ich habe mal eine Frage... ist es möglich, dass ich die Kunden über die interne DB laufen lassen, wenn sich die Agents über das Active Directory authentifizieren?
Aktuell sieht meine Config.pm so aus:
Code: Select all
# --
# Kernel/Config.pm - Config file for OTRS kernel
# Copyright (C) 2001-2015 xxx, http://otrs.com/
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (AGPL). If you
# did not receive this file, see http://www.gnu.org/licenses/agpl.txt.
# --
# Note:
#
# -->> Most OTRS configuration should be done via the OTRS web interface
# and the SysConfig. Only for some configuration, such as database
# credentials and customer data source changes, you should edit this
# file. For changes do customer data sources you can copy the definitions
# from Kernel/Config/Defaults.pm and paste them in this file.
# Config.pm will not be overwritten when updating OTRS.
# --
package Kernel::Config;
use strict;
use warnings;
use utf8;
sub Load {
my $Self = shift;
# ---------------------------------------------------- #
# database settings #
# ---------------------------------------------------- #
# The database host
$Self->{'DatabaseHost'} = 'localhost';
# The database name
$Self->{'Database'} = "otrs";
# The database user
$Self->{'DatabaseUser'} = "otrs";
# The password of database user. You also can use bin/otrs.CryptPassword.pl
# for crypted passwords
$Self->{'DatabasePw'} = '**********';
# The database DSN for MySQL ==> more: "perldoc DBD::mysql"
$Self->{'DatabaseDSN'} = "DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost}";
# The database DSN for PostgreSQL ==> more: "perldoc DBD::Pg"
# if you want to use a local socket connection
# $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};";
# if you want to use a TCP/IP connection
# $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};host=$Self->{DatabaseHost};";
# The database DSN for Microsoft SQL Server - only supported if OTRS is
# installed on Windows as well
# $Self->{DatabaseDSN} = "DBI:ODBC:driver={SQL Server};Database=$Self->{Database};Server=$Self->{DatabaseHost},1433";
# The database DSN for Oracle ==> more: "perldoc DBD::oracle"
# $Self->{DatabaseDSN} = "DBI:Oracle://$Self->{DatabaseHost}:1521/$Self->{Database}";
#
# $ENV{ORACLE_HOME} = '/path/to/your/oracle';
# $ENV{NLS_DATE_FORMAT} = 'YYYY-MM-DD HH24:MI:SS';
# $ENV{NLS_LANG} = 'AMERICAN_AMERICA.AL32UTF8';
# ---------------------------------------------------- #
# fs root directory
# ---------------------------------------------------- #
$Self->{Home} = '/opt/otrs';
# ---------------------------------------------------- #
# insert your own config settings "here" #
# config settings taken from Kernel/Config/Defaults.pm #
# ---------------------------------------------------- #
# $Self->{SessionUseCookie} = 0;
# $Self->{CheckMXRecord} = 0;
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# data inserted by installer #
# ---------------------------------------------------- #
# $DIBI$
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# #
# end of your own config options!!! #
# #
# ---------------------------------------------------- #
# ---------------------------------------------------- #
#Enable LDAP authentication for Customers / Users
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'srv04.firma.local';
$Self->{'AuthModule::LDAP::BaseDN'} = 'DC=firma,DC=local';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=OTRS | FIRMA,OU=OTRS,OU=Benutzer,OU=FIRMA,DC=firma,DC=local';
$Self->{'AuthModule::LDAP::SearchUserPw'} = '**********';
# UserSyncLDAPMap
# (map if agent should create/synced from LDAP to DB after login)
$Self->{UserSyncLDAPMap} = {
# DB -> LDAP
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
# UserTable
$Self->{DatabaseUserTable} = 'users';
$Self->{DatabaseUserTableUserID} = 'id';
$Self->{DatabaseUserTableUserPW} = 'pw';
$Self->{DatabaseUserTableUser} = 'login';
#Add the following lines when only users are allowed to login if they reside in the spicified security group
#Remove these lines if you want to provide login to all users specified in the User Base DN
$Self->{'AuthModule::LDAP::GroupDN'} ='CN=otrs_Login,OU=OTRS,OU=Benutzer,OU=FIRMA,DC=firma,DC=local';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
# Enable LDAP lookups of Agent account informations and default roles.
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = 'srv04.firma.local';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'DC=firma,DC=local';
$Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'CN=OTRS | FIRMA,OU=OTRS,OU=Benutzer,OU=FIRMA,DC=firma,DC=local';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = '**********';
$Self->{'AuthSyncModule::LDAP::AlwaysFilter'} = '(objectclass=user)';
$Self->{'AuthSyncModule::LDAP::GroupDN'} = 'CN=otrs_Login,OU=OTRS,OU=Benutzer,OU=FIRMA,DC=firma,DC=local';
$Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthSyncModule::LDAP::UserAttr'} = 'DN';
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
# AuthSyncModule::LDAP::UserSyncRolesDefinition
# (If "LDAP" was selected for AuthModule and you want to sync LDAP
# groups to otrs roles, define the following.)
$Self->{'AuthSyncModule::LDAP::UserSyncRolesDefinition'} = {
# ldap group
'CN=otrs_Support Management,OU=OTRS,OU=Benutzer,OU=FIRMA,DC=firma,DC=local' => {
# otrs role
'Role Support Management' => 1,
'Role Support 1st Level' => 0,
'Role Support 2nd Level' => 0,
},
# ldap group
'CN=otrs_Management,OU=OTRS,OU=Benutzer,OU=FIRMA,DC=firma,DC=local' => {
# otrs role
'Role Management' => 1,
},
# ldap group
'CN=otrs_Administrator,OU=OTRS,OU=Benutzer,OU=FIRMA,DC=firma,DC=local' => {
# otrs role
'Administrator' => 1,
},
# ldap group
'CN=otrs_FAQ Management,OU=OTRS,OU=Benutzer,OU=FIRMA,DC=firma,DC=local' => {
# otrs role
'Role FAQ Management' => 1,
'Role FAQ User' => 0,
},
# ldap group
'CN=otrs_FAQ User,OU=OTRS,OU=Benutzer,OU=FIRMA,DC=firma,DC=local' => {
# otrs role
'Role FAQ Management' => 0,
'Role FAQ User' => 1,
},
# ldap group
'CN=otrs_Support 1st Level,OU=OTRS,OU=Benutzer,OU=FIRMA,DC=firma,DC=local' => {
# otrs role
'Role Support Management' => 0,
'Role Support 1st Level' => 1,
'Role Support 2nd Level' => 0,
},
# ldap group
'CN=otrs_Support 2nd Level,OU=OTRS,OU=Benutzer,OU=FIRMA,DC=firma,DC=local' => {
# ldap group
'CN=otrs_Support 2nd Level,OU=OTRS,OU=Benutzer,OU=FIRMA,DC=firma,DC=local' => {
# otrs role
'Role Support Management' => 0,
'Role Support 1st Level' => 0,
'Role Support 2nd Level' => 1,
},
# ldap group
'CN=otrs_Verkauf,OU=OTRS,OU=Benutzer,OU=FIRMA,DC=firma,DC=local' => {
# otrs role
'Role Verkauf' => 1,
},
};
# Second backend, internal OTRS DB
$Self->{'AuthModule2'} = 'Kernel::System::Auth::DB';
$Self->{'AuthModule::DB::CryptType2'} = 'crypt';
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::DB';
$Self->{'AuthModule::DB::CryptType2'} = 'crypt';
}
# ---------------------------------------------------- #
# needed system stuff (don't edit this) #
# ---------------------------------------------------- #
use base qw(Kernel::Config::Defaults);
# -----------------------------------------------------#
1;
Im Log finde ich das:
Code: Select all
Mar 7 16:05:54 srv-otrs OTRS-CGI-44[25271]: [Notice][Kernel::System::CustomerAuth::DB::Auth] CustomerUser: No auth record in 'customer_user' for 'customer@mail.com' (REMOTE_ADDR: XXX.XXX.XXX.XXX)Vielen Dank!
Lg, Michael