LDAP Agentenauthentifizierung

[zrako02]

Hallo ich habe folgende config.pm

Code: Select all

# ---------------------------------------------------- #
    # LDAP Integration - Agentenauthentifizierung
    # ---------------------------------------------------- #

	$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
	$Self->{'AuthModule::LDAP::Host'} = '192.168.2.191';
	$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=yourdomain,dc=de';
	$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
	$Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=OTRSSearch,CN=Users,DC=yourdomain,DC=de';
	$Self->{'AuthModule::LDAP::SearchUserPw'} = '!OTRSSearch!';
	
    # UserSyncLDAPMap
    # (map if agent should create/synced from LDAP to DB after login)
    $Self->{UserSyncLDAPMap} = {
        # DB -> LDAP
        Firstname => 'givenName',
        Lastname => 'sn',
        Email => 'mail',
    };
    
    # UserSyncLDAPGroups
    # (If "LDAP" was selected for AuthModule, you can specify
    # initial user groups for first login.)
    $Self->{UserSyncLDAPGroups} = [
        'users',
    ];
    
    # UserTable
    $Self->{DatabaseUserTable} = 'system_user';
    $Self->{DatabaseUserTableUserID} = 'id';
    $Self->{DatabaseUserTableUserPW} = 'pw';
    $Self->{DatabaseUserTableUser} = 'login';	

    # ---------------------------------------------------- # 
    # Customer Authentifizirung via LDAP # 
    # ---------------------------------------------------- # 
    $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; 
    $Self->{'Customer::AuthModule::LDAP::Host'} = '192.168.2.191'; 
    $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=yourdomain,dc=de'; 
    $Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = ''; 
    $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'CN=OTRSSearch,CN=Users,DC=yourdomain,DC=de'; 
    $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = '!OTRSSearch!'; 
    $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName'; 
    $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN'; 
    #$Self->{'Customer::AuthModule::LDAP::GroupDN'} = ''; 
 
    # ---------------------------------------------------- # 
    # customer Auth # 
    # ---------------------------------------------------- # 
    # CustomerUser 
    # (customer user ldap backend and settings) 
    $Self->{CustomerUser} = { 
        Module => 'Kernel::System::CustomerUser::LDAP', 
        Params => { 
        # ldap host 
        Host => '192.168.2.191', 
        # ldap base dn 
        BaseDN => 'dc=yourdomain, dc=de', 
        # search scope (one|sub) 
        SSCOPE => 'sub', 
        UserDN => 'OTRSSearch@yourdomain.de', 
        UserPw => '!OTRSSearch!', 
        AlwaysFilter => '', 
        SourceCharset => 'utf-8', 
        DestCharset => 'iso-8859-1', 
    }, 
    # customer uniq id 
    CustomerKey => 'sAMAccountName', 
    # customer # 
    CustomerID => 'mail', 
    CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'], 
    CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'], 
    CustomerUserSearchPrefix => '', 
    CustomerUserSearchSuffix => '*', 
    CustomerUserSearchListLimit => 250, 
    CustomerUserPostMasterSearchFields => ['mail'], 
    CustomerUserNameFields => ['givenname', 'sn'], 
    Map => [ 
        # note: Login, Email and CustomerID needed! 
        # var, frontend, storage, shown, required, storage-type 
        #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ], 
        [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ], 
        [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ], 
        [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ], 
        [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ], 
        [ 'UserCustomerID', 'sAMAccountName', 'mail', 0, 1, 'var' ], 
        [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ], 
        #[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ], 
        #[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ], 
        ], 
    }; 
    
    # ---------------------------------------------------- #
    # database settings                                    #
    # ---------------------------------------------------- #
    # DatabaseHost
    # (The database host.)
    $Self->{'DatabaseHost'} = 'localhost';
    # Database
    # (The database name.)
    $Self->{'Database'} = 'otrs';
    # DatabaseUser
    # (The database user.)
    $Self->{'DatabaseUser'} = 'otrs';
    # DatabasePw
    # (The password of database user. You also can use bin/CryptPassword.pl
    # for crypted passwords.)
    $Self->{'DatabasePw'} = 'hot';
    # DatabaseDSN
    # (The database DSN for MySQL ==> more: "man DBD::mysql")
    $Self->{DatabaseDSN} = "DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost};";

    # (The database DSN for PostgrSQL ==> more: "man DBD::Pg")
    # if you want to use a local socket connection
#    $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};";
    # if you want to use a tcpip connection
#    $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};host=$Self->{DatabaseHost};";

    # ---------------------------------------------------- #
    # fs root directory
    # ---------------------------------------------------- #
    $Self->{Home} = 'C:/OTRS/otrs';

    # **************************************************** #
    # insert your own config settings "here"               #
    # config settings taken from Kernel/Config/Defaults.pm #
    # **************************************************** #
    # $Self->{SessionUseCookie} = 0;
    # $Self->{'CheckMXRecord'} = 1;

    # **************************************************** #

    # ---------------------------------------------------- #
    # data inserted by installer                           #
    # ---------------------------------------------------- #
    # $DIBI$
    $Self->{'SystemID'} = '1';
    $Self->{'SecureMode'} = 1;
    $Self->{'Organization'} = 'Firma';
    $Self->{'LogModule'} = 'Kernel::System::Log::File';
    $Self->{'LogModule::LogFile'} = 'C:/OTRS/otrs/var/log/otrs.log';
    $Self->{'FQDN'} = 'hostname.yourdomain.de';
    $Self->{'DefaultLanguage'} = 'de';
    $Self->{'DefaultCharset'} = 'iso-8859-1';
    $Self->{'AdminEmail'} = 'admin@yourdomain.de';

    # ---------------------------------------------------- #
    # ---------------------------------------------------- #
    #                                                      #
    #           End of your own config options!!!          #
    #                                                      #
    # ---------------------------------------------------- #
    # ---------------------------------------------------- #
}

Die Authentifizierung der Kunden über customer.pl klappt wunderbar, das heisst noch nicht vorhande Kunden aus dem AD werden angelegt. Die Authentifizierung der Agenten klappt leider noch nicht richtig denn wenn ein Agent noch nicht im OTRS vorhanden ist kommt beim Login folgende Fehlermeldung: Panic! No user data!

Frage:Muss bei den Agenten erst der User local angelegt werden oder was ist bei den Agenten anders?

[pitt72]

Soweit mir bekannt ist, muss der Agent erst angelegt werden. Ist bei mir auch so.

Pitt

[zrako02]

Du hast recht. Der Agent muss zuvor angelegt werden dann klappt es wunderbar. Ist ja eigentlich auch logisch sonst könnte ja jeder der die Adresse http://meinedomain/otrs/index.pl und sich im AD befindet sich zum Ticketbearbeiter machen.

[chrim]

Servus,

sollte die Synchronisierung der Agenten nicht genau durch den Eintrag

# UserSyncLDAPMap
# (map if agent should create/synced from LDAP to DB after login)
$Self->{UserSyncLDAPMap} = {
# DB -> LDAP
Firstname => 'givenName',
Lastname => 'sn',
Email => 'mail',
};

passieren?
Mit der Angabe von

# (e. g. user needs to be in a group xyz to use otrs)
$Self->{'AuthModule::LDAP::GroupDN'} = 'cn=otrsallow,ou=posixGroups,dc=example,dc=com';

beschränke ich den Zugriff auf die angegebene Gruppe.

[jojo]

richtig (allerdings heißen die Variablen in neueren OTRS Versionen anders)