
Maybe someone can help me? setting up a backend for AD (LDAP)
My company DOMAIN is divided into subdomains (DOMAIN.COM-> SUBDOMAIN1.DOMAIN.COM, SUBDOMAIN2.DOMAIN.COM)
Standard Authorization to Win applications is reduced to specifying the user and subdomain (as SUBDOMAIN1\mylogin, SUBDOMAIN2\mylogin)
However, in the AD for the user data is stored only username (sAMAccountName) is a login. If you use the default settings backend for OTRS, it acts as a login just sAMAccountName. This option does not meet the requirements because sAMAccountName is unique only within the subdomain.
To solve the problem in the LDAP was added field 'uid'. To all users in this field we place identifer like SubDomainName\sAMAccountName (users have become accustomed to this kind of authorization). The user is authenticated in the system all right, but the backend sync does not work!
Auth Message
Code: Select all
"Authentication succeeded, but no customer record is found in the customer backend. Please contact your administrator."
Code: Select all
[Notice][Kernel::System::CustomerAuth::LDAP::Auth] CustomerUser: subdomain\test (CN=Test T Test ,OU=TT,OU=CC,DC=domain,DC=com) authentication ok (REMOTE_ADDR: 127.0.0.1).
[Error][Kernel::System::CustomerUser::SetPreferences][493] No such user 'subdomain\test'!
My config.pm sync section
Code: Select all
$Self->{CustomerUser} = {
Name => 'LDAP Source',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'ad.domain.com',
BaseDN => 'DC=domain, DC=com',
SSCOPE => 'sub',
UserDN => 'CN=Ldap,CN=Users,DC=domain,DC=com',
UserPw => '***',
AlwaysFilter => '(objectclass=user)',
SourceCharset => 'utf-8',
DestCharset => 'utf-8',
Params => {
port => 389,
timeout => 120,
async => 0,
version => 3,
},
},
CustomerKey => 'uid',
CustomerID => 'userPrincipalName',
CustomerUserListFields => ['uid', 'cn', 'userPrincipalName'],
CustomerUserSearchFields => ['uid', 'cn', 'userPrincipalName'],
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
[ 'UserFirstname' , 'Firstname' , 'givenname', 1, 1, 'var' ],
[ 'UserLastname' , 'Lastname' , 'sn' , 1, 1, 'var' ],
[ 'UserLogin' , 'Login' , 'uid' , 1, 1, 'var' ],
[ 'UserEmail' , 'Email' , 'mail' , 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'uid' , 0, 1, 'var' ],
],
};