We are using ORTR version 4.0.7 for HelpDesk support and LDAP authentications for customer.
We would like to make multiple authentications for customers (LDAP and internal DB).
LDAP is working correct at this moment but we don't know how to make extra internal DB authentication and later how to create users for internal DB.
My Config.pm
Code: Select all
use strict;
use warnings;
use utf8;
sub Load {
my $Self = shift;
# ---------------------------------------------------- #
# database settings #
# ---------------------------------------------------- #
# The database host
$Self->{'DatabaseHost'} = '127.0.0.1';
# The database name
$Self->{'Database'} = "otrs";
# The database user
$Self->{'DatabaseUser'} = "otrs";
# The password of database user. You also can use bin/otrs.CryptPassword.pl
# for crypted passwords
$Self->{'DatabasePw'} = 'somexxx';
# The database DSN for MySQL ==> more: "perldoc DBD::mysql"
$Self->{'DatabaseDSN'} = "DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost}";
# The database DSN for PostgreSQL ==> more: "perldoc DBD::Pg"
# if you want to use a local socket connection
# $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};";
# if you want to use a TCP/IP connection
# $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};host=$Self->{DatabaseHost};";
# if you have PostgresSQL 8.1 or earlier, activate the legacy driver with this line:
# $Self->{DatabasePostgresqlBefore82} = 1;
# The database DSN for Microsoft SQL Server - only supported if OTRS is
# installed on Windows as well
# $Self->{DatabaseDSN} = "DBI:ODBC:driver={SQL Server};Database=$Self->{Database};Server=$Self->{DatabaseHost},1433";
# The database DSN for Oracle ==> more: "perldoc DBD::oracle"
# $ENV{ORACLE_HOME} = '/u01/app/oracle/product/10.2.0/client_1';
# $ENV{NLS_DATE_FORMAT} = 'YYYY-MM-DD HH24:MI:SS';
# $ENV{NLS_LANG} = "american_america.utf8";
# $Self->{DatabaseDSN} = "DBI:Oracle:sid=OTRS;host=$Self->{DatabaseHost};port=1522;";
# ---------------------------------------------------- #
# fs root directory
# ---------------------------------------------------- #
$Self->{Home} = '/opt/otrs';
# ---------------------------------------------------- #
# insert your own config settings "here" #
# config settings taken from Kernel/Config/Defaults.pm #
# ---------------------------------------------------- #
# $Self->{SessionUseCookie} = 0;
# $Self->{CheckMXRecord} = 0;
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# data inserted by installer #
# ---------------------------------------------------- #
# $DIBI$
$Self->{'DefaultCharset'} = 'utf-8';
# Agent LDAP authentication
$Self->{'AuthModule2'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host2'} = 'xxxx.local';
$Self->{'AuthModule::LDAP::BaseDN2'} = 'dc=xxxx,dc=local';
$Self->{'AuthModule::LDAP::UID2'} = 'sAMAccountName';
# Check if the user is allowed to auth based on AD group membership
$Self->{'AuthModule::LDAP::GroupDN2'} = 'CN=xxxxgruop,OU=IT,OU=Groups,DC=xxxx,DC=local';
$Self->{'AuthModule::LDAP::AccessAttr2'} = 'member';
$Self->{'AuthModule::LDAP::UserAttr2'} = 'DN';
# The following is valid but would only be necessary if the
# anonymous user does NOT have permission to read from the LDAP tree
$Self->{'AuthModule::LDAP::SearchUserDN2'} = 'test1@xxxx.local';
$Self->{'AuthModule::LDAP::SearchUserPw2'} = 'Passwd.100';
$Self->{'AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
# agent data sync against ldap
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = 'xxxx.local';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=xxxx,dc=local';
$Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'test1@xxxx.local';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'Passwd.100;
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
# DB -> LDAP
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
# AuthSyncModule::LDAP::UserSyncInitialGroups
# (sync following group with rw permission after initial create of first agent
# login)
$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
'users',
];
# ---------------------------------------------------- #
# LDAP Configuration Settings Customers #
# ---------------------------------------------------- #
#Enable LDAP authentication for Customers / Users
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'xxxx.local';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=xxxx,dc=local';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
# The following is valid but would only be necessary if the
# anonymous user do NOT have permission to read from the LDAP tree
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'test1@xxxx.local';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'Passwd.1000';
# CustomerUser
# (customer user database backend and settings)
$Self->{CustomerUser} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'xxxx.local',
BaseDN => 'dc=xxxx,dc=local',
SSCOPE => 'sub',
UserDN =>'test1@xxxx.local',
UserPw => 'Passwd.1000',
#AlwaysFilter => '(&(objectcategory=person)(objectclass=user)(!(description=built-In))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))',
AlwaysFilter => '(&(objectcategory=person)(objectclass=user)(mail=*)(!(description=built-In))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))',
# if both your frontend and your LDAP are unicode, use this:
SourceCharset => 'utf-8',
DestCharset => 'utf-8',
# if your frontend is e. g. iso-8859-1 and the character set of your
# ldap server is utf-8, use these options:
# SourceCharset => 'utf-8',
# DestCharset => 'iso-8859-1',
},
# customer unique id
CustomerKey => 'sAMAccountName',
# customer #
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 1000,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
#[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'company', 1, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
[ 'UserMobile', 'Mobile', 'mobile', 1, 0, 'var' ],
#[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
#[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# #
# end of your own config options!!! #
# #
# ---------------------------------------------------- #
# ---------------------------------------------------- #
}
# ---------------------------------------------------- #
# needed system stuff (don't edit this) #
# ---------------------------------------------------- #
use base qw(Kernel::Config::Defaults);
# -----------------------------------------------------#
1;