Dears,
I have problem with cas authentication doesn't work.
My mini tutorial:
yum install mod_auth_cas -y
##########################################################################
My config auth_cas.conf:
CASCookiePath /var/cache/httpd/mod_auth_cas/
CASLoginURL https://cas.mysite.br/cas/login
CASValidateURL https://cas.mysite/cas/serviceValidate
##########################################################################
I look on configuration of zzz_otrs.conf This line "/opt/otrs/bin/cgi-bin/customer.pl" :
# --
# added for OTRS (http://otrs.org/)
# --
ScriptAlias /otrs/ "/opt/otrs/bin/cgi-bin/"
Alias /otrs-web/ "/opt/otrs/var/httpd/htdocs/"
<IfModule mod_perl.c>
# Setup environment and preload modules
Perlrequire /opt/otrs/scripts/apache2-perl-startup.pl
# Reload Perl modules when changed on disk
PerlModule Apache2::Reload
PerlInitHandler Apache2::Reload
# general mod_perl2 options
<Location /otrs>
# ErrorDocument 403 /otrs/customer.pl
ErrorDocument 403 /otrs/index.pl
SetHandler perl-script
PerlResponseHandler ModPerl::Registry
Options +ExecCGI
PerlOptions +ParseHeaders
PerlOptions +SetupEnv
<IfModule mod_version.c>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
</IfModule>
<IfModule !mod_version.c>
Order allow,deny
Allow from all
</IfModule>
</Location>
# mod_perl2 options for GenericInterface
<Location /otrs/nph-genericinterface.pl>
PerlOptions -ParseHeaders
</Location>
</IfModule>
<Directory "/opt/otrs/bin/cgi-bin/">
AllowOverride None
Options +ExecCGI -Includes
<IfModule mod_version.c>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
</IfModule>
<IfModule !mod_version.c>
Order allow,deny
Allow from all
</IfModule>
<IfModule mod_filter.c>
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/javascript application/javascript text/css text/xml application/json text/json
</IfModule>
</IfModule>
</Directory>
<Directory "/opt/otrs/bin/cgi-bin/customer.pl">
AuthType CAS
require valid-user
</Directory>
<Directory "/opt/otrs/var/httpd/htdocs/">
AllowOverride None
<IfModule mod_version.c>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
</IfModule>
<IfModule !mod_version.c>
Order allow,deny
Allow from all
</IfModule>
<IfModule mod_filter.c>
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/javascript application/javascript text/css text/xml application/json text/json
</IfModule>
</IfModule>
# Make sure CSS and JS files are read as UTF8 by the browsers.
AddCharset UTF-8 .css
AddCharset UTF-8 .js
# Set explicit mime type for woff fonts since it is relatively new and apache may not know about it.
AddType application/font-woff .woff
</Directory>
# Allow access to public interface for unauthenticated requests on systems with set-up authentication.
# Will work only for RegistrationUpdate, since page resources are still not be loaded.
# <Location /otrs/public.pl>
# <IfModule mod_version.c>
# <IfVersion < 2.4>
# Order allow,deny
# Allow from all
# </IfVersion>
# <IfVersion >= 2.4>
# Require all granted
# </IfVersion>
# </IfModule>
# <IfModule !mod_version.c>
# Order allow,deny
# Allow from all
# </IfModule>
# </Location>
<IfModule mod_headers.c>
# Cache css-cache for 30 days
<Directory "/opt/otrs/var/httpd/htdocs/skins/*/*/css-cache">
<FilesMatch "\.(css|CSS)$">
Header set Cache-Control "max-age=2592000 must-revalidate"
</FilesMatch>
</Directory>
# Cache css thirdparty for 4 hours, including icon fonts
<Directory "/opt/otrs/var/httpd/htdocs/skins/*/*/css/thirdparty">
<FilesMatch "\.(css|CSS|woff|svg)$">
Header set Cache-Control "max-age=14400 must-revalidate"
</FilesMatch>
</Directory>
# Cache js-cache for 30 days
<Directory "/opt/otrs/var/httpd/htdocs/js/js-cache">
<FilesMatch "\.(js|JS)$">
Header set Cache-Control "max-age=2592000 must-revalidate"
</FilesMatch>
</Directory>
# Cache js thirdparty for 4 hours
<Directory "/opt/otrs/var/httpd/htdocs/js/thirdparty/">
<FilesMatch "\.(js|JS)$">
Header set Cache-Control "max-age=14400 must-revalidate"
</FilesMatch>
</Directory>
</IfModule>
# Limit the number of requests per child to avoid excessive memory usage
MaxRequestsPerChild 4000
Error on log:
ERROR: OTRS-CGI-3 Perl: 5.16.3 OS: linux Time: Fri Dec 6 14:28:13 2019
Message: Need User!
RemoteAddress: 10.251.14.134
RequestURI: /otrs/customer.pl
Traceback (51498):
Module: Kernel::System::CustomerAuth::LDAP::Auth Line: 129
Module: Kernel::System::CustomerAuth::Auth Line: 135
Module: Kernel::System::Web::InterfaceCustomer::Run Line: 227
Module: ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_customer_2epl::handler Line: 40
Module: (eval) (v1.99) Line: 207
Module: ModPerl::RegistryCooker::run (v1.99) Line: 207
Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 173
Module: ModPerl::Registry::handler (v1.99) Line: 32
Apache configuration:
apachectl configtest
Syntax OK
Any suggestion?
Cas authentication
Moderator: crythias
-
root
- Administrator
- Posts: 4250
- Joined: 18 Dec 2007, 12:23
- Znuny Version: Znuny and Znuny LTS
- Real Name: Roy Kaldung
- Company: Znuny
- Contact:
Re: Cas authentication
Hi,
Which CustomerAuthModule do yo have configured?
- Roy
Which CustomerAuthModule do yo have configured?
- Roy
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
-
spinaldf
- Znuny newbie
- Posts: 48
- Joined: 29 Apr 2019, 16:29
- Znuny Version: 6community
- Real Name: Luiz Guilherme
Re: Cas authentication
Do you talk of file Config.pm? Because, I don't have idea this configuration.
# --
# Kernel/Config.pm - Config file for OTRS kernel
# Copyright (C) 2001-2015 xxx, http://otrs.com/
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (AGPL). If you
# did not receive this file, see http://www.gnu.org/licenses/agpl.txt.
# --
# Note:
#
# -->> Most OTRS configuration should be done via the OTRS web interface
# and the SysConfig. Only for some configuration, such as database
# credentials and customer data source changes, you should edit this
# file. For changes do customer data sources you can copy the definitions
# from Kernel/Config/Defaults.pm and paste them in this file.
# Config.pm will not be overwritten when updating OTRS.
# --
package Kernel::Config;
use strict;
use warnings;
use utf8;
sub Load {
my $Self = shift;
my $HOSTNAME = `hostname -s`;
# ---------------------------------------------------- #
# database settings #
# ---------------------------------------------------- #
if ($HOSTNAME =~ /cortiti/) {
# Change FQDN
$Self->{FQDN} = 'servicosti.myserver.com.br';
$Self->{SystemID} = 0;
# Disable sendmail
$Self->{'SendmailModule'} = 'Kernel::System::Email::Sendmail';
# The database host
$Self->{DatabaseHost} = 'prototipus';
# The database user
$Self->{DatabaseUser} = "ext_otrs";
# The password of database user. You also can use bin/otrs.CryptPassword.pl for crypted passwords
$Self->{DatabasePw} = 'xxxxxxx';
# The database DSN for Oracle ==> more: "perldoc DBD::oracle"
$Self->{DatabaseDSN} = "DBI:Oracle:PRO";
} elsif ($HOSTNAME =~ /impatiti/) {
# Change FQDN
$Self->{FQDN} = 'otrs-hom.myserver.com.br';
$Self->{SystemID} = 6;
# Disable sendmail
$Self->{'SendmailModule'} = 'Kernel::System::Email::Sendmail';
# The database host
$Self->{DatabaseHost} = 'axivia2';
# The database user
$Self->{DatabaseUser} = "ext_otrs";
# The password of database user. You also can use bin/otrs.CryptPassword.pl for crypted passwords
$Self->{DatabasePw} = 'xxxxxxx';
# The database DSN for Oracle ==> more: "perldoc DBD::oracle"
$Self->{DatabaseDSN} = "DBI:Oracle:PHOM";
} elsif ($HOSTNAME =~ /crutiti/) {
# Change FQDN
$Self->{FQDN} = 'otrs-teste.myserver.com.br';
$Self->{SystemID} = 3;
# Enable Sendmail
$Self->{'SendmailModule'} = 'Kernel::System::Email::Sendmail';
# The database host
$Self->{DatabaseHost} = 'axivia2';
# The database user
$Self->{DatabaseUser} = "ext_otrs_config";
# The password of database user. You also can use bin/otrs.CryptPassword.pl for crypted passwords
$Self->{DatabasePw} = 'xxxxxxx';
# The database DSN for Oracle ==> more: "perldoc DBD::oracle"
$Self->{DatabaseDSN} = "DBI:Oracle:ODES";
}
# The database host
#$Self->{DatabaseHost} = '127.0.0.1';
# The database name
#$Self->{Database} = 'otrs';
# The database user
#$Self->{DatabaseUser} = 'root';
# The password of database user. You also can use bin/otrs.CryptPassword.pl
# for crypted passwords
#$Self->{DatabasePw} = '';
# The database DSN for MySQL ==> more: "perldoc DBD::mysql"
#$Self->{DatabaseDSN} = "DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost};";
# The database DSN for PostgreSQL ==> more: "perldoc DBD::Pg"
# if you want to use a local socket connection
# $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};";
# if you want to use a TCP/IP connection
# $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};host=$Self->{DatabaseHost};";
# The database DSN for Microsoft SQL Server - only supported if OTRS is
# installed on Windows as well
# $Self->{DatabaseDSN} = "DBI:ODBC:driver={SQL Server};Database=$Self->{Database};Server=$Self->{DatabaseHost},1433";
# The database DSN for Oracle ==> more: "perldoc DBD::oracle"
# $Self->{DatabaseDSN} = "DBI:Oracle://$Self->{DatabaseHost}:1521/$Self->{Database}";
#
# $ENV{ORACLE_HOME} = '/path/to/your/oracle';
# $ENV{NLS_DATE_FORMAT} = 'YYYY-MM-DD HH24:MI:SS';
# $ENV{NLS_LANG} = 'AMERICAN_AMERICA.AL32UTF8';
$ENV{ORACLE_HOME} = '/usr/lib/oracle/12.1/client64';
$ENV{NLS_DATE_FORMAT} = 'YYYY-MM-DD HH24:MI:SS';
$ENV{NLS_LANG} = 'AMERICAN_AMERICA.AL32UTF8';
$ENV{TNS_ADMIN} = '/opt/otrs/scripts';
# ---------------------------------------------------- #
# fs root directory
# ---------------------------------------------------- #
$Self->{Home} = '/opt/otrs';
# ---------------------------------------------------- #
# insert your own config settings "here" #
# config settings taken from Kernel/Config/Defaults.pm #
# ---------------------------------------------------- #
# $Self->{SessionUseCookie} = 0;
# $Self->{CheckMXRecord} = 0;
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# data inserted by installer #
# ---------------------------------------------------- #
# $DIBI$
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# CustomerUser
# (customer ldap backend and settings)
$Self->{CustomerUser1} = {
Name => 'LDAP Data Source',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
# ldap host
Host => 'dir.myserver.com.br',
#Host => '10.1.1.223',
# ldap base dn
BaseDN => 'dc=redemyserver,dc=myserver,dc=com,dc=br',
# search scope (one|sub)
SSCOPE => 'sub',
# The following is valid but would only be necessary if the
# anonymous user does NOT have permission to read from the LDAP tree
UserDN => 'usr_ldap',
UserPw => 'xxxxxxx',
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
AlwaysFilter => '(objectclass=user)',
AlwaysFilter => '(|(cn=P_*)(cn=T_*)(cn=E_*)(cn=I_*)(cn=D_*)(cn=B_*)(cn=usr_*))',
#AlwaysFilter => '(&(&(&(&(|(cn=P_*)(cn=T_*)(cn=E_*)(cn=I_*)(cn=D_*)(cn=B_*)(cn=usr_*))(!(physicalDeliveryOfficeName=VALIDADE DE LOGON VENCIDA*)))(!(memberof=CN=Negar_Logon_local,OU=Grupos,OU=Usuarios,DC=redemyserver,DC=myserver,DC=com,DC=br)))(!(memberof=CN=DeptInativos,OU=Grupos,OU=Usuarios,DC=redemyserver,DC=myserver,DC=com,DC=br))))',
# if both your frontend and your LDAP are unicode, use this:
SourceCharset => 'utf-8',
DestCharset => 'utf-8',
# if your frontend is unicode and the charset of your
# ldap server is iso-8859-1, use these options.
# SourceCharset => 'iso-8859-1',
# DestCharset => 'utf-8',
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
Params => {
port => 389,
timeout => 120,
async => 0,
version => 3,
},
},
# customer unique id
#CustomerKey => 'sAMAccountName',
CustomerKey => 'cn',
# customer #
CustomerID => 'mail',
CustomerUserListFields => ['cn', 'mail'],
#CustomerUserSearchFields => ['sAMAccountName', 'displayName', 'uid', 'cn', 'mail'],
CustomerUserSearchFields => ['displayName', 'cn', 'mail', 'telephonenumber'],
CustomerUserSearchPrefix => '*',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 500,
CustomerUserPostMasterSearchFields => ['mail', 'userPrincipalName'],
CustomerUserNameFields => ['givenname', 'sn'],
CustomerUserEmailUniqCheck => 0,
# show not own tickets in customer panel, CompanyTickets
CustomerUserExcludePrimaryCustomerID => 0,
# add an ldap filter for valid users (expert setting)
# CustomerUserValidFilter => '(!(description=locked))',
# administrator can't change customer preferences
AdminSetPreferences => 0,
# cache time to live in sec. - cache any database queries
CacheTTL => 86400,
Map => [
# note: Login, Email and CustomerID are mandatory!
# var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly
[ 'UserTitle', 'Title', 'title', 1, 0, 'var', '', 0 ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var', '', 0 ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var', '', 0 ],
[ 'UserLogin', 'Username', 'cn', 1, 1, 'var', '', 0 ],
# [ 'UserLogin', 'Username', 'cn', 1, 1, 'var', '', 0 ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var', '', 0 ],
[ 'UserCustomerID', 'CustomerID', 'department', 0, 1, 'var', '', 0 ],
# [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1, 0, 'var', '', 0 ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var', '', 0 ],
[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var', '', 0 ],
[ 'UserComment', 'Comment', 'description', 1, 0, 'var', '', 0 ],
],
};
# This is an example configuration for an LDAP auth. backend.
# (make sure Net::LDAP is installed!)
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::HTTPBasicAuth';
$Self->{'Customer::AuthModule2'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host2'} = 'dir.myserver.com.br';
#$Self->{'Customer::AuthModule::LDAP::Host'} = '10.1.1.223';
$Self->{'Customer::AuthModule::LDAP::BaseDN2'} = 'dc=redemyserver,dc=myserver,dc=com,dc=br';
$Self->{'Customer::AuthModule::LDAP::UID2'} = 'sAMAccountName';
#$Self->{'Customer::AuthModule::LDAP::UID'} = 'cn';
# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group xyz to use otrs)
$Self->{'Customer::AuthModule::LDAP::GroupDN2'} = 'ou=Grupos,ou=usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br';
$Self->{'Customer::AuthModule::LDAP::AccessAttr2'} = 'member';
# for ldap posixGroups objectclass (just uid)
#$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'CN';
# for non ldap posixGroups objectclass (full user dn)
$Self->{'Customer::AuthModule::LDAP::UserAttr2'} = 'DN';
# The following is valid but would only be necessary if the
# anonymous user does NOT have permission to read from the LDAP tree
$Self->{'Customer::AuthModule::LDAP::SearchUserDN2'} = 'usr_ldap';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw2'} = 'xxxxxx';
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
$Self->{'Customer::AuthModule::LDAP::AlwaysFilter2'} = '(objectclass=user)';
# in case you want to add a suffix to each customer login name, then
# you can use this option. e. g. user just want to use user but
# in your ldap directory exists user@domain.
#$Self->{'Customer::AuthModule::LDAP::UserSuffix1'} = '@domain.com';
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'Customer::AuthModule::LDAP::Params2'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
# This is an example configuration for an LDAP auth. backend.
# (Make sure Net::LDAP is installed!)
$Self->{'AuthModule1'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host1'} = 'dir.myserver.com.br';
#$Self->{'AuthModule::LDAP::Host1'} = '10.1.1.223';
$Self->{'AuthModule::LDAP::BaseDN1'} = 'dc=redemyserver,dc=myserver,dc=com,dc=br';
$Self->{'AuthModule::LDAP::UID1'} = 'sAMAccountName';
#$Self->{'AuthModule::LDAP::UID1'} = 'cn';
# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group xyz to use otrs)
$Self->{'AuthModule::LDAP::GroupDN1'} = 'ou=Grupos,ou=usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br';
$Self->{'AuthModule::LDAP::AccessAttr1'} = 'member';
# for ldap posixGroups objectclass (just uid)
#$Self->{'AuthModule::LDAP::UserAttr'} = 'CN';
# for non ldap posixGroups objectclass (with full user dn)
$Self->{'AuthModule::LDAP::UserAttr1'} = 'DN';
# The following is valid but would only be necessary if the
# anonymous user do NOT have permission to read from the LDAP tree
$Self->{'AuthModule::LDAP::SearchUserDN1'} = 'usr_ldap';
$Self->{'AuthModule::LDAP::SearchUserPw1'} = 'xxxxxxxx';
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
#$Self->{'AuthModule::LDAP::AlwaysFilter1'} = '(objectclass=user)';
$Self->{'AuthModule::LDAP::AlwaysFilter1'} = '(&(&(&(objectCategory=person)(|(memberof=CN=Cenin,OU=Grupos,OU=Usuarios,DC=redemyserver,DC=myserver,DC=com,DC=br)(memberOf=CN=Detec,OU=Grupos,OU=Usuarios,DC=redemyserver,DC=myserver,DC=com,DC=br)(memberOf=CN=Depes,OU=Grupos,OU=Usuarios,DC=redemyserver,DC=myserver,DC=com,DC=br)(memberOf=CN=Secin,OU=Grupos,OU=Usuarios,DC=redemyserver,DC=myserver,DC=com,DC=br)))(!(memberof=CN=FuncInativos,OU=Grupos,OU=Usuarios,DC=redemyserver,DC=myserver,DC=com,DC=br)))(!(memberof=CN=Negar_Logon_local,OU=Grupos,OU=Usuarios,DC=redemyserver,DC=myserver,DC=com,DC=br)))';
#$Self->{'AuthModule::LDAP::AlwaysFilter1'} = '(|(memberof=CN=Cenin,OU=Grupos,OU=Usuarios,DC=redemyserver,DC=myserver,DC=com,DC=br)(memberOf=CN=Detec,OU=Grupos,OU=Usuarios,DC=redemyserver,DC=myserver,DC=com,DC=br)(memberOf=CN=Depes,OU=Grupos,OU=Usuarios,DC=redemyserver,DC=myserver,DC=com,DC=br)(memberOf=CN=Secin,OU=Grupos,OU=Usuarios,DC=redemyserver,DC=myserver,DC=com,DC=br))';
# in case you want to add a suffix to each login name, then
# you can use this option. e. g. user just want to use user but
# in your ldap directory exists user@domain.
# $Self->{'AuthModule::LDAP::UserSuffix'} = '@domain.com';
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'AuthModule::LDAP::Params1'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
# defines AuthSyncBackend (AuthSyncModule) for AuthModule
# if this key exists and is empty, there won't be a sync.
# example values: AuthSyncBackend, AuthSyncBackend2
$Self->{'AuthModule::UseSyncBackend'} = 'AuthSyncBackend';
# agent data sync against ldap
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = 'ldap://dir.myserver.com.br/';
#$Self->{'AuthSyncModule::LDAP::Host'} = 'ldap://10.1.1.223/';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=redemyserver,dc=myserver,dc=com,dc=br';
$Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
#$Self->{'AuthSyncModule::LDAP::UID'} = 'cn';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'usr_ldap';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'xxxxxx';
$Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
# DB -> LDAP
UserLogin => 'sAMAccountName',
#UserLogin => 'cn',
UserFirstname => 'givenname',
UserLastname => 'sn',
UserEmail => 'mail',
#UserPhone => 'telephonenumber',
};
# AuthSyncModule::LDAP::UserSyncInitialGroups
# (sync following group with rw permission after initial create of first agent
# login)
$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
'users',
];
# AuthSyncModule::LDAP::UserSyncGroupsDefinition
# (If "LDAP" was selected for AuthModule and you want to sync LDAP
# groups to otrs groups, define the following.)
$Self->{'AuthSyncModule::LDAP::UserSyncGroupsDefinition'} = {
'cn=Cenin,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'users' => {
rw => 1,
},
},
'cn=Detec,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'users' => {
rw => 1,
},
},
'cn=Depes,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'users' => {
rw => 1,
},
},
'cn=Secin,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'users' => {
rw => 1,
},
},
'cn=ITSMLogfiAMC,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-coaus-ext-amc' => {
rw => 1,
},
},
'cn=ITSMLogfiStoque,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-coaus-ext-stoque' => {
rw => 1,
},
},
'cn=ITSMLogfiPrintmax,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-coaus-ext-printmax' => {
rw => 1,
},
},
'cn=ITSMLogfiMicrosens,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-coaus-ext-microsens' => {
rw => 1,
},
},
'cn=ITSMLogfiHprint,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-coaus-ext-hprint' => {
rw => 1,
},
},
'cn=ITSMLogfiSimpress,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-coaus-ext-simpress' => {
rw => 1,
},
},
'cn=ITSMLogfiRapidonet,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-coaus-ext-rapidonet' => {
rw => 1,
},
},
'cn=ITSMDepesCoref,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-depes-coref' => {
rw => 1,
},
},
'cn=ITSMDepesCorefSecne,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-depes-coref-secne' => {
rw => 1,
},
},
'cn=ITSMCainf,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-cainf' => {
rw => 1,
},
},
'cn=ITSMCainfSdados,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-cainf-sdados' => {
rw => 1,
},
},
'cn=ITSMCainfSedac,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-cainf-sedac' => {
rw => 1,
},
},
'cn=ITSMCainfGestic,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-cainf-seges' => {
rw => 1,
},
},
'cn=ITSMCainfSemir,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-cainf-semir' => {
rw => 1,
},
},
'cn=ITSMCainfSemirAprovacao,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-cainf-semir-aprovacao' => {
rw => 1,
},
},
'cn=ITSMCainfSemirAlmoxarifado,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-cainf-semir-almoxarifado' => {
rw => 1,
},
},
'cn=ITSMCainfSenet,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-cainf-senet' => {
rw => 1,
},
},
'cn=ITSMCainfSesap,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-cainf-sesap' => {
rw => 1,
},
},
'cn=ITSMCainfSesar,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-cainf-sesar' => {
rw => 1,
},
},
'cn=ITSMCainfSeseg,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-cainf-seseg' => {
rw => 1,
},
},
'cn=ITSMCainfSutec,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-cainf-sesup' => {
rw => 1,
},
},
'cn=ITSMCainfSevir,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-cainf-sevir' => {
rw => 1,
},
},
'cn=ITSMCoaus,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-coaus' => {
rw => 1,
},
},
'cn=ITSMGesoft,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-coaus-gesoft' => {
rw => 1,
},
},
'cn=ITSMCoausSatus,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-coaus-satus' => {
rw => 1,
},
},
'cn=ITSMLogfi,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-coaus-selog' => {
rw => 1,
},
},
'cn=ITSMCoausSepac,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-coaus-sepac' => {
rw => 1,
},
},
'cn=ITSMCoausSesau,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-coaus-sesau' => {
rw => 1,
},
},
'cn=ITSMCoausSespe,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-coaus-sespe' => {
rw => 1,
},
},
'cn=ITSMCoges,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-coges' => {
rw => 1,
},
},
'cn=ITSMCocom,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-cocom' => {
rw => 1,
},
},
'cn=ITSMCocomSesor,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-cocom-secor' => {
rw => 1,
},
},
'cn=ITSMCocomSecom,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-cocom-secom' => {
rw => 1,
},
},
'cn=ITSMCocomSesip,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-cocom-separ' => {
rw => 1,
},
},
'cn=ITSMCocomSelep,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-cocom-selep' => {
rw => 1,
},
},
'cn=ITSMCocomSeapl,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-cocom-seapl' => {
rw => 1,
},
},
'cn=ITSMSocit,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-corec' => {
rw => 1,
},
},
'cn=ITSMSocitSemid,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-socit-semid' => {
rw => 1,
},
},
'cn=ITSMSocitSepor,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-socit-sepor' => {
rw => 1,
},
},
'cn=ITSMSocitSepop,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-socit-sepop' => {
rw => 1,
},
},
'cn=ITSMSocitSisei,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-socit-sisei' => {
rw => 1,
},
},
'cn=ITSMCoarh,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-coreh' => {
rw => 1,
},
'fila-coarh-ext-mv-demed' => {
rw => 1,
},
'fila-coarh-ext-educom-cefor' => {
rw => 1,
},
},
'cn=ITSMCoarhMVDemed,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-coarh-ext-mv-demed' => {
rw => 1,
},
},
'cn=ITSMCoarhEducomCefor,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-coarh-ext-educom-cefor' => {
rw => 1,
},
},
'cn=ITSMCosev,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-cosev' => {
rw => 1,
},
},
'cn=ITSMCosevSadve,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-cosev-sadve' => {
rw => 1,
},
},
'cn=ITSMCosevSesve,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-cosev-sesve' => {
rw => 1,
},
},
'cn=ITSMCosevSeinf,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-cosev-seinf' => {
rw => 1,
},
},
'cn=ITSMCosevSosev,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-cosev-sosev' => {
rw => 1,
},
},
'cn=ITSMCopad,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-sadap' => {
rw => 1,
},
},
'cn=ITSMSadapCotasNet,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-sadap-cotasnet' => {
rw => 1,
},
},
'cn=ITSMSadapInfogab,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-sadap-infogab' => {
rw => 1,
},
},
'cn=ITSMSecad,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-serad' => {
rw => 1,
},
},
'cn=ITSMSotic,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-sotic' => {
rw => 1,
},
},
'cn=ITSMSecidAD,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-sotic-ad' => {
rw => 1,
},
},
'cn=ITSMSoticSedas,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-sotic-sedas' => {
rw => 1,
},
},
'cn=ITSMSecid,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-sotic-sedas' => {
rw => 1,
},
},
'cn=ITSMSecid,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-secid' => {
rw => 1,
},
},
'cn=ITSMSoticSesen,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-sotic-sesen' => {
rw => 1,
},
},
'cn=ITSMSoticSeaad,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-sotic-sestic' => {
rw => 1,
},
},
'cn=ITSMSeuso,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-sotic-seuso' => {
rw => 1,
},
},
'cn=ITSMDetec,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-detec' => {
rw => 1,
},
},
'cn=ITSMDetecSente,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-detec-sente' => {
rw => 1,
},
},
'cn=ITSMDetecTelefoniaIP,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-detec-telefoniaip' => {
rw => 1,
},
},
'cn=ITSMDetecArCondicionado,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-detec-arcondicionado' => {
rw => 1,
},
},
'cn=ITSMDetecInstalacoesHidrosanitarias,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-detec-hidraulica' => {
rw => 1,
},
},
'cn=ITSMDetecInstalacoesEletricas,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-detec-eletrica' => {
rw => 1,
},
},
};
# AuthSyncModule::LDAP::UserSyncRolesDefinition
# (If "LDAP" was selected for AuthModule and you want to sync LDAP
# groups to otrs roles, define the following.)
#$Self->{'AuthSyncModule::LDAP::UserSyncRolesDefinition'} = {
# 'cn=Seges,ou=Grupos,ou=usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
# 'SysAdmin' => 1,
# },
# 'cn=agent2,o=otrs' => {
# 'role3' => 1,
# }
#};
# CheckMXRecord
# (Check mx recorde of used email addresses)
$Self->{CheckMXRecord} = 0;
# ---------------------------------------------------- #
# #
# end of your own config options!!! #
# #
# ---------------------------------------------------- #
# ---------------------------------------------------- #
}
# ---------------------------------------------------- #
# needed system stuff (don't edit this) #
# ---------------------------------------------------- #
use base qw(Kernel::Config::Defaults);
# -----------------------------------------------------#
1;
# --
# Kernel/Config.pm - Config file for OTRS kernel
# Copyright (C) 2001-2015 xxx, http://otrs.com/
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (AGPL). If you
# did not receive this file, see http://www.gnu.org/licenses/agpl.txt.
# --
# Note:
#
# -->> Most OTRS configuration should be done via the OTRS web interface
# and the SysConfig. Only for some configuration, such as database
# credentials and customer data source changes, you should edit this
# file. For changes do customer data sources you can copy the definitions
# from Kernel/Config/Defaults.pm and paste them in this file.
# Config.pm will not be overwritten when updating OTRS.
# --
package Kernel::Config;
use strict;
use warnings;
use utf8;
sub Load {
my $Self = shift;
my $HOSTNAME = `hostname -s`;
# ---------------------------------------------------- #
# database settings #
# ---------------------------------------------------- #
if ($HOSTNAME =~ /cortiti/) {
# Change FQDN
$Self->{FQDN} = 'servicosti.myserver.com.br';
$Self->{SystemID} = 0;
# Disable sendmail
$Self->{'SendmailModule'} = 'Kernel::System::Email::Sendmail';
# The database host
$Self->{DatabaseHost} = 'prototipus';
# The database user
$Self->{DatabaseUser} = "ext_otrs";
# The password of database user. You also can use bin/otrs.CryptPassword.pl for crypted passwords
$Self->{DatabasePw} = 'xxxxxxx';
# The database DSN for Oracle ==> more: "perldoc DBD::oracle"
$Self->{DatabaseDSN} = "DBI:Oracle:PRO";
} elsif ($HOSTNAME =~ /impatiti/) {
# Change FQDN
$Self->{FQDN} = 'otrs-hom.myserver.com.br';
$Self->{SystemID} = 6;
# Disable sendmail
$Self->{'SendmailModule'} = 'Kernel::System::Email::Sendmail';
# The database host
$Self->{DatabaseHost} = 'axivia2';
# The database user
$Self->{DatabaseUser} = "ext_otrs";
# The password of database user. You also can use bin/otrs.CryptPassword.pl for crypted passwords
$Self->{DatabasePw} = 'xxxxxxx';
# The database DSN for Oracle ==> more: "perldoc DBD::oracle"
$Self->{DatabaseDSN} = "DBI:Oracle:PHOM";
} elsif ($HOSTNAME =~ /crutiti/) {
# Change FQDN
$Self->{FQDN} = 'otrs-teste.myserver.com.br';
$Self->{SystemID} = 3;
# Enable Sendmail
$Self->{'SendmailModule'} = 'Kernel::System::Email::Sendmail';
# The database host
$Self->{DatabaseHost} = 'axivia2';
# The database user
$Self->{DatabaseUser} = "ext_otrs_config";
# The password of database user. You also can use bin/otrs.CryptPassword.pl for crypted passwords
$Self->{DatabasePw} = 'xxxxxxx';
# The database DSN for Oracle ==> more: "perldoc DBD::oracle"
$Self->{DatabaseDSN} = "DBI:Oracle:ODES";
}
# The database host
#$Self->{DatabaseHost} = '127.0.0.1';
# The database name
#$Self->{Database} = 'otrs';
# The database user
#$Self->{DatabaseUser} = 'root';
# The password of database user. You also can use bin/otrs.CryptPassword.pl
# for crypted passwords
#$Self->{DatabasePw} = '';
# The database DSN for MySQL ==> more: "perldoc DBD::mysql"
#$Self->{DatabaseDSN} = "DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost};";
# The database DSN for PostgreSQL ==> more: "perldoc DBD::Pg"
# if you want to use a local socket connection
# $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};";
# if you want to use a TCP/IP connection
# $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};host=$Self->{DatabaseHost};";
# The database DSN for Microsoft SQL Server - only supported if OTRS is
# installed on Windows as well
# $Self->{DatabaseDSN} = "DBI:ODBC:driver={SQL Server};Database=$Self->{Database};Server=$Self->{DatabaseHost},1433";
# The database DSN for Oracle ==> more: "perldoc DBD::oracle"
# $Self->{DatabaseDSN} = "DBI:Oracle://$Self->{DatabaseHost}:1521/$Self->{Database}";
#
# $ENV{ORACLE_HOME} = '/path/to/your/oracle';
# $ENV{NLS_DATE_FORMAT} = 'YYYY-MM-DD HH24:MI:SS';
# $ENV{NLS_LANG} = 'AMERICAN_AMERICA.AL32UTF8';
$ENV{ORACLE_HOME} = '/usr/lib/oracle/12.1/client64';
$ENV{NLS_DATE_FORMAT} = 'YYYY-MM-DD HH24:MI:SS';
$ENV{NLS_LANG} = 'AMERICAN_AMERICA.AL32UTF8';
$ENV{TNS_ADMIN} = '/opt/otrs/scripts';
# ---------------------------------------------------- #
# fs root directory
# ---------------------------------------------------- #
$Self->{Home} = '/opt/otrs';
# ---------------------------------------------------- #
# insert your own config settings "here" #
# config settings taken from Kernel/Config/Defaults.pm #
# ---------------------------------------------------- #
# $Self->{SessionUseCookie} = 0;
# $Self->{CheckMXRecord} = 0;
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# data inserted by installer #
# ---------------------------------------------------- #
# $DIBI$
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# CustomerUser
# (customer ldap backend and settings)
$Self->{CustomerUser1} = {
Name => 'LDAP Data Source',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
# ldap host
Host => 'dir.myserver.com.br',
#Host => '10.1.1.223',
# ldap base dn
BaseDN => 'dc=redemyserver,dc=myserver,dc=com,dc=br',
# search scope (one|sub)
SSCOPE => 'sub',
# The following is valid but would only be necessary if the
# anonymous user does NOT have permission to read from the LDAP tree
UserDN => 'usr_ldap',
UserPw => 'xxxxxxx',
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
AlwaysFilter => '(objectclass=user)',
AlwaysFilter => '(|(cn=P_*)(cn=T_*)(cn=E_*)(cn=I_*)(cn=D_*)(cn=B_*)(cn=usr_*))',
#AlwaysFilter => '(&(&(&(&(|(cn=P_*)(cn=T_*)(cn=E_*)(cn=I_*)(cn=D_*)(cn=B_*)(cn=usr_*))(!(physicalDeliveryOfficeName=VALIDADE DE LOGON VENCIDA*)))(!(memberof=CN=Negar_Logon_local,OU=Grupos,OU=Usuarios,DC=redemyserver,DC=myserver,DC=com,DC=br)))(!(memberof=CN=DeptInativos,OU=Grupos,OU=Usuarios,DC=redemyserver,DC=myserver,DC=com,DC=br))))',
# if both your frontend and your LDAP are unicode, use this:
SourceCharset => 'utf-8',
DestCharset => 'utf-8',
# if your frontend is unicode and the charset of your
# ldap server is iso-8859-1, use these options.
# SourceCharset => 'iso-8859-1',
# DestCharset => 'utf-8',
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
Params => {
port => 389,
timeout => 120,
async => 0,
version => 3,
},
},
# customer unique id
#CustomerKey => 'sAMAccountName',
CustomerKey => 'cn',
# customer #
CustomerID => 'mail',
CustomerUserListFields => ['cn', 'mail'],
#CustomerUserSearchFields => ['sAMAccountName', 'displayName', 'uid', 'cn', 'mail'],
CustomerUserSearchFields => ['displayName', 'cn', 'mail', 'telephonenumber'],
CustomerUserSearchPrefix => '*',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 500,
CustomerUserPostMasterSearchFields => ['mail', 'userPrincipalName'],
CustomerUserNameFields => ['givenname', 'sn'],
CustomerUserEmailUniqCheck => 0,
# show not own tickets in customer panel, CompanyTickets
CustomerUserExcludePrimaryCustomerID => 0,
# add an ldap filter for valid users (expert setting)
# CustomerUserValidFilter => '(!(description=locked))',
# administrator can't change customer preferences
AdminSetPreferences => 0,
# cache time to live in sec. - cache any database queries
CacheTTL => 86400,
Map => [
# note: Login, Email and CustomerID are mandatory!
# var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly
[ 'UserTitle', 'Title', 'title', 1, 0, 'var', '', 0 ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var', '', 0 ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var', '', 0 ],
[ 'UserLogin', 'Username', 'cn', 1, 1, 'var', '', 0 ],
# [ 'UserLogin', 'Username', 'cn', 1, 1, 'var', '', 0 ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var', '', 0 ],
[ 'UserCustomerID', 'CustomerID', 'department', 0, 1, 'var', '', 0 ],
# [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1, 0, 'var', '', 0 ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var', '', 0 ],
[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var', '', 0 ],
[ 'UserComment', 'Comment', 'description', 1, 0, 'var', '', 0 ],
],
};
# This is an example configuration for an LDAP auth. backend.
# (make sure Net::LDAP is installed!)
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::HTTPBasicAuth';
$Self->{'Customer::AuthModule2'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host2'} = 'dir.myserver.com.br';
#$Self->{'Customer::AuthModule::LDAP::Host'} = '10.1.1.223';
$Self->{'Customer::AuthModule::LDAP::BaseDN2'} = 'dc=redemyserver,dc=myserver,dc=com,dc=br';
$Self->{'Customer::AuthModule::LDAP::UID2'} = 'sAMAccountName';
#$Self->{'Customer::AuthModule::LDAP::UID'} = 'cn';
# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group xyz to use otrs)
$Self->{'Customer::AuthModule::LDAP::GroupDN2'} = 'ou=Grupos,ou=usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br';
$Self->{'Customer::AuthModule::LDAP::AccessAttr2'} = 'member';
# for ldap posixGroups objectclass (just uid)
#$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'CN';
# for non ldap posixGroups objectclass (full user dn)
$Self->{'Customer::AuthModule::LDAP::UserAttr2'} = 'DN';
# The following is valid but would only be necessary if the
# anonymous user does NOT have permission to read from the LDAP tree
$Self->{'Customer::AuthModule::LDAP::SearchUserDN2'} = 'usr_ldap';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw2'} = 'xxxxxx';
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
$Self->{'Customer::AuthModule::LDAP::AlwaysFilter2'} = '(objectclass=user)';
# in case you want to add a suffix to each customer login name, then
# you can use this option. e. g. user just want to use user but
# in your ldap directory exists user@domain.
#$Self->{'Customer::AuthModule::LDAP::UserSuffix1'} = '@domain.com';
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'Customer::AuthModule::LDAP::Params2'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
# This is an example configuration for an LDAP auth. backend.
# (Make sure Net::LDAP is installed!)
$Self->{'AuthModule1'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host1'} = 'dir.myserver.com.br';
#$Self->{'AuthModule::LDAP::Host1'} = '10.1.1.223';
$Self->{'AuthModule::LDAP::BaseDN1'} = 'dc=redemyserver,dc=myserver,dc=com,dc=br';
$Self->{'AuthModule::LDAP::UID1'} = 'sAMAccountName';
#$Self->{'AuthModule::LDAP::UID1'} = 'cn';
# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group xyz to use otrs)
$Self->{'AuthModule::LDAP::GroupDN1'} = 'ou=Grupos,ou=usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br';
$Self->{'AuthModule::LDAP::AccessAttr1'} = 'member';
# for ldap posixGroups objectclass (just uid)
#$Self->{'AuthModule::LDAP::UserAttr'} = 'CN';
# for non ldap posixGroups objectclass (with full user dn)
$Self->{'AuthModule::LDAP::UserAttr1'} = 'DN';
# The following is valid but would only be necessary if the
# anonymous user do NOT have permission to read from the LDAP tree
$Self->{'AuthModule::LDAP::SearchUserDN1'} = 'usr_ldap';
$Self->{'AuthModule::LDAP::SearchUserPw1'} = 'xxxxxxxx';
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
#$Self->{'AuthModule::LDAP::AlwaysFilter1'} = '(objectclass=user)';
$Self->{'AuthModule::LDAP::AlwaysFilter1'} = '(&(&(&(objectCategory=person)(|(memberof=CN=Cenin,OU=Grupos,OU=Usuarios,DC=redemyserver,DC=myserver,DC=com,DC=br)(memberOf=CN=Detec,OU=Grupos,OU=Usuarios,DC=redemyserver,DC=myserver,DC=com,DC=br)(memberOf=CN=Depes,OU=Grupos,OU=Usuarios,DC=redemyserver,DC=myserver,DC=com,DC=br)(memberOf=CN=Secin,OU=Grupos,OU=Usuarios,DC=redemyserver,DC=myserver,DC=com,DC=br)))(!(memberof=CN=FuncInativos,OU=Grupos,OU=Usuarios,DC=redemyserver,DC=myserver,DC=com,DC=br)))(!(memberof=CN=Negar_Logon_local,OU=Grupos,OU=Usuarios,DC=redemyserver,DC=myserver,DC=com,DC=br)))';
#$Self->{'AuthModule::LDAP::AlwaysFilter1'} = '(|(memberof=CN=Cenin,OU=Grupos,OU=Usuarios,DC=redemyserver,DC=myserver,DC=com,DC=br)(memberOf=CN=Detec,OU=Grupos,OU=Usuarios,DC=redemyserver,DC=myserver,DC=com,DC=br)(memberOf=CN=Depes,OU=Grupos,OU=Usuarios,DC=redemyserver,DC=myserver,DC=com,DC=br)(memberOf=CN=Secin,OU=Grupos,OU=Usuarios,DC=redemyserver,DC=myserver,DC=com,DC=br))';
# in case you want to add a suffix to each login name, then
# you can use this option. e. g. user just want to use user but
# in your ldap directory exists user@domain.
# $Self->{'AuthModule::LDAP::UserSuffix'} = '@domain.com';
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'AuthModule::LDAP::Params1'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
# defines AuthSyncBackend (AuthSyncModule) for AuthModule
# if this key exists and is empty, there won't be a sync.
# example values: AuthSyncBackend, AuthSyncBackend2
$Self->{'AuthModule::UseSyncBackend'} = 'AuthSyncBackend';
# agent data sync against ldap
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = 'ldap://dir.myserver.com.br/';
#$Self->{'AuthSyncModule::LDAP::Host'} = 'ldap://10.1.1.223/';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=redemyserver,dc=myserver,dc=com,dc=br';
$Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
#$Self->{'AuthSyncModule::LDAP::UID'} = 'cn';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'usr_ldap';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'xxxxxx';
$Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
# DB -> LDAP
UserLogin => 'sAMAccountName',
#UserLogin => 'cn',
UserFirstname => 'givenname',
UserLastname => 'sn',
UserEmail => 'mail',
#UserPhone => 'telephonenumber',
};
# AuthSyncModule::LDAP::UserSyncInitialGroups
# (sync following group with rw permission after initial create of first agent
# login)
$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
'users',
];
# AuthSyncModule::LDAP::UserSyncGroupsDefinition
# (If "LDAP" was selected for AuthModule and you want to sync LDAP
# groups to otrs groups, define the following.)
$Self->{'AuthSyncModule::LDAP::UserSyncGroupsDefinition'} = {
'cn=Cenin,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'users' => {
rw => 1,
},
},
'cn=Detec,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'users' => {
rw => 1,
},
},
'cn=Depes,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'users' => {
rw => 1,
},
},
'cn=Secin,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'users' => {
rw => 1,
},
},
'cn=ITSMLogfiAMC,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-coaus-ext-amc' => {
rw => 1,
},
},
'cn=ITSMLogfiStoque,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-coaus-ext-stoque' => {
rw => 1,
},
},
'cn=ITSMLogfiPrintmax,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-coaus-ext-printmax' => {
rw => 1,
},
},
'cn=ITSMLogfiMicrosens,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-coaus-ext-microsens' => {
rw => 1,
},
},
'cn=ITSMLogfiHprint,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-coaus-ext-hprint' => {
rw => 1,
},
},
'cn=ITSMLogfiSimpress,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-coaus-ext-simpress' => {
rw => 1,
},
},
'cn=ITSMLogfiRapidonet,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-coaus-ext-rapidonet' => {
rw => 1,
},
},
'cn=ITSMDepesCoref,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-depes-coref' => {
rw => 1,
},
},
'cn=ITSMDepesCorefSecne,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-depes-coref-secne' => {
rw => 1,
},
},
'cn=ITSMCainf,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-cainf' => {
rw => 1,
},
},
'cn=ITSMCainfSdados,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-cainf-sdados' => {
rw => 1,
},
},
'cn=ITSMCainfSedac,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-cainf-sedac' => {
rw => 1,
},
},
'cn=ITSMCainfGestic,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-cainf-seges' => {
rw => 1,
},
},
'cn=ITSMCainfSemir,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-cainf-semir' => {
rw => 1,
},
},
'cn=ITSMCainfSemirAprovacao,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-cainf-semir-aprovacao' => {
rw => 1,
},
},
'cn=ITSMCainfSemirAlmoxarifado,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-cainf-semir-almoxarifado' => {
rw => 1,
},
},
'cn=ITSMCainfSenet,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-cainf-senet' => {
rw => 1,
},
},
'cn=ITSMCainfSesap,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-cainf-sesap' => {
rw => 1,
},
},
'cn=ITSMCainfSesar,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-cainf-sesar' => {
rw => 1,
},
},
'cn=ITSMCainfSeseg,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-cainf-seseg' => {
rw => 1,
},
},
'cn=ITSMCainfSutec,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-cainf-sesup' => {
rw => 1,
},
},
'cn=ITSMCainfSevir,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-cainf-sevir' => {
rw => 1,
},
},
'cn=ITSMCoaus,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-coaus' => {
rw => 1,
},
},
'cn=ITSMGesoft,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-coaus-gesoft' => {
rw => 1,
},
},
'cn=ITSMCoausSatus,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-coaus-satus' => {
rw => 1,
},
},
'cn=ITSMLogfi,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-coaus-selog' => {
rw => 1,
},
},
'cn=ITSMCoausSepac,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-coaus-sepac' => {
rw => 1,
},
},
'cn=ITSMCoausSesau,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-coaus-sesau' => {
rw => 1,
},
},
'cn=ITSMCoausSespe,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-coaus-sespe' => {
rw => 1,
},
},
'cn=ITSMCoges,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-coges' => {
rw => 1,
},
},
'cn=ITSMCocom,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-cocom' => {
rw => 1,
},
},
'cn=ITSMCocomSesor,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-cocom-secor' => {
rw => 1,
},
},
'cn=ITSMCocomSecom,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-cocom-secom' => {
rw => 1,
},
},
'cn=ITSMCocomSesip,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-cocom-separ' => {
rw => 1,
},
},
'cn=ITSMCocomSelep,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-cocom-selep' => {
rw => 1,
},
},
'cn=ITSMCocomSeapl,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-cocom-seapl' => {
rw => 1,
},
},
'cn=ITSMSocit,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-corec' => {
rw => 1,
},
},
'cn=ITSMSocitSemid,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-socit-semid' => {
rw => 1,
},
},
'cn=ITSMSocitSepor,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-socit-sepor' => {
rw => 1,
},
},
'cn=ITSMSocitSepop,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-socit-sepop' => {
rw => 1,
},
},
'cn=ITSMSocitSisei,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-socit-sisei' => {
rw => 1,
},
},
'cn=ITSMCoarh,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-coreh' => {
rw => 1,
},
'fila-coarh-ext-mv-demed' => {
rw => 1,
},
'fila-coarh-ext-educom-cefor' => {
rw => 1,
},
},
'cn=ITSMCoarhMVDemed,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-coarh-ext-mv-demed' => {
rw => 1,
},
},
'cn=ITSMCoarhEducomCefor,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-coarh-ext-educom-cefor' => {
rw => 1,
},
},
'cn=ITSMCosev,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-cosev' => {
rw => 1,
},
},
'cn=ITSMCosevSadve,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-cosev-sadve' => {
rw => 1,
},
},
'cn=ITSMCosevSesve,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-cosev-sesve' => {
rw => 1,
},
},
'cn=ITSMCosevSeinf,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-cosev-seinf' => {
rw => 1,
},
},
'cn=ITSMCosevSosev,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-cosev-sosev' => {
rw => 1,
},
},
'cn=ITSMCopad,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-sadap' => {
rw => 1,
},
},
'cn=ITSMSadapCotasNet,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-sadap-cotasnet' => {
rw => 1,
},
},
'cn=ITSMSadapInfogab,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-sadap-infogab' => {
rw => 1,
},
},
'cn=ITSMSecad,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-serad' => {
rw => 1,
},
},
'cn=ITSMSotic,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-sotic' => {
rw => 1,
},
},
'cn=ITSMSecidAD,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-sotic-ad' => {
rw => 1,
},
},
'cn=ITSMSoticSedas,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-sotic-sedas' => {
rw => 1,
},
},
'cn=ITSMSecid,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-sotic-sedas' => {
rw => 1,
},
},
'cn=ITSMSecid,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-secid' => {
rw => 1,
},
},
'cn=ITSMSoticSesen,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-sotic-sesen' => {
rw => 1,
},
},
'cn=ITSMSoticSeaad,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-sotic-sestic' => {
rw => 1,
},
},
'cn=ITSMSeuso,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-sotic-seuso' => {
rw => 1,
},
},
'cn=ITSMDetec,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-detec' => {
rw => 1,
},
},
'cn=ITSMDetecSente,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-detec-sente' => {
rw => 1,
},
},
'cn=ITSMDetecTelefoniaIP,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-detec-telefoniaip' => {
rw => 1,
},
},
'cn=ITSMDetecArCondicionado,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-detec-arcondicionado' => {
rw => 1,
},
},
'cn=ITSMDetecInstalacoesHidrosanitarias,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-detec-hidraulica' => {
rw => 1,
},
},
'cn=ITSMDetecInstalacoesEletricas,ou=IDEA,ou=Grupos,ou=Usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
'fila-detec-eletrica' => {
rw => 1,
},
},
};
# AuthSyncModule::LDAP::UserSyncRolesDefinition
# (If "LDAP" was selected for AuthModule and you want to sync LDAP
# groups to otrs roles, define the following.)
#$Self->{'AuthSyncModule::LDAP::UserSyncRolesDefinition'} = {
# 'cn=Seges,ou=Grupos,ou=usuarios,dc=redemyserver,dc=myserver,dc=com,dc=br' => {
# 'SysAdmin' => 1,
# },
# 'cn=agent2,o=otrs' => {
# 'role3' => 1,
# }
#};
# CheckMXRecord
# (Check mx recorde of used email addresses)
$Self->{CheckMXRecord} = 0;
# ---------------------------------------------------- #
# #
# end of your own config options!!! #
# #
# ---------------------------------------------------- #
# ---------------------------------------------------- #
}
# ---------------------------------------------------- #
# needed system stuff (don't edit this) #
# ---------------------------------------------------- #
use base qw(Kernel::Config::Defaults);
# -----------------------------------------------------#
1;
-
spinaldf
- Znuny newbie
- Posts: 48
- Joined: 29 Apr 2019, 16:29
- Znuny Version: 6community
- Real Name: Luiz Guilherme
Re: Cas authentication
Detail: Work with groups and user of Active Directory connect on otrs. I can't use only with the cas.
-
root
- Administrator
- Posts: 4250
- Joined: 18 Dec 2007, 12:23
- Znuny Version: Znuny and Znuny LTS
- Real Name: Roy Kaldung
- Company: Znuny
- Contact:
Re: Cas authentication
Hi,
Are there any entries in the logfiles when accessing customer.pl? At least in the web server access log should be the username visible.
- Roy
Are there any entries in the logfiles when accessing customer.pl? At least in the web server access log should be the username visible.
- Roy
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
-
spinaldf
- Znuny newbie
- Posts: 48
- Joined: 29 Apr 2019, 16:29
- Znuny Version: 6community
- Real Name: Luiz Guilherme
Re: Cas authentication
Hi, It show this message in logs:
detail: On my old server show authentication cas and I login on otrs.
tail -f /opt/otrs/var/log/* /var/log/messages /var/log/httpd/error_log /var/log/httpd/access_log
==> /var/log/messages <==
Dec 9 14:37:37 cruze OTRS-CGI-3[106683]: [Error][Kernel::System::CustomerAuth::LDAP::Auth][Line:129]: Need User!
==> /var/log/httpd/error_log <==
ERROR: OTRS-CGI-3 Perl: 5.16.3 OS: linux Time: Mon Dec 9 14:37:37 2019
Message: Need User!
RemoteAddress: 10.251.14.134
RequestURI: /otrs/customer.pl
Traceback (106683):
Module: Kernel::System::CustomerAuth::LDAP::Auth Line: 129
Module: Kernel::System::CustomerAuth::Auth Line: 135
Module: Kernel::System::Web::InterfaceCustomer::Run Line: 227
Module: ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_customer_2epl::handler Line: 40
Module: (eval) (v1.99) Line: 207
Module: ModPerl::RegistryCooker::run (v1.99) Line: 207
Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 173
Module: ModPerl::Registry::handler (v1.99) Line: 32
==> /var/log/httpd/access_log <==
::1 - - [09/Dec/2019:14:37:43 -0300] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_perl/2.0.11 Perl/v5.16.3 (internal dummy connection)"
detail: On my old server show authentication cas and I login on otrs.
tail -f /opt/otrs/var/log/* /var/log/messages /var/log/httpd/error_log /var/log/httpd/access_log
==> /var/log/messages <==
Dec 9 14:37:37 cruze OTRS-CGI-3[106683]: [Error][Kernel::System::CustomerAuth::LDAP::Auth][Line:129]: Need User!
==> /var/log/httpd/error_log <==
ERROR: OTRS-CGI-3 Perl: 5.16.3 OS: linux Time: Mon Dec 9 14:37:37 2019
Message: Need User!
RemoteAddress: 10.251.14.134
RequestURI: /otrs/customer.pl
Traceback (106683):
Module: Kernel::System::CustomerAuth::LDAP::Auth Line: 129
Module: Kernel::System::CustomerAuth::Auth Line: 135
Module: Kernel::System::Web::InterfaceCustomer::Run Line: 227
Module: ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_customer_2epl::handler Line: 40
Module: (eval) (v1.99) Line: 207
Module: ModPerl::RegistryCooker::run (v1.99) Line: 207
Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 173
Module: ModPerl::Registry::handler (v1.99) Line: 32
==> /var/log/httpd/access_log <==
::1 - - [09/Dec/2019:14:37:43 -0300] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_perl/2.0.11 Perl/v5.16.3 (internal dummy connection)"
-
root
- Administrator
- Posts: 4250
- Joined: 18 Dec 2007, 12:23
- Znuny Version: Znuny and Znuny LTS
- Real Name: Roy Kaldung
- Company: Znuny
- Contact:
Re: Cas authentication
Hi,
Is there only one line in /var/log/httpd/access_log?
- Roy
Is there only one line in /var/log/httpd/access_log?
- Roy
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
-
spinaldf
- Znuny newbie
- Posts: 48
- Joined: 29 Apr 2019, 16:29
- Znuny Version: 6community
- Real Name: Luiz Guilherme
Re: Cas authentication
I check cas configuration on apache:
apachectl -M | grep cas
auth_cas_module (shared)
Well, Only this on logs. Any suggestion or idea?
apachectl -M | grep cas
auth_cas_module (shared)
Well, Only this on logs. Any suggestion or idea?
-
spinaldf
- Znuny newbie
- Posts: 48
- Joined: 29 Apr 2019, 16:29
- Znuny Version: 6community
- Real Name: Luiz Guilherme
Re: Cas authentication
My solution work with otrs 5 and 6:
viewtopic.php?t=38781
I comment this lines of zzz_otrs.conf:
# <IfModule mod_version.c>
# <IfVersion < 2.4>
# Order allow,deny
# Allow from all
# </IfVersion>
# <IfVersion >= 2.4>
# Require all granted
# </IfVersion>
# </IfModule>
# <IfModule !mod_version.c>
Order allow,deny
Allow from all
# </IfModule>
viewtopic.php?t=38781
I comment this lines of zzz_otrs.conf:
# <IfModule mod_version.c>
# <IfVersion < 2.4>
# Order allow,deny
# Allow from all
# </IfVersion>
# <IfVersion >= 2.4>
# Require all granted
# </IfVersion>
# </IfModule>
# <IfModule !mod_version.c>
Order allow,deny
Allow from all
# </IfModule>
-
root
- Administrator
- Posts: 4250
- Joined: 18 Dec 2007, 12:23
- Znuny Version: Znuny and Znuny LTS
- Real Name: Roy Kaldung
- Company: Znuny
- Contact:
Re: Cas authentication
Hi,
Ok, that was the order fo the configuration settings. I do not recommend changing the webserver configuration from the source.
The easiest way to add your settings is to add an own config file in /etc/httpd/conf.d/ named like zzzz_custom.conf to get it loaded after zzz_otrs.conf. (I assume your using CentOS / RHEL).
- Roy
Ok, that was the order fo the configuration settings. I do not recommend changing the webserver configuration from the source.
The easiest way to add your settings is to add an own config file in /etc/httpd/conf.d/ named like zzzz_custom.conf to get it loaded after zzz_otrs.conf. (I assume your using CentOS / RHEL).
- Roy
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?