AD OTRS integration

[tamilbots]

Hi,

Thanks for providing such a wonderful active community.

Am new to this OTRS setup, I have installed OTRS 3.0.2 and setup DB.

Able to login to index.pl using my admin credentials.

Am trying to integrate AD with OTRS.

modified config.pm and as code as follows

Code: Select all

 
# --
# Kernel/Config.pm - Config file for OTRS kernel
# Copyright (C) 2001-2010 xxx, http://otrs.org/
# --
# $Id: Config.pm.dist,v 1.23 2010/01/13 22:25:00 martin Exp $
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (AGPL). If you
# did not receive this file, see http://www.gnu.org/licenses/agpl.txt.
# --
#  Note:
#
#  -->> OTRS does have a lot of config settings. For more settings
#       (Notifications, Ticket::ViewAccelerator, Ticket::NumberGenerator,
#       LDAP, PostMaster, Session, Preferences, ...) see
#       Kernel/Config/Defaults.pm and copy your wanted lines into "this"
#       config file. This file will not be changed on update!
#
# --

package Kernel::Config;

sub Load {
    my $Self = shift;
    # ---------------------------------------------------- #
    # ---------------------------------------------------- #
    #                                                      #
    #         Start of your own config options!!!          #
    #                                                      #
    # ---------------------------------------------------- #
    # ---------------------------------------------------- #

    # ---------------------------------------------------- #
    # database settings                                    #
    # ---------------------------------------------------- #
    # DatabaseHost
    # (The database host.)
    $Self->{'DatabaseHost'} = 'xxxxxx';
    # Database
    # (The database name.)
    $Self->{'Database'} = 'xxxxx';
    # DatabaseUser
    # (The database user.)
    $Self->{'DatabaseUser'} = 'xxxxx';
    # DatabasePw
    # (The password of database user. You also can use bin/otrs.CryptPassword.pl
    # for crypted passwords.)
    $Self->{'DatabasePw'} = 'hotsonicwall';
    # DatabaseDSN
    # (The database DSN for MySQL ==> more: "man DBD::mysql")
    $Self->{DatabaseDSN} = "DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost};";


 # (The database DSN for PostgreSQL ==> more: "man DBD::Pg")
    # if you want to use a local socket connection
#    $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};";
    # if you want to use a tcpip connection
#    $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};host=$Self->{DatabaseHost};";

    # ---------------------------------------------------- #
    # fs root directory
    # ---------------------------------------------------- #
    $Self->{Home} = '/opt/otrs';

    # ---------------------------------------------------- #
    # insert your own config settings "here"               #
    # config settings taken from Kernel/Config/Defaults.pm #
    # ---------------------------------------------------- #
    # $Self->{SessionUseCookie} = 0;
    # $Self->{CheckMXRecord} = 0;

    # ---------------------------------------------------- #

    # ---------------------------------------------------- #
    # data inserted by installer                           #
    # ---------------------------------------------------- #
    # $DIBI$
    $Self->{'DefaultCharset'} = 'utf-8';

    # ---------------------------------------------------- #
    # ---------------------------------------------------- #
    #                                                      #
    #           End of your own config options!!!          #
    #                                                      #
    # ---------------------------------------------------- #
    # ---------------------------------------------------- #
}




# ---------------------------------------------------- #
# OTRS Active Directory Integration #
# ---------------------------------------------------- #
# Enable LDAP Authentication for Agent #
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'xxxx.';
$Self->{'AuthModule::LDAP::BaseDN'} = 'xxxxx';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::GroupDN'} = 'cn=Agents,ou=Groups,dc=abc,dc=def,dc=net';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'xxxxx';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'xxxx';
$Self->{'AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};

# Enable LDAP Authentication Sync for Agent #
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = 'ldap://xxx';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'xxx';
$Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthSyncModule::LDAP::UserAttr'} = 'DN';
$Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'xxx';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'xxx';

# Enable Agent Mapping from LDAP to DB #
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};


# ---------------------------------------------------- #
# needed system stuff (don't edit this)                #
# ---------------------------------------------------- #
use strict;
use warnings;

use vars qw(@ISA $VERSION);
$VERSION = qw($Revision: 1.23 $)[1];

use Kernel::Config::Defaults;
push (@ISA, 'Kernel::Config::Defaults');

# -----------------------------------------------------#
1;

Am trying to provide AD authentication to customer, when i tried to create local customer user it works fine.

Please help to configure the same.

Thank you...

[Wolfgangf]

Hi,

please have a look in forum via search functionallity - there are a LOT of articels dealing with AD integration covering all topics

it all begins by installing the Net::LDAP perl module and ends with setting the values in <OTRS_HOME>/Kernel/Config.pm

Also have a look at the documentation, it's well described here
http://doc.otrs.org/3.0/en/html/auth-backends.html

[tamilbots]

Thanks gangf

I already used that document, had install all the prerequisite and some how AD auth is not happening.

[Wolfgangf]

Allright - let's see

$Self->{'AuthModule::LDAP::Host'} = 'xxxx.';

I'd suggest using

Code: Select all

 $Self->{'AuthModule::LDAP::Host'} = 'ldap.your.domain.country:3268';

anywhere the host is to be configured

same for $Self->{'AuthModule::LDAP::Params'}

this is how it works for me

Code: Select all

    $Self->{'AuthModule::LDAP::Params'} = {
       port => 3268,
       timeout => 10, #--> activate LDAP 120,
       async => 0,
       version => 3,
       debug => 8,
    };

Code: Select all

 $Self->{'AuthSyncModule::LDAP::Host'} = 'ldap://xxx';

i'd suggest no protocoll identifier here, but the same as above:

Code: Select all

$Self->{'AuthSyncModule::LDAP::Host'} = 'ldap.your.domain.country:3268';

and to my mind your missing the sections for Agent and customer login
1) you will need one for Agent Auth against OTRS Customer DB something like

Code: Select all

    $Self->{CustomerUser} = {
        Name   => 'Database Backend',
        Module => 'Kernel::System::CustomerUser::DB',
        Params => {
            Table => 'customer_user',
            DestCharset => 'utf-8',
            SourceCharset => 'utf-8',
        },
        # customer uniq id
        CustomerKey => 'login',
            SearcgKeyType => {
                        CustomerID => 'var',
                        CustomerUserLogin => 'var',
                },

        # customer #
        CustomerID             => 'customer_id',
        CustomerValid          => 'valid_id',
        CustomerUserListFields => [ 'first_name', 'last_name', 'email' ],
        CustomerUserListFields => ['login', 'first_name', 'last_name', 'customer_id', 'email'],
        CustomerUserSearchFields => [ 'login', 'first_name', 'last_name', 'customer_id' ],
        CustomerUserSearchPrefix => '',
        CustomerUserSearchSuffix => '*',
        CustomerUserSearchListLimit => 250,
        CustomerUserPostMasterSearchFields => ['email'],
        CustomerUserNameFields => [ 'salutation', 'first_name', 'last_name' ],
        #CustomerUserEmailUniqCheck => 1,##

        # show now own tickets in customer panel, CompanyTickets
        #CustomerUserExcludePrimaryCustomerID => 0,
        # generate auto logins
        #AutoLoginCreation => 0,
        # generate auto login prefix
        #AutoLoginCreationPrefix => 'auto',
        # admin can change customer preferences
        #AdminSetPreferences => 1,
        # use customer company support (reference to company, See CustomerCompany settings)
        CustomerCompanySupport => 1,
        # cache time to life in sec. - cache any database queris
        #CacheTTL => 0,
        # just a read only source
        ReadOnly => 1,
        Map => [

           # note: Login, Email and CustomerID needed!
           # var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly, http-link-target
           # [ 'UserSalutation', 'Salutation', 'salutation', 1, 0, 'var', '', 0 ],
            [ 'UserFirstname',  'Firstname',  'first_name',     1, 1, 'var', '', 0 ],
            [ 'UserLastname',   'Lastname',   'last_name',      1, 1, 'var', '', 0 ],
            [ 'UserLogin',      'Username',   'login',          1, 1, 'var', '', 0 ],
            [ 'UserEmail',      'Email',      'email',          1, 1, 'var', '', 0 ],
            [ 'UserCustomerID', 'CustomerID', 'customer_id',    0, 1, 'var', '', 0 ],
                [ 'UserPhone',        'Phone',       'phone',        1, 0, 'var', 'click2dial.pl?agent=$Env{"UserComment"}&customer=$Data{"UserPhone"}', 0 ],
            [ 'UserMobile',      'Mobile',      'mobile',       1, 0,'var', 'click2dial.pl?agent=$Env{"UserComment"}&customer=$Data{"UserMobile"}', 0 ],
        ],
    };

2) one for Agent Auth against Active Directory

Code: Select all

# ===================================================
# LDAP Customer User Authentication [WF]
# ===================================================

    $Self->{CustomerUser1} = {
        Name => 'Active Directory ',
        Module => 'Kernel::System::CustomerUser::LDAP',
        Params => {
            Host => 'ldap.x.x.x',
            BaseDN => '...',
            SSCOPE => 'sub',
            UserDN => 'CN=otrs,...',
            UserPw => 'sup4port@asa1',
            AlwaysFilter =>  '(&(objectclass=user)(mail=*))',
            DestCharset => 'utf-8',
            SourceCharset => 'utf-8',
            Params => {
                port => 3268,
                timeout => 10,
                async => 0,
                version => 3,
            },
        },
        CustomerKey => 'sAMAccountName',
        CustomerID => 'mail',
        CustomerUserListFields => ['cn', 'mail'],
        CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
        CustomerUserSearchListLimit => 250,
        CustomerUserPostMasterSearchFields => ['mail'],
        CustomerUserNameFields => ['givenname', 'sn'],
        CustomerUserExcludePrimaryCustomerID => 0,
        AdminSetPreferences => 0,
        CustomerCompanySupport => 1,
        Map => [
           #[ 'UserSalutation', 'Title',      'title',           1, 0, 'var', '', 0 ],
            [ 'UserFirstname',  'Firstname',  'givenname',       1, 1,'var', '', 0 ],
            [ 'UserLastname',   'Lastname',   'sn',              1, 1,'var', '', 0 ],
            [ 'UserLogin',      'Username',   'sAMAccountName',  1, 1,'var', '', 0 ],
            [ 'UserEmail',      'Email',      'mail',            1, 1,'var', '', 0 ],
            [ 'UserCustomerID', 'CustomerID', 'mail',            0, 1,'var', '', 0 ],
            [ 'UserPhone',       'Phone',       'phone',        1, 0, 'var', '', 0 ],
            [ 'UserMobile',      'Mobile',      'mobile',       1, 0,'var', '', 0 ],         
        ],
    };

3) and one for Auth Customers againts AD if you want

Code: Select all

  # This is the auth. module against the otrs db
    $Self->{'Customer::AuthModule1'} = 'Kernel::System::CustomerAuth::DB';
    $Self->{'Customer::AuthModule::DB::Table1'} = 'customer_user';
    $Self->{'Customer::AuthModule::DB::CustomerKey1'} = 'login';
    $Self->{'Customer::AuthModule::DB::CustomerPassword1'} = 'pw';
  # This is the auth. module against LDAP
    $Self->{'Customer::AuthModule2'} = 'Kernel::System::CustomerAuth::LDAP';
    $Self->{'Customer::AuthModule::LDAP::Host2'} = 'ldap.x.x.x';
    $Self->{'Customer::AuthModule::LDAP::BaseDN2'} = 'xxx';
    $Self->{'Customer::AuthModule::LDAP::UID2'} = 'sAMAccountName';
    $Self->{'Customer::AuthModule::LDAP::SearchUserDN2'} = 'CN=otrs,...';
    $Self->{'Customer::AuthModule::LDAP::SearchUserPw2'} = 'very secret';
    $Self->{'Customer::AuthModule::LDAP::AlwaysFilter2'} = '(&(objectclass=user)(mail=*))';
    $Self->{'Customer::AuthModule::LDAP::Params2'} = {
        port => 3268,
        timeout => 10,
        async => 0,
        version => 3,
    };

and last not least: please check the documentation once more - it's exactly as stated there

[tamilbots]

Appreciate your help on this.

Let me try it out.

[tamilbots]

Hello,

its not working for me and multiple errors with

"Checking database connect... Global symbol "$Self" requires explicit package name at /opt/otrs/Kernel/Config.pm line 134"

and refuses to start OTRS service.

Thank you...

[ferrosti]

You are trying to access a variable that is not defined in your Config.pm.
Can you please post the lines 130 - 140 out of your Config.pm?

[Wolfgangf]

try a perl -c /opt/otrs/Kernel/Config.pm and please post your final Config.pm