I run an instance of OTRS 2.4.7 using MySQL on Win2008. The authentication uses both LDAP and a mySQL backend in parallel. I have no problems with users logging on with either method.
I've added the AlwaysFilter option and it is doing its job well at login (despite showing 'Panic - no user data' when a user does not meet the criteria, though that is not a concern). The problem is when I create a phone ticket from the admin side of OTRS and click the From field, the ldap lookup lists all users and ignores the AlwaysFilter criteria.
Does anyone know if this is a configuration problem or a limitation of the ldap authentication?
My setup bellow... (ldap config included only)
Code: Select all
# Customer LDAP Authentication Module
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'host.domain.com';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'OU=Users,OU=User Accounts,DC=domain,DC=com';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'CN=ldaplookupuser,OU=Users,OU=User Accounts,DC=domain,DC=com';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'mypassword';
# Customer LDAP Access Group
$Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'CN=myaccessgroup,OU=Groups,DC=domain,DC=com;
$Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN';
# Customer LDAP Object Filter
$Self->{'CUstomer::AuthModule::LDAP::AlwaysFilter'} = '(physicalDeliveryOfficeName=Support Office)';
# Customer LDAP Datasource
$Self->{CustomerUser} = {
Name => 'LDAP Data Source',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'host.domain.com',
BaseDN => 'OU=Users,OU=User Accounts,DC=domain,DC=com',
SSCOPE => 'sub',
UserDN =>'CN=ldaplookupuser,OU=Users,OU=User Accounts,DC=domain,DC=com',
UserPw => 'mypassword',
#AlwaysFilter => '(physicalDeliveryOfficeName=Support Office)',
},
CustomerKey => 'sAMAccountName',
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
#[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
#[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
David