meine Config.pm
Code: Select all
# --
# Kernel/Config.pm - Config file for OTRS kernel
# Copyright (C) 2001-2015 xxx, http://otrs.com/
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (AGPL). If you
# did not receive this file, see http://www.gnu.org/licenses/agpl.txt.
# --
# Note:
#
# -->> Most OTRS configuration should be done via the OTRS web interface
# and the SysConfig. Only for some configuration, such as database
# credentials and customer data source changes, you should edit this
# file. For changes do customer data sources you can copy the definitions
# from Kernel/Config/Defaults.pm and paste them in this file.
# Config.pm will not be overwritten when updating OTRS.
# --
package Kernel::Config;
use strict;
use warnings;
use utf8;
sub Load {
my $Self = shift;
# ---------------------------------------------------- #
# database settings #
# ---------------------------------------------------- #
# The database host
$Self->{'DatabaseHost'} = '127.0.0.1';
# The database name
$Self->{'Database'} = "otrs_main_db";
# The database user
$Self->{'DatabaseUser'} = "otrsdbuser";
# The password of database user. You also can use bin/otrs.CryptPassword.pl
# for crypted passwords
$Self->{'DatabasePw'} = '7#qirGzP!t!2kR$Nn2vu';
# The database DSN for MySQL ==> more: "perldoc DBD::mysql"
$Self->{'DatabaseDSN'} = "DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost}";
# The database DSN for PostgreSQL ==> more: "perldoc DBD::Pg"
# if you want to use a local socket connection
# $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};";
# if you want to use a TCP/IP connection
# $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};host=$Self->{DatabaseHost};";
# The database DSN for Microsoft SQL Server - only supported if OTRS is
# installed on Windows as well
# $Self->{DatabaseDSN} = "DBI:ODBC:driver={SQL Server};Database=$Self->{Database};Server=$Self->{DatabaseHost},1433";
# The database DSN for Oracle ==> more: "perldoc DBD::oracle"
# $Self->{DatabaseDSN} = "DBI:Oracle://$Self->{DatabaseHost}:1521/$Self->{Database}";
#
# $ENV{ORACLE_HOME} = '/path/to/your/oracle';
# $ENV{NLS_DATE_FORMAT} = 'YYYY-MM-DD HH24:MI:SS';
# $ENV{NLS_LANG} = 'AMERICAN_AMERICA.AL32UTF8';
# ---------------------------------------------------- #
# fs root directory
# ---------------------------------------------------- #
$Self->{Home} = '/opt/otrs';
# ---------------------------------------------------- #
# insert your own config settings "here" #
# config settings taken from Kernel/Config/Defaults.pm #
# ---------------------------------------------------- #
# $Self->{SessionUseCookie} = 0;
# $Self->{CheckMXRecord} = 0;
# Authenticate Users against local OTRS Database
# Just for Management: If LDAP Auth fails, we have a
# emergency-user database
$Self->{'AuthModule1'} = 'Kernel::System::Auth::DB';
$Self->{'AuthModule::DB::CryptType1'} = 'crypt';
##############################################################################
### Diese Konfigration regelt den Zugriff der Agents aus dem AD #####
##############################################################################
# This is an example configuration for using an MS AD backend
$Self->{'AuthModule2'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host2'} = 'prtglabdc01.prtglab.local';
$Self->{'AuthModule::LDAP::BaseDN2'} = 'dc=prtglab,dc=local';
$Self->{'AuthModule::LDAP::UID2'} = 'sAMAccountName';
# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group OTRS_Agents to use otrs)
$Self->{'AuthModule::LDAP::GroupDN2'} = 'CN=SG_OTRS_AGENTS,OU=ZZ_Global Security Groups,OU=Hamburg,DC=prtglab,DC=local';
$Self->{'AuthModule::LDAP::AccessAttr2'} = 'member';
$Self->{'AuthModule::LDAP::UserAttr2'} = 'DN';
# Bind credentials to log into AD
$Self->{'AuthModule::LDAP::SearchUserDN2'} = 'CN=Systemldap,OU=ZZ_System Accounts,OU=Hamburg,DC=prtglab,DC=local';
$Self->{'AuthModule::LDAP::SearchUserPw2'} = 'MyPassword';
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
$Self->{'AuthModule::LDAP::AlwaysFilter2'} = '';
# in case you want to add a suffix to each login name, then
# you can use this option. e. g. user just want to use user but
# in your ldap directory exists user@domain.
#$Self->{'AuthModule::LDAP::UserSuffix2'} = '';
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'AuthModule::LDAP::Params2'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
# Now sync data with OTRS DB
$Self->{'AuthSyncModule2'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host2'} = 'prtglabdc01.prtglab.local';
$Self->{'AuthSyncModule::LDAP::BaseDN2'} = 'dc=prtglab, dc=local';
$Self->{'AuthSyncModule::LDAP::UID2'} = 'sAMAccountName';
$Self->{'AuthSyncModule::LDAP::SearchUserDN2'} = 'CN=Systemldap,OU=ZZ_System Accounts,OU=Hamburg,DC=prtglab,DC=local';
$Self->{'AuthSyncModule::LDAP::SearchUserPw2'} = 'MyPassword';
$Self->{'AuthSyncModule::LDAP::UserSyncMap2'} = {
# DB -> LDAP
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
# AuthSyncModule::LDAP::UserSyncInitialGroups
# (sync following group with rw permission after initial create of first agent
# login)
$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups2'} = [
'users',
];
##############################################################################
#### Ende Konfiguration Agent-AD-Anbindung #####
##############################################################################
################################################################################################################################
#------------------------------------------------------------------------------------------------------------------------------#
# Customer #
#------------------------------------------------------------------------------------------------------------------------------#
$Self->{'Customer::AuthModule1'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host1'} = 'prtglabdc01.prtglab.local';
$Self->{'Customer::AuthModule::LDAP::BaseDN1'} ='dc=prtglab, dc=local';
$Self->{'Customer::AuthModule::LDAP::UID1'} = 'sAMAccountName';
$Self->{'Customer::AuthModule::LDAP::GroupDN1'} = 'CN=SG_OTRS_CUSTOMER,OU=ZZ_Global Security Groups,OU=Hamburg,DC=prtglab,DC=local';
$Self->{'Customer::AuthModule::LDAP::AccessAttr1'} = 'member';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN1'} = 'CN=Systemldap,OU=ZZ_System Accounts,OU=Hamburg,DC=prtglab,DC=local';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw1'} = 'MyPassword';
$Self->{'Customer::AuthModule::LDAP::Params1'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
#------------------------------------------------------------------------------------------------------------------------------#
# LDAP System Users #
#------------------------------------------------------------------------------------------------------------------------------#
$Self->{'AuthModule1'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host1'} = 'prtglabdc01.prtglab.local';
$Self->{'AuthModule::LDAP::BaseDN1'} = 'dc=prtglab, dc=local';
$Self->{'AuthModule::LDAP::UID1'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::SearchUserDN1'} = 'CN=Systemldap,OU=ZZ_System Accounts,OU=Hamburg,DC=prtglab,DC=local';
$Self->{'AuthModule::LDAP::SearchUserPw1'} = 'MyPassword';
$Self->{'AuthModule::LDAP::Params1'} = {
'async' => '0',
'timeout' => '120',
'version' => '3',
'port' => '389'
};
$Self->{'AuthModule::LDAP::Die1'} = 1;
#------------------------------------------------------------------------------------------------------------------------------#
# UserSyncLDAPMap #
#------------------------------------------------------------------------------------------------------------------------------#
$Self->{'UserSyncLDAPMap1'} = {
'UserEmail' => 'mail',
'UserFirstname' => 'givenName',
'UserLastname' => 'sn',
'UserLogin' => 'sAMAccountName'
};
$Self->{CustomerUser1} = {
Name => 'prtglab',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'prtglabdc01.prtglab.local',
BaseDN => 'dc=prtglab, dc=local',
SSCOPE => 'sub',
UserDN => 'CN=Systemldap,OU=ZZ_System Accounts,OU=Hamburg,DC=prtglab,DC=local',
UserPw => 'MyPassword',
AlwaysFilter => ,
},
CustomerKey => 'sAMAccountName',
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => ,
CustomerUserSearchSuffix => '*',
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
CustomerUserSearchListLimit => 1000,
AdminSetPreferences => 0,
Map => [
[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
],
};
#------------------------------------------------------------------------------------------------------------------------------#
# Firma Ende #
#------------------------------------------------------------------------------------------------------------------------------#
################################################################################################################################
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# data inserted by installer #
# ---------------------------------------------------- #
# $DIBI$
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# #
# end of your own config options!!! #
# #
# ---------------------------------------------------- #
# ---------------------------------------------------- #
}
# ---------------------------------------------------- #
# needed system stuff (don't edit this) #
# ---------------------------------------------------- #
use base qw(Kernel::Config::Defaults);
# -----------------------------------------------------#
1;
Grüße und schönes Wochenende....