I am unable to configure OTRS to integrate with AD. I am using version 3.0.5 hosting it on Ubuntu 10.10 LTS and our domain controller runs W2K3 R2. The server is running samba and I am able to join the domain. I installed Net::LDAP and ran the make sequence. I am also willing to allow for the possibility that the integration might not do what I think it does and I am expecting something unrealistic. If so, please set me straight.
Our company serves about 450 internal customers. All users exist in AD and management is not willing to rework our domain structure in order to place all users in an OU such as : OTRS_allow. I have set up the Config.pm file by following samples from this forum, the otrs documentation and a video I found on Youtube by a Sean Beasley (sp?). The Config.pm file is below:
In the video, Mr. Beasley goes through the setup and then at the end logs in as a Super.admin, a reference not made during the entire video and says everything is good to go. What is the purpose, then, of the OTRS user account creation in AD, if he is just going to login as the root administrator?
What I am expecting from this configuration is for OTRS to read from AD and automatically populate the database with login ID's and passwords so our users just have to login and not create another account. When I try to login under my AD account settings, I receive an incorrect password or username error.
Is this not what the integration provides? If so, is the code below setup to accomplish that?
Any help is appreciated. Thank you.
Code: Select all
# ---------------------------------------------------- #
# #
# Start of your own config options!!! #
# #
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# database settings #
# ---------------------------------------------------- #
# DatabaseHost
# (The database host.)
$Self->{'DatabaseHost'} = 'localhost';
# Database
# (The database name.)
$Self->{'Database'} = 'otrs';
# DatabaseUser
# (The database user.)
$Self->{'DatabaseUser'} = 'otrs';
# DatabasePw
# (The password of database user. You also can use bin/otrs.CryptPassword.pl
# for crypted passwords.)
$Self->{'DatabasePw'} = 'secret';
# DatabaseDSN
# (The database DSN for MySQL ==> more: "man DBD::mysql")
$Self->{DatabaseDSN} = "DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost};";
# (The database DSN for PostgreSQL ==> more: "man DBD::Pg")
# if you want to use a local socket connection
# $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};";
# if you want to use a tcpip connection
# $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};host=$Self->{DatabaseHost};";
# ---------------------------------------------------- #
# fs root directory
# ---------------------------------------------------- #
$Self->{Home} = '/opt/otrs';
# ---------------------------------------------------- #
# insert your own config settings "here" #
# config settings taken from Kernel/Config/Defaults.pm #
# ---------------------------------------------------- #
# $Self->{SessionUseCookie} = 0;
# $Self->{CheckMXRecord} = 0;
# There is a strong possibility that all this is a colossal waste of
# time and I have no bloody idea what the hell I am doing. We shall see.
$Self->{'ProductName'} = 'ACME Products';
$Self->{'CustomerHeadline'} = 'ACME supportt';
$Self->{'FQDN'} = 'Subversion1.ACME.com';
$Self->{'AdminEmail'} = 'support@ACME.com';
$Self->{'Organization'} = 'ACME';
$Self->{'PDF::LogoFile'} = '<OTRS_CONFIG_Home>/var/Plogo.tif';
$Self->{'AgentLogo'} = {
'StyleHeight' => '67px',
'StyleRight' => '38px',
'StyleTop' => '-4px',
'StyleWidth' => '244px',
'URL' => '/opt/otrs/var/httpd/htdocs/skins/Agent/default/img/Plogo.tif'
};
# *******************************************************************
# *******************************************************************
# *************** Start of OTRS_Support customer Config *******
# *******************************************************************
# *******************************************************************
# This is an example configuration for an LDAP auth. backend.
# (take care that Net::LDAP is installed!)
$Self->{AuthModule1} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host1'} = '172.16.0.10';
$Self->{'AuthModule::LDAP::BaseDN1'} = 'dc=blah blah,dc=com';
$Self->{'AuthModule::LDAP::UID1'} = 'sAMAccountName';
# The following is valid but would only be necessary if the
# anonymous user do NOT have permission to read from the LDAP tree
$Self->{'AuthModule::LDAP::SearchUserDN1'} = 'cn=OTRS_Support,cn=blah,cn=blah,DC=blah,DC=com';
$Self->{'AuthModule::LDAP::SearchUserPw1'} = 'secret';
# In case you need to use OTRS in iso-charset, you can define this
# by using this option (converts utf-8 data from LDAP to iso).
# $Self->{'AuthModule::LDAP::Charset'} = 'iso-8859-1';
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'AuthModule::LDAP::Params1'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
# Die if backend can't work, e. g. can't connect to server.
# $Self->{'AuthModule::LDAP::Die'} = 1;
# --------------------------------------------------- #
# authentication sync settings #
# (enable agent data sync. after succsessful #
# authentication) #
# --------------------------------------------------- #
# This is an example configuration for an LDAP auth sync. backend.
# (take care that Net::LDAP is installed!)
$Self->{AuthSyncModule1} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host1'} = '172.16.0.10';
$Self->{'AuthSyncModule::LDAP::BaseDN1'} = 'dc=blah,dc=com';
$Self->{'AuthSyncModule::LDAP::UID1'} = 'sAMAccountName';
# The following is valid but would only be necessary if the
# anonymous user do NOT have permission to read from the LDAP tree
$Self->{'AuthSyncModule::LDAP::SearchUserDN1'} = 'cn=OTRS_Support,cn=blah,cn=blah,DC=blah,DC=com';
$Self->{'AuthSyncModule::LDAP::SearchUserPw1'} = 'secret';
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
# $Self->{'AuthSyncModule::LDAP::AlwaysFilter'} = '';
# AuthSyncModule::LDAP::UserSyncMap
# (map if agent should create/synced from LDAP to DB after successful login)
$Self->{'AuthSyncModule::LDAP::UserSyncMap1'} = {
# DB -> LDAP
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
# In case you need to use OTRS in iso-charset, you can define this
# by using this option (converts utf-8 data from LDAP to iso).
# $Self->{'AuthSyncModule::LDAP::Charset'} = 'iso-8859-1';
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'AuthSyncModule::LDAP::Params1'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
# Die if backend can't work, e. g. can't connect to server.
# $Self->{'AuthSyncModule::LDAP::Die'} = 1;
#****************************************************************************
#****************************************************************************
#****************************************************************************
#****************************** TEST ****************************************
#****************************************************************************
#****************************************************************************
# CustomerUser1
# (customer user ldap backend and settings)
$Self->{CustomerUser} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
# ldap host
Host => '172.16.0.10',
# ldap base dn
BaseDN => 'cn=blah,dc=blah,dc=com',
# search scope (one|sub)
SSCOPE => 'sub',
# The following is valid but would only be necessary if the
# anonymous user does NOT have permission to read from the LDAP tree
UserDN => 'cn=OTRS_Support,cn=blah,cn=blah,DC=blah,DC=com',
UserPw => 'secret',
AlwaysFilter => '',
SourceCharset => 'utf-8',
DestCharset => 'iso-8859-1',
},
# customer uniq id
CustomerKey => 'sAMAccountName',
# customer #
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
#[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
#[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
#[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
#[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
# UserSyncLDAPMap
# (map if agent should create/synced from LDAP to DB after login)
$Self->{UserSyncLDAPMap} = {
# DB -> LDAP
Firstname => 'givenName',
Lastname => 'sn',
Email => 'mail',
};
# ****************************************************************
# ****************************************************************
# ********************** END OF USER CONFIG ********************
# ****************************************************************
# ****************************************************************