I've set up a link to ActiveDirectory to give one group access. How to set up several groups?
Is it as simple as just adding another GroupDN line? Or are there more changes needed?
$Self->{'AuthModule::LDAP::GroupDN'} =''CN=otrs_ldap_allow_A,OU=Groups,OU=BaseOU,DC=example,DC=com';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
Another followup question to LDAP is, when adding the BaseOU does it the travers every OU under it?
OTRS 3.0.9 RHEL 5, Windows 2008/SQL08
LDAP customer login
Moderator: crythias
LDAP customer login
Last edited by zhakal on 31 Aug 2011, 17:22, edited 1 time in total.
OTRS 3.0.11 , RHLE 5.6 & CentOS 6
MSSQL 2008 R2 , Windows 2008 R2
MSSQL 2008 R2 , Windows 2008 R2
Re: LDAP agent login
If i add 1 after the LDAP::UserAttr1 it works, but how to add another? Simply add 2?
OTRS 3.0.11 , RHLE 5.6 & CentOS 6
MSSQL 2008 R2 , Windows 2008 R2
MSSQL 2008 R2 , Windows 2008 R2
-
- Znuny superhero
- Posts: 723
- Joined: 10 Oct 2007, 14:30
- Znuny Version: 3.0
- Location: Hamburg, Germany
Re: LDAP agent login
OTRS should follow the OU tree, at least it does here
Adding digits to the variables is made to have more than one connection/source. In this case you´d set up one block with all parameters with the same digit for the same source.
$Self->{'AuthModule::LDAP::UserAttr1'} = 'DN';
should NOT work on the same source as
$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
If it does it is a severe bug.
Adding digits to the variables is made to have more than one connection/source. In this case you´d set up one block with all parameters with the same digit for the same source.
$Self->{'AuthModule::LDAP::UserAttr1'} = 'DN';
should NOT work on the same source as
$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
If it does it is a severe bug.
openSuSE on ESX
IT-Helpdesk: OTRS 3.0
Customer Service: OTRS 3.0 (upgraded from 2.3)
Customer Service (subsidiary): OTRS 3.0
+additional test and development systems
IT-Helpdesk: OTRS 3.0
Customer Service: OTRS 3.0 (upgraded from 2.3)
Customer Service (subsidiary): OTRS 3.0
+additional test and development systems
Re: LDAP agent login
I want it to traverse two different OU's in a domain. Where it's domain\OU1 and domain\OU2
Should i then do the following.
$Self->{'AuthModule::LDAP::BaseDN'} =''OU=BaseOU1,DC=example,DC=com';
$Self->{'AuthModule::LDAP::BaseDN1'} =''OU=BaseOU2,DC=example,DC=com';
Or should i do it in one go somehow and traverse every OU inside the domain?
And is there any command i need to run to get it to start working except: service httpd restart?
Should i then do the following.
$Self->{'AuthModule::LDAP::BaseDN'} =''OU=BaseOU1,DC=example,DC=com';
$Self->{'AuthModule::LDAP::BaseDN1'} =''OU=BaseOU2,DC=example,DC=com';
Or should i do it in one go somehow and traverse every OU inside the domain?
And is there any command i need to run to get it to start working except: service httpd restart?
OTRS 3.0.11 , RHLE 5.6 & CentOS 6
MSSQL 2008 R2 , Windows 2008 R2
MSSQL 2008 R2 , Windows 2008 R2
-
- Moderator
- Posts: 10169
- Joined: 04 May 2010, 18:38
- Znuny Version: 5.0.x
- Location: SouthWest Florida, USA
- Contact:
Re: LDAP agent login
BaseDN is common. You want LDAP search to filter.
http://www.petri.co.il/ldap_search_samp ... change.htm
http://www.petri.co.il/ldap_search_samp ... change.htm
OTRS 6.0.x (private/testing/public) on Linux with MySQL database.
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
Re: LDAP customer login
Sorry didn't understand what you ment crythias.
I've set up the following
$Self->{'AuthModule::LDAP::Host'} = 'DC FQDN';
$Self->{'AuthModule::LDAP::BaseDN'} = 'OU=GROUP1,dc=domain,dc=com';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountname';
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=OTRS,OU=GROUP1,dc=domain,dc=com';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'XXXX';
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} =
{
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
# All new users should be assigned a default group, in this case, 'users'
$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} =
[
'users',
];
This works for the OU named Group1 but i want to add the same search for OU named Group2 aswell.
I've set up the following
$Self->{'AuthModule::LDAP::Host'} = 'DC FQDN';
$Self->{'AuthModule::LDAP::BaseDN'} = 'OU=GROUP1,dc=domain,dc=com';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountname';
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=OTRS,OU=GROUP1,dc=domain,dc=com';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'XXXX';
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} =
{
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
# All new users should be assigned a default group, in this case, 'users'
$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} =
[
'users',
];
This works for the OU named Group1 but i want to add the same search for OU named Group2 aswell.
OTRS 3.0.11 , RHLE 5.6 & CentOS 6
MSSQL 2008 R2 , Windows 2008 R2
MSSQL 2008 R2 , Windows 2008 R2
-
- Moderator
- Posts: 10169
- Joined: 04 May 2010, 18:38
- Znuny Version: 5.0.x
- Location: SouthWest Florida, USA
- Contact:
Re: LDAP customer login
BaseDN is common: It means this is the grouping that applies to everyone. It probably doesn't need an OU, or if it does, it'd be something that is universally applicable.
Objective: First select everyone that could possibly fit, then filter. Don't try to filter first.
If you want to filter, use, for an example:
$Self->{'AuthModule::LDAP::AlwaysFilter'} = '(|(OU=group1*) (OU=group2*))';
Objective: First select everyone that could possibly fit, then filter. Don't try to filter first.
If you want to filter, use, for an example:
$Self->{'AuthModule::LDAP::AlwaysFilter'} = '(|(OU=group1*) (OU=group2*))';
OTRS 6.0.x (private/testing/public) on Linux with MySQL database.
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask