Help with connecting OTRS 3 to Active Directory (ldap)

[spiderpig]

Hi ,

im trying to connect otrs to Active Directory , i have read the OTRS 3 Admin manual but i can't get it to work , can you guys help me ?
and one another thing , i want users and agent to automatically log in to OTRS.
here is my config.pm

--------

# --
# Kernel/Config.pm - Config file for OTRS kernel
# Copyright (C) 2001-2010 xxx, http://otrs.org/
# --
# $Id: Config.pm.dist,v 1.23 2010/01/13 22:25:00 martin Exp $
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (AGPL). If you
# did not receive this file, see http://www.gnu.org/licenses/agpl.txt.
# --
# Note:
#
# -->> OTRS does have a lot of config settings. For more settings
# (Notifications, Ticket::ViewAccelerator, Ticket::NumberGenerator,
# LDAP, PostMaster, Session, Preferences, ...) see
# Kernel/Config/Defaults.pm and copy your wanted lines into "this"
# config file. This file will not be changed on update!
#
# --

package Kernel::Config;

sub Load {
my $Self = shift;
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# #
# Start of your own config options!!! #
# #
# ---------------------------------------------------- #
# ---------------------------------------------------- #

# ---------------------------------------------------- #
# fs root directory
# ---------------------------------------------------- #
$Self->{Home} = 'C:/PROGRA~2/OTRS/OTRS';

# ---------------------------------------------------- #
# insert your own config settings "here" #
# config settings taken from Kernel/Config/Defaults.pm #
# ---------------------------------------------------- #

# ---------------------------------------------------- #
# LDAP Integration for mydomain.local #
# ---------------------------------------------------- #

# Enable LDAP lookups for Agent logins. User must be a member of OTRS Agents group.
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'dc01.mydomain.local';
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=mydomain,dc=local';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=OTRSSEARCH,CN=Users,DC=mydomain,DC=local';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'password';
$Self->{'AuthModule::LDAP::AlwaysFilter'} = '(objectclass=user)';
$Self->{'AuthModule::LDAP::GroupDN'} = 'cn=OTRS Agents,cn=Users,dc=mydomain,dc=local';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'memberUid';
$Self->{'AuthModule::LDAP::UserAttr'} = 'UID';

# Enable LDAP lookups of Agent account informations and default roles.
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = 'dc01.mydomain.local';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=mydomain,dc=local';
$Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'CN=OTRSSEARCH,CN=Users,DC=mydomain,DC=local';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'password';
$Self->{'AuthSyncModule::LDAP::AlwaysFilter'} = '(objectclass=user)';
$Self->{'AuthSyncModule::LDAP::GroupDN'} = 'cn=OTRS Agents,cn=Users,dc=mydomain,dc=local';
$Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'memberUid';
$Self->{'AuthSyncModule::LDAP::UserAttr'} = 'UID';
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
$Self->{'AuthSyncModule::LDAP::UserSyncRolesDefinition'} = {
'cn=OTRS Agents,cn=Users,dc=mydomain,dc=local' => {
'Company Agents' => 1,
},
'cn=OTRS Agents,cn=Users,dc=mydomain,dc=local' => {
'Tech Support Agents' => 1,
}
};


# Enable LDAP lookups for Customer logins.
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'dc01.mydomain.local';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=mydomain,dc=local';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'CN=OTRSSEARCH,CN=Users,DC=mydomain,DC=local';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'password';
$Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '(objectclass=user)';
$Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'cn=OTRS Agents,cn=Users,dc=mydomain,dc=local';
# $Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'cn=OTRS Agents,cn=Users,dc=mydomain,dc=local';
$Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'memberUid';
$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID';

# Enable LDAP lookups for Customer account information.
$Self->{CustomerUser} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'dc01.mydomain.local',
BaseDN => 'dc=mydomain,dc=local',
SSCOPE => 'sub',
UserDN => 'CN=OTRSSEARCH,CN=Users,DC=mydomain,DC=local',
UserPw => 'password',
AlwaysFilter => '(objectclass=user)',
GroupDN => 'cn=OTRS Agents,cn=Users,dc=mydomain,dc=local',
# GroupDN => 'cn=OTRS Agents,cn=Users,dc=mydomain,dc=local',
AccessAttr => 'memberUid',
UserAttr => 'UID',
},
CustomerKey => 'sAMAccountName',
CustomerID => '[customer_id]',
CustomerUserListFields => ['sAMAccountName', 'sn', 'givenname', 'company', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'sn', 'givenname', 'company', 'mail'],
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
CustomerUserValidFilter => '(company=*)',
Map => [
[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'company', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};

# ---------------------------------------------------- #
# database settings #
# ---------------------------------------------------- #
# DatabaseHost
# (The database host.)
$Self->{'DatabaseHost'} = 'localhost';
# Database
# (The database name.)
$Self->{'Database'} = 'otrs';
# DatabaseUser
# (The database user.)
$Self->{'DatabaseUser'} = 'otrs';
# DatabasePw
# (The password of database user. You also can use bin/otrs.CryptPassword.pl
# for crypted passwords.)
$Self->{'DatabasePw'} = 'password';
# DatabaseDSN
# (The database DSN for MySQL ==> more: "man DBD::mysql")
$Self->{DatabaseDSN} = "DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost};";

# (The database DSN for PostgreSQL ==> more: "man DBD::Pg")
# if you want to use a local socket connection
# $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};";
# if you want to use a tcpip connection
# $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};host=$Self->{DatabaseHost};";



# $Self->{SessionUseCookie} = 0;
# $Self->{CheckMXRecord} = 0;

# ---------------------------------------------------- #

# ---------------------------------------------------- #
# data inserted by installer #
# ---------------------------------------------------- #

$Self->{LogModule} = 'Kernel::System::Log::File';
$Self->{LogModule::LogFile} = 'C:/PROGRA~2/OTRS/OTRS/var/log/otrs.log';
# $DIBI$
$Self->{'DefaultCharset'} = 'utf-8';


# ---------------------------------------------------- #
# ---------------------------------------------------- #
# #
# End of your own config options!!! #
# #
# ---------------------------------------------------- #
# ---------------------------------------------------- #
}

# ---------------------------------------------------- #
# needed system stuff (don't edit this) #
# ---------------------------------------------------- #
use strict;
use warnings;

use vars qw(@ISA $VERSION);
$VERSION = qw($Revision: 1.23 $)[1];

use Kernel::Config::Defaults;
push (@ISA, 'Kernel::Config::Defaults');

# -----------------------------------------------------#

1;

[spiderpig]

when i type in user and pass , i get this error in otrs.log
[Sun Dec 18 13:45:52 2011][Notice][Kernel::System::Auth::LDAP::Auth] User:user authentication failed, no LDAP group entry foundGroupDN='cn=OTRS Agents,cn=Users,dc=mydomain,dc=local', Filter='(memberUid=user)'! (REMOTE_ADDR: 192.x.x.x).

[jojo]

on AD try:

$Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthSyncModule::LDAP::UserAttr'} = 'DN';

or if this is not working:

$Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'memberof';
$Self->{'AuthSyncModule::LDAP::UserAttr'} = 'DN';

[spiderpig]

Hi jojo,

thanx for the reply , i changed these two lines and that didn't work

[jojo]

is the user member of the group?

[spiderpig]

hi , yes user is in the group
i changed all the memberUid to member and all the uid to DN , then i could login with Active Directory credentials as a Agent , but not Customer.
so there are some progress but when i click customers , i get an error page. And when i try to (Agent)log another user in a.d. in i get the "panic error".

[jojo]

For Agents you need to sync the data to the local database or create the user manually first.

For customer the user needs to be in a customer dtatabase, so'll need an Auth and a data config

[ruppertrusso]

# ---------------------------------------------------- #
# Vlad&Marcus Forum 20111221
# Enable LDAP authentication for Customers
# http://trinityhome.org/Home/index.php?c ... &locale=en
# ----------------------------------------------------

# ---!! INFO
# dmctrl87 = domain controler bzw. server
# myhome = domain prefix
# local = domain sufix
#
# otrs_ldap = user, which allows the access on LDAP over windwos authetification in cn=builtin
# >>PW:otrs01
# otrs_allow_A = user group with AGENT user, in cn=user
# otrs_allow_U = user group with USERS/Customers user, in cn=user



# This is an example configuration for using an MS AD backend
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'dmctrl87.myhome.local';
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=myhome,dc=local';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';

# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group OTRS_Agents to use otrs)
$Self->{'AuthModule::LDAP::GroupDN'} = 'cn=otrs_allow_A,cn=users,dc=myhome,dc=local';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';

# Bind credentials to log into AD
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'cn=otrs_ldap,cn=users,dc=myhome,dc=local';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'otrs01';

# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
# $Self->{'AuthModule::LDAP::AlwaysFilter'} = '';

# in case you want to add a suffix to each login name, then
# you can use this option. e. g. user just want to use user but
# in your ldap directory exists user@domain.
#$Self->{'AuthModule::LDAP::UserSuffix'} = '';

# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};

# Now sync data with OTRS DB
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = 'myhome.local';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=myhome,dc=local';
$Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'cn=otrs_ldap,cn=users,dc=myhome,dc=local';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'otrs01';

$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
# DB -> LDAP
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};

# AuthSyncModule::LDAP::UserSyncInitialGroups
# (sync following group with rw permission after initial create of first agent
# login)
$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
'users',
];



#CustomerUser
#(customer user database backend and settings)
$Self->{CustomerUser} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'dmctrl87.myhome.local',
BaseDN => 'ou=kassen,dc=myhome,dc=local',
SSCOPE => 'sub',
UserDN =>'cn=otrs_ldap,cn=users,dc=myhome,dc=local',
UserPw => 'otrs01',
},
# customer unique id
CustomerKey => 'name',
# customer #
CustomerID => 'name',
CustomerUserListFields => ['name', 'mail'],
CustomerUserSearchFields => ['name', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
#[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'description', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'name', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail' , 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
#[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
#[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
#risk vlad
UserEmail=>'support@companyname.de',
};

#Add the following lines when only users are allowed to login if they reside in the spicified security group
#Remove these lines if you want to provide login to all users specified in the User Base DN
#example: $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=BaseOU, dc=example, dc=com';
# $Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'CN=otrs_allow_C,cn=users,dc=myhome,dc=local';
# $Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
# $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN'


# ---------------------------------------------------- #
# End of Windows LDAP #
# ---------------------------------------------------- #

[andersonserra]

hey guy,

do u use AD or openLDAP??

follow for openLDAP

#################### LDAP configuration##########################


# This is an example configuration for an LDAP auth. backend.
# (take care that Net::LDAP is installed!)
$Self->{AuthModule1} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host1'} = 'ldap://your_openLDAP_server';
$Self->{'AuthModule::LDAP::BaseDN1'} = 'dc=example,dc=com';
$Self->{'AuthModule::LDAP::UID1'} = 'cn';

# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group xyz to use otrs)
$Self->{'AuthModule::LDAP::GroupDN1'} = 'cn=otrs_agents,ou=otrs,ou=services,dc=example,dc=com';
$Self->{'AuthModule::LDAP::AccessAttr1'} = '';
# for ldap posixGroups objectclass (just uid)
$Self->{'AuthModule::LDAP::UserAttr1'} = 'uidNumber';
# for non ldap posixGroups objectclass (with full user dn)
# $Self->{'AuthModule::LDAP::UserAttr1'} = 'DN';

# The following is valid but would only be necessary if the
# anonymous user do NOT have permission to read from the LDAP tree
$Self->{'AuthModule::LDAP::SearchUserDN1'} = 'cn=admin,dc=example,dc=com';
$Self->{'AuthModule::LDAP::SearchUserPw1'} = 'your_code_cn_admin_ldap';

# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
# $Self->{'AuthModule::LDAP::AlwaysFilter'} = '';

# in case you want to add a suffix to each login name, then
# you can use this option. e. g. user just want to use user but
# in your ldap directory exists user@domain.
# $Self->{'AuthModule::LDAP::UserSuffix'} = '@domain.com';

# In case you want to convert all given usernames to lower letters you
# should activate this option. It might be helpfull if databases are
# in use that do not distinguish selects for upper and lower case letters
# (Oracle, postgresql). User might be synched twice, if this option
# is not in use.
# $Self->{'AuthModule::LDAP::UserLowerCase'} = 0;

# In case you need to use OTRS in iso-charset, you can define this
# by using this option (converts utf-8 data from LDAP to iso).
# $Self->{'AuthModule::LDAP::Charset'} = 'iso-8859-1';

# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'AuthModule::LDAP::Params1'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};

# Die if backend can't work, e. g. can't connect to server.
# $Self->{'AuthModule::LDAP::Die'} = 1;

# This is an example configuration for an apache ($ENV{REMOTE_USER})
# auth. backend. Use it if you want to have a singe login through
# apache http-basic-auth.
# $Self->{AuthModule} = 'Kernel::System::Auth::HTTPBasicAuth';
# In case there is a leading domain in the REMOTE_USER, you can
# replace it by the next config option.
# $Self->{'AuthModule::HTTPBasicAuth::Replace'} = 'example_domain\\';
# In case you need to replace some part of the REMOTE_USER, you can
# use the following RegExp ($1 will be new login).
# $Self->{'AuthModule::HTTPBasicAuth::ReplaceRegExp'} = '^(.+?)@.+?$';
# Note:
# If you use this module, you should use as fallback the following
# config settings if user isn't login through apache ($ENV{REMOTE_USER}).
# $Self->{LoginURL} = 'http://host.example.com/not-authorised-for-otrs.html';
# $Self->{LogoutURL} = 'http://host.example.com/thanks-for-using-otrs.html';

# This is example configuration to auth. agents against a radius server.
# $Self->{'AuthModule'} = 'Kernel::System::Auth::Radius';
# $Self->{'AuthModule::Radius::Host'} = 'radiushost';
# $Self->{'AuthModule::Radius::Password'} = 'radiussecret';

# Die if backend can't work, e. g. can't connect to server.
# $Self->{'AuthModule::Radius::Die'} = 1;

# --------------------------------------------------- #
# authentication sync settings #
# (enable agent data sync. after succsessful #
# authentication) #
# --------------------------------------------------- #
# This is an example configuration for an LDAP auth sync. backend.
# (take care that Net::LDAP is installed!)
$Self->{AuthSyncModule1} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host1'} = 'ldap://your_openLDAP_server';
$Self->{'AuthSyncModule::LDAP::BaseDN1'} = 'dc=example,dc=com';
$Self->{'AuthSyncModule::LDAP::UID1'} = 'cn';

# The following is valid but would only be necessary if the
# anonymous user do NOT have permission to read from the LDAP tree
$Self->{'AuthSyncModule::LDAP::SearchUserDN1'} = 'cn=admin,dc=example,dc=com';
$Self->{'AuthSyncModule::LDAP::SearchUserPw1'} = 'your_code_cn_admin_ldap';

# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
# $Self->{'AuthSyncModule::LDAP::AlwaysFilter'} = '';

# AuthSyncModule::LDAP::UserSyncMap
# (map if agent should create/synced from LDAP to DB after successful login)
$Self->{'AuthSyncModule::LDAP::UserSyncMap1'} = {
# # DB -> LDAP
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};

# In case you need to use OTRS in iso-charset, you can define this
# by using this option (converts utf-8 data from LDAP to iso).
$Self->{'AuthSyncModule::LDAP::Charset1'} = 'iso-8859-1';

# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'AuthSyncModule::LDAP::Params1'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};

# Die if backend can't work, e. g. can't connect to server.
# $Self->{'AuthSyncModule::LDAP::Die'} = 1;

# Attributes needed for group syncs
# (attribute name for group value key)
# $Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'memberUid';
# (attribute for type of group content UID/DN for full ldap name)
# $Self->{'AuthSyncModule::LDAP::UserAttr'} = 'uid';
# $Self->{'AuthSyncModule::LDAP::UserAttr'} = 'dn';

# AuthSyncModule::LDAP::UserSyncInitialGroups
# (sync following group with rw permission after initial create of first agent
# login)
# $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
# 'users',
# ];

# AuthSyncModule::LDAP::UserSyncGroupsDefinition
# (If "LDAP" was selected for AuthModule and you want to sync LDAP
# groups to otrs groups, define the following.)
# $Self->{'AuthSyncModule::LDAP::UserSyncGroupsDefinition'} = {
# # ldap group
# 'cn=agent,o=otrs' => {
# # otrs group
# 'admin' => {
# permission
# rw => 1,
# ro => 1,
# },
# 'faq' => {
# rw => 0,
# ro => 1,
# },
# },
# 'cn=agent2,o=otrs' => {
# 'users' => {
# rw => 1,
# ro => 1,
# },
# }
# };
# AuthSyncModule::LDAP::UserSyncRolesDefinition
# (If "LDAP" was selected for AuthModule and you want to sync LDAP
# groups to otrs roles, define the following.)
# $Self->{'AuthSyncModule::LDAP::UserSyncRolesDefinition'} = {
# # ldap group
# 'cn=agent,o=otrs' => {
# # otrs role
# 'role1' => 1,
# 'role2' => 0,
# },
# 'cn=agent2,o=otrs' => {
# 'role3' => 1,
# }
# };

# AuthSyncModule::LDAP::UserSyncAttributeGroupsDefinition
# (If "LDAP" was selected for AuthModule and you want to sync LDAP
# attributes to otrs groups, define the following.)
# $Self->{'AuthSyncModule::LDAP::UserSyncAttributeGroupsDefinition'} = {
# # ldap attribute
# 'LDAPAttribute' => {
# # ldap attribute value
# 'LDAPAttributeValue1' => {
# # otrs group
# 'admin' => {
# # permission
# rw => 1,
# ro => 1,
# },
# 'faq' => {
# rw => 0,
# ro => 1,
# },
# },
# },
# 'LDAPAttribute2' => {
# 'LDAPAttributeValue' => {
# 'users' => {
# rw => 1,
# ro => 1,
# },
# },
# }
# };

# AuthSyncModule::LDAP::UserSyncAttributeRolesDefinition
# (If "LDAP" was selected for AuthModule and you want to sync LDAP
# attributes to otrs roles, define the following.)
# $Self->{'AuthSyncModule::LDAP::UserSyncAttributeRolesDefinition'} = {
# # ldap attribute
# 'LDAPAttribute' => {
# # ldap attribute value
# 'LDAPAttributeValue1' => {
# # otrs role
# 'role1' => 1,
# 'role2' => 1,
# },
# },
# 'LDAPAttribute2' => {
# 'LDAPAttributeValue1' => {
# 'role3' => 1,
# },
# },
# };



##################################################################

# ---------------------------------------------------- #

# ---------------------------------------------------- #
# data inserted by installer #
# ---------------------------------------------------- #
# $DIBI$

# ---------------------------------------------------- #
# ---------------------------------------------------- #
# #
# End of your own config options!!! #
# #
# ---------------------------------------------------- #
# ---------------------------------------------------- #
}

# ---------------------------------------------------- #
# needed system stuff (don't edit this) #
# ---------------------------------------------------- #
use strict;
use warnings;

use vars qw(@ISA $VERSION);
$VERSION = qw($Revision: 1.23 $)[1];

use Kernel::Config::Defaults;
push (@ISA, 'Kernel::Config::Defaults');

# -----------------------------------------------------#

1;

[spiderpig]

Hi andersonserra,
thanx for the reply, i'm using A.d.

[Martis]

as UID use the "sAMAccountName". It's unique in AD.

Do not connect standard port 368, connect to the active directorys global cataloge port 3268 (or 3269 with SSL encryption).
On standard port, you might not get all user objects. On global catalogue you do.

As BaseDN use just your Domaincontrollers Domain, for example "DC=yourdomain,DC=com"

Using the global catalogue is the best way to make sure, that every object in the active directory is found.