Hallo,
ich habe folgendes Problem, als Customer Backend möchte ich gerne mehrere ADs verwenden, aber es gibt in den ADs u.U. user mit dem selben sAMAccoutname.
Ich habe die Authentifizierung auch soweit laufen mit 2 ADs im Backend
----------------------------------
#Enable LDAP authentication for Customers / Users
$Self->{'Customer::AuthModule1'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host1'} = '172.20.xxx.xxx';
$Self->{'Customer::AuthModule::LDAP::BaseDN1'} = 'BASE DN';
$Self->{'Customer::AuthModule::LDAP::UID1'} = 'sAMAccountname';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN1'} = 'VOLLE USER DN';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw1'} = 'PASSWORD';
$Self->{CustomerGroupSupport} = 1;
$Self->{CustomerGroupAlwaysGroups} = [];
# MCON AD Backend for users
$Self->{CustomerUser1} = {
Name => 'AD1',
Module => 'Kernel::System::CustomerUser::LDAP',
Die => '0',
Params => {
Host => '172.20.xxx.xxx',
BaseDN => 'BASE DN',
SSCOPE => 'sub',
UserDN =>'VOLLE USER DN',
UserPw => 'PASSWORD',
},
# customer unique id
CustomerKey => 'sAMAccoutname',
# # customer #
CustomerID => 'mail',
CustomerUserListFields => [ 'cn', 'mail'],
CustomerUserSearchFields => [ 'mail' , 'sAMAccountName', 'cn' ],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 2500,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenName', 'sn'],
# # show now own tickets in customer panel, CompanyTickets
CustomerUserExcludePrimaryCustomerID => 0,
AdminSetPreferences => 1,
Map => [
# # note: Login, Email and CustomerID needed!
# # var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly
[ 'UserSalutation', 'Title', 'title', 1, 0, 'var', '', 0 ],
[ 'UserFirstname', 'Firstname', 'givenName', 1, 1, 'var', '', 0 ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var', '', 0 ],
[ 'UserLogin', 'Username', 'sAMAccountname', 1, 1, 'var', '', 0 ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var', '', 0 ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var', '', 0 ],
# [ 'UserCustomerIDs','CustomerIDs','second_customer_ids',1, 0, 'var', '', 0 ],
[ 'UserPhone', 'Phone', 'telephoneNumber', 1, 0, 'var', '', 0 ],
[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var', '', 0 ],
# [ 'UserLocation', 'Location', 'l', 1, 0, 'var', '', 0 ],
[ 'UserComment', 'Comment', 'description', 1, 0, 'var', '', 0 ],
],
};
#Enable LDAP authentication for Customers / Users
$Self->{'Customer::AuthModule2'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host2'} = '172.20.xxx.xxx';
$Self->{'Customer::AuthModule::LDAP::BaseDN2'} = 'BASE DN';
$Self->{'Customer::AuthModule::LDAP::UID2'} = 'sAMAccountname';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN2'} = 'VOLLE USER DN';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw2'} = 'PASSWORD';
$Self->{CustomerGroupSupport} = 1;
$Self->{CustomerGroupAlwaysGroups} = [];
# MCON AD Backend for users
$Self->{CustomerUser2} = {
Name => 'AD1',
Module => 'Kernel::System::CustomerUser::LDAP',
Die => '0',
Params => {
Host => '172.20.xxx.xxx',
BaseDN => 'BASE DN',
SSCOPE => 'sub',
UserDN =>'VOLLE USER DN',
UserPw => 'PASSWORD',
},
# customer unique id
CustomerKey => 'sAMAccoutname',
# # customer #
CustomerID => 'mail',
CustomerUserListFields => [ 'cn', 'mail'],
CustomerUserSearchFields => [ 'mail' , 'sAMAccountName', 'cn' ],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 2500,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenName', 'sn'],
# # show now own tickets in customer panel, CompanyTickets
CustomerUserExcludePrimaryCustomerID => 0,
AdminSetPreferences => 1,
Map => [
# # note: Login, Email and CustomerID needed!
# # var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly
[ 'UserSalutation', 'Title', 'title', 1, 0, 'var', '', 0 ],
[ 'UserFirstname', 'Firstname', 'givenName', 1, 1, 'var', '', 0 ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var', '', 0 ],
[ 'UserLogin', 'Username', 'sAMAccountname', 1, 1, 'var', '', 0 ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var', '', 0 ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var', '', 0 ],
# [ 'UserCustomerIDs','CustomerIDs','second_customer_ids',1, 0, 'var', '', 0 ],
[ 'UserPhone', 'Phone', 'telephoneNumber', 1, 0, 'var', '', 0 ],
[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var', '', 0 ],
# [ 'UserLocation', 'Location', 'l', 1, 0, 'var', '', 0 ],
[ 'UserComment', 'Comment', 'description', 1, 0, 'var', '', 0 ],
],
};
----------------------------
Wenn ich jetzt anfange zu testen mit einem user mit dem selben sAMAccountname in beiden ADs, dann kommt das OTRS mit dem User durcheinander.
Gibts dafür eine Lösung ?
Ich habe bereits überlegt ob ich nach Windowsmanier mit DOMAINNAME\sAMAccountname daran gehen kann, bekomme ich aber nicht hin.
"userPrincipalName" wäre als eindeutige zuordnung auch zu gebrauchen.
Danke schomal und Gruss
soeren