need help with agent LDAP Authentication

[Nisha]

Hi,

I am new to OTRS and first time trying to setup LDAP authentication for OTRS. I have added following lines to my config.PM file and

$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';

$Self->{'AuthModule::LDAP::Host'} = 'erpcorp.local';
$Self->{'AuthModule::LDAP::BaseDN'} = 'DC=erpcorp,DC=local';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'otrsservice';
$Self->{'AuthModule::LDAP::SearchUserPw'} = '***********';


$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'erpcorp.local';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'DC=erpcorp,DC=local';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrsservice';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = '*********';

After restarting apache server when I login to OTRS I get invalid login messahe and I see following error message in apache log file:

[Thu Dec 22 13:44:17 2011] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Dec 22 13:44:18 2011] [notice] Digest: generating secret for digest authentication ...
[Thu Dec 22 13:44:18 2011] [notice] Digest: done
[Thu Dec 22 13:44:18 2011] [notice] Apache/2.2.3 (CentOS) configured -- resuming normal operations
[Thu Dec 22 13:45:28 2011] -e: Use of uninitialized value in concatenation (.) or string at /opt/otrs//Kernel/System/Log.pm line 161, <DATA> line 522.
ERROR: OTRS-CGI-10 Perl: 5.8.8 OS: linux Time: Thu Dec 22 13:45:28 2011

Message: First bind failed! 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vecel: 5.8.8 OS: linux Time: Thu Dec 22 13:45:28 2011

Message: No UserID found for 'sgangrade'!

Traceback (15605):
Module: Kernel::System::User::UserLookup (v1.114.2.2) Line: 746
Module: Kernel::System::Auth::Auth (v1.50.2.1) Line: 225
Module: Kernel::System::Web::InterfaceAgent::Run (v1.58.2.1) Line: 201
Module: ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_index_2epl::handler (unknown version) Line: 46
Module: (eval) (v1.89.2.1) Line: 204
Module: ModPerl::RegistryCooker::run (v1.89.2.1) Line: 204
Module: ModPerl::RegistryCooker::default_handler (v1.89.2.1) Line: 170
Module: ModPerl::Registry::handler (v1.99) Line: 31

[Thu Dec 22 13:45:35 2011] -e: Use of uninitialized value in concatenation (.) or string at /opt/otrs//Kernel/System/Log.pm line 161, <DATA> line 522.
ERROR: OTRS-CGI-10 Perl: 5.8.8 OS: linux Time: Thu Dec 22 13:45:35 2011

Message: First bind failed! 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db0el::System::Web::InterfaceAgent::Run (v1.58.2.1) Line: 201
Module: ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_index_2epl::handler (unknown version) Line: 46
Module: (eval) (v1.89.2.1) Line: 204
Module: ModPerl::RegistryCooker::run (v1.89.2.1) Line: 204
Module: ModPerl::RegistryCooker::default_handler (v1.89.2.1) Line: 170
Module: ModPerl::Registry::handler (v1.99) Line: 31

[Thu Dec 22 13:45:49 2011] -e: Use of uninitialized value in concatenation (.) or string at /opt/otrs//Kernel/System/Log.pm line 161, <DATA> line 522.
ERROR: OTRS-CGI-10 Perl: 5.8.8 OS: linux Time: Thu Dec 22 13:45:49 2011

Message: First bind failed! 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db0ne: 204
Module: ModPerl::RegistryCooker::default_handler (v1.89.2.1) Line: 170
Module: ModPerl::Registry::handler (v1.99) Line: 31



Please let me know how can I resolve this issue.

Thanks

[ipguy]

Check yours against mine:

Code: Select all

        $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
        $Self->{'AuthModule::LDAP::Host'} = 'ad.company.net';
        $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=company,dc=net';
        $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
        $Self->{'AuthModule::LDAP::GroupDN'} = 'cn=otrsallow,ou=Applications,dc=company,dc=net';
        $Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
        $Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=otrsservice,OU=Applications,DC=company,DC=net';
        $Self->{'AuthModule::LDAP::SearchUserPw'} = '........';
        $Self->{'AuthModule::LDAP::AlwaysFilter'} = '';
        $Self->{'AuthModule::LDAP::Params'} = {
            port => 389,
            timeout => 120,
            async => 0,
            version => 3,
};

        $Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
        $Self->{'AuthSyncModule::LDAP::Host'} = 'ldap://ad.company.net/';
        $Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=company,dc=net';
        $Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
        $Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'CN=otrsservice,ou=Applications,dc=company,dc=net';
        $Self->{'AuthSyncModule::LDAP::SearchUserPw'} = '........';
        $Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
            UserFirstname => 'givenName',
            UserLastname  => 'sn',
            UserEmail     => 'mail',
};

        $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = ['users', ];

[Nisha]

Hi,

I made changes to my Config.pm and still getting the error message.

My Config.pm:
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'erpcorp.local';
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=erpcorp,dc=local';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=LDAP Service,OU=Service Accounts,OU=All Users and Computers,DC=erpcorp,DC=local';
$Self->{'AuthModule::LDAP::SearchUserPw'} = '********';
$Self->{'AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};

$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = 'erpcorp.local';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=erpcorp,dc=com';
$Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'CN=LDAP Service,OU=Service Accounts,OU=All Users and Computers,DC=erpcorp,DC=local';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = '*********';
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};

and the error message i am getting is:

[Tue Dec 27 10:42:22 2011] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Dec 27 10:42:23 2011] [notice] Digest: generating secret for digest authentication ...
[Tue Dec 27 10:42:23 2011] [notice] Digest: done
[Tue Dec 27 10:42:23 2011] [notice] Apache/2.2.3 (CentOS) configured -- resuming normal operations
[Tue Dec 27 10:43:07 2011] -e: Use of uninitialized value in concatenation (.) or string at /opt/otrs//Kernel/System/Log.pm line 161, <DATA> line 522.
ERROR: OTRS-CGI-10 Perl: 5.8.8 OS: linux Time: Tue Dec 27 10:43:07 2011

Message: First bind failed! 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece0
Module: ModPerl::Registry::handler (v1.99) Line: 31

[Tue Dec 27 10:43:18 2011] -e: Use of uninitialized value in concatenation (.) or string at /opt/otrs//Kernel/System/Log.pm line 161, <DATA> line 522.
ERROR: OTRS-CGI-10 Perl: 5.8.8 OS: linux Time: Tue Dec 27 10:43:18 2011

Message: First bind failed! 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece


I have checked with our AD Admin and password is correct.

Thanks

[ipguy]

Use http://directory.apache.org/studio/ to confirm all LDAP paths

[andersonserra]

hey guy,

do u use AD or openLDAP??

follow for openLDAP

#################### LDAP configuration##########################


# This is an example configuration for an LDAP auth. backend.
# (take care that Net::LDAP is installed!)
$Self->{AuthModule1} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host1'} = 'ldap://your_openLDAP_server';
$Self->{'AuthModule::LDAP::BaseDN1'} = 'dc=example,dc=com';
$Self->{'AuthModule::LDAP::UID1'} = 'cn';

# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group xyz to use otrs)
$Self->{'AuthModule::LDAP::GroupDN1'} = 'cn=otrs_agents,ou=otrs,ou=services,dc=example,dc=com';
$Self->{'AuthModule::LDAP::AccessAttr1'} = '';
# for ldap posixGroups objectclass (just uid)
$Self->{'AuthModule::LDAP::UserAttr1'} = 'uidNumber';
# for non ldap posixGroups objectclass (with full user dn)
# $Self->{'AuthModule::LDAP::UserAttr1'} = 'DN';

# The following is valid but would only be necessary if the
# anonymous user do NOT have permission to read from the LDAP tree
$Self->{'AuthModule::LDAP::SearchUserDN1'} = 'cn=admin,dc=example,dc=com';
$Self->{'AuthModule::LDAP::SearchUserPw1'} = 'your_code_cn_admin_ldap';

# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
# $Self->{'AuthModule::LDAP::AlwaysFilter'} = '';

# in case you want to add a suffix to each login name, then
# you can use this option. e. g. user just want to use user but
# in your ldap directory exists user@domain.
# $Self->{'AuthModule::LDAP::UserSuffix'} = '@domain.com';

# In case you want to convert all given usernames to lower letters you
# should activate this option. It might be helpfull if databases are
# in use that do not distinguish selects for upper and lower case letters
# (Oracle, postgresql). User might be synched twice, if this option
# is not in use.
# $Self->{'AuthModule::LDAP::UserLowerCase'} = 0;

# In case you need to use OTRS in iso-charset, you can define this
# by using this option (converts utf-8 data from LDAP to iso).
# $Self->{'AuthModule::LDAP::Charset'} = 'iso-8859-1';

# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'AuthModule::LDAP::Params1'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};

# Die if backend can't work, e. g. can't connect to server.
# $Self->{'AuthModule::LDAP::Die'} = 1;

# This is an example configuration for an apache ($ENV{REMOTE_USER})
# auth. backend. Use it if you want to have a singe login through
# apache http-basic-auth.
# $Self->{AuthModule} = 'Kernel::System::Auth::HTTPBasicAuth';
# In case there is a leading domain in the REMOTE_USER, you can
# replace it by the next config option.
# $Self->{'AuthModule::HTTPBasicAuth::Replace'} = 'example_domain\\';
# In case you need to replace some part of the REMOTE_USER, you can
# use the following RegExp ($1 will be new login).
# $Self->{'AuthModule::HTTPBasicAuth::ReplaceRegExp'} = '^(.+?)@.+?$';
# Note:
# If you use this module, you should use as fallback the following
# config settings if user isn't login through apache ($ENV{REMOTE_USER}).
# $Self->{LoginURL} = 'http://host.example.com/not-authorised-for-otrs.html';
# $Self->{LogoutURL} = 'http://host.example.com/thanks-for-using-otrs.html';

# This is example configuration to auth. agents against a radius server.
# $Self->{'AuthModule'} = 'Kernel::System::Auth::Radius';
# $Self->{'AuthModule::Radius::Host'} = 'radiushost';
# $Self->{'AuthModule::Radius::Password'} = 'radiussecret';

# Die if backend can't work, e. g. can't connect to server.
# $Self->{'AuthModule::Radius::Die'} = 1;

# --------------------------------------------------- #
# authentication sync settings #
# (enable agent data sync. after succsessful #
# authentication) #
# --------------------------------------------------- #
# This is an example configuration for an LDAP auth sync. backend.
# (take care that Net::LDAP is installed!)
$Self->{AuthSyncModule1} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host1'} = 'ldap://your_openLDAP_server';
$Self->{'AuthSyncModule::LDAP::BaseDN1'} = 'dc=example,dc=com';
$Self->{'AuthSyncModule::LDAP::UID1'} = 'cn';

# The following is valid but would only be necessary if the
# anonymous user do NOT have permission to read from the LDAP tree
$Self->{'AuthSyncModule::LDAP::SearchUserDN1'} = 'cn=admin,dc=example,dc=com';
$Self->{'AuthSyncModule::LDAP::SearchUserPw1'} = 'your_code_cn_admin_ldap';

# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
# $Self->{'AuthSyncModule::LDAP::AlwaysFilter'} = '';

# AuthSyncModule::LDAP::UserSyncMap
# (map if agent should create/synced from LDAP to DB after successful login)
$Self->{'AuthSyncModule::LDAP::UserSyncMap1'} = {
# # DB -> LDAP
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};

# In case you need to use OTRS in iso-charset, you can define this
# by using this option (converts utf-8 data from LDAP to iso).
$Self->{'AuthSyncModule::LDAP::Charset1'} = 'iso-8859-1';

# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'AuthSyncModule::LDAP::Params1'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};

# Die if backend can't work, e. g. can't connect to server.
# $Self->{'AuthSyncModule::LDAP::Die'} = 1;

# Attributes needed for group syncs
# (attribute name for group value key)
# $Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'memberUid';
# (attribute for type of group content UID/DN for full ldap name)
# $Self->{'AuthSyncModule::LDAP::UserAttr'} = 'uid';
# $Self->{'AuthSyncModule::LDAP::UserAttr'} = 'dn';

# AuthSyncModule::LDAP::UserSyncInitialGroups
# (sync following group with rw permission after initial create of first agent
# login)
# $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
# 'users',
# ];

# AuthSyncModule::LDAP::UserSyncGroupsDefinition
# (If "LDAP" was selected for AuthModule and you want to sync LDAP
# groups to otrs groups, define the following.)
# $Self->{'AuthSyncModule::LDAP::UserSyncGroupsDefinition'} = {
# # ldap group
# 'cn=agent,o=otrs' => {
# # otrs group
# 'admin' => {
# permission
# rw => 1,
# ro => 1,
# },
# 'faq' => {
# rw => 0,
# ro => 1,
# },
# },
# 'cn=agent2,o=otrs' => {
# 'users' => {
# rw => 1,
# ro => 1,
# },
# }
# };
# AuthSyncModule::LDAP::UserSyncRolesDefinition
# (If "LDAP" was selected for AuthModule and you want to sync LDAP
# groups to otrs roles, define the following.)
# $Self->{'AuthSyncModule::LDAP::UserSyncRolesDefinition'} = {
# # ldap group
# 'cn=agent,o=otrs' => {
# # otrs role
# 'role1' => 1,
# 'role2' => 0,
# },
# 'cn=agent2,o=otrs' => {
# 'role3' => 1,
# }
# };

# AuthSyncModule::LDAP::UserSyncAttributeGroupsDefinition
# (If "LDAP" was selected for AuthModule and you want to sync LDAP
# attributes to otrs groups, define the following.)
# $Self->{'AuthSyncModule::LDAP::UserSyncAttributeGroupsDefinition'} = {
# # ldap attribute
# 'LDAPAttribute' => {
# # ldap attribute value
# 'LDAPAttributeValue1' => {
# # otrs group
# 'admin' => {
# # permission
# rw => 1,
# ro => 1,
# },
# 'faq' => {
# rw => 0,
# ro => 1,
# },
# },
# },
# 'LDAPAttribute2' => {
# 'LDAPAttributeValue' => {
# 'users' => {
# rw => 1,
# ro => 1,
# },
# },
# }
# };

# AuthSyncModule::LDAP::UserSyncAttributeRolesDefinition
# (If "LDAP" was selected for AuthModule and you want to sync LDAP
# attributes to otrs roles, define the following.)
# $Self->{'AuthSyncModule::LDAP::UserSyncAttributeRolesDefinition'} = {
# # ldap attribute
# 'LDAPAttribute' => {
# # ldap attribute value
# 'LDAPAttributeValue1' => {
# # otrs role
# 'role1' => 1,
# 'role2' => 1,
# },
# },
# 'LDAPAttribute2' => {
# 'LDAPAttributeValue1' => {
# 'role3' => 1,
# },
# },
# };



##################################################################

[andersonserra]

hey guy,

do u use AD or openLDAP??

follow for openLDAP

#################### LDAP configuration##########################


# This is an example configuration for an LDAP auth. backend.
# (take care that Net::LDAP is installed!)
$Self->{AuthModule1} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host1'} = 'ldap://your_openLDAP_server';
$Self->{'AuthModule::LDAP::BaseDN1'} = 'dc=example,dc=com';
$Self->{'AuthModule::LDAP::UID1'} = 'cn';

# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group xyz to use otrs)
$Self->{'AuthModule::LDAP::GroupDN1'} = 'cn=otrs_agents,ou=otrs,ou=services,dc=example,dc=com';
$Self->{'AuthModule::LDAP::AccessAttr1'} = '';
# for ldap posixGroups objectclass (just uid)
$Self->{'AuthModule::LDAP::UserAttr1'} = 'uidNumber';
# for non ldap posixGroups objectclass (with full user dn)
# $Self->{'AuthModule::LDAP::UserAttr1'} = 'DN';

# The following is valid but would only be necessary if the
# anonymous user do NOT have permission to read from the LDAP tree
$Self->{'AuthModule::LDAP::SearchUserDN1'} = 'cn=admin,dc=example,dc=com';
$Self->{'AuthModule::LDAP::SearchUserPw1'} = 'your_code_cn_admin_ldap';

# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
# $Self->{'AuthModule::LDAP::AlwaysFilter'} = '';

# in case you want to add a suffix to each login name, then
# you can use this option. e. g. user just want to use user but
# in your ldap directory exists user@domain.
# $Self->{'AuthModule::LDAP::UserSuffix'} = '@domain.com';

# In case you want to convert all given usernames to lower letters you
# should activate this option. It might be helpfull if databases are
# in use that do not distinguish selects for upper and lower case letters
# (Oracle, postgresql). User might be synched twice, if this option
# is not in use.
# $Self->{'AuthModule::LDAP::UserLowerCase'} = 0;

# In case you need to use OTRS in iso-charset, you can define this
# by using this option (converts utf-8 data from LDAP to iso).
# $Self->{'AuthModule::LDAP::Charset'} = 'iso-8859-1';

# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'AuthModule::LDAP::Params1'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};

# Die if backend can't work, e. g. can't connect to server.
# $Self->{'AuthModule::LDAP::Die'} = 1;

# This is an example configuration for an apache ($ENV{REMOTE_USER})
# auth. backend. Use it if you want to have a singe login through
# apache http-basic-auth.
# $Self->{AuthModule} = 'Kernel::System::Auth::HTTPBasicAuth';
# In case there is a leading domain in the REMOTE_USER, you can
# replace it by the next config option.
# $Self->{'AuthModule::HTTPBasicAuth::Replace'} = 'example_domain\\';
# In case you need to replace some part of the REMOTE_USER, you can
# use the following RegExp ($1 will be new login).
# $Self->{'AuthModule::HTTPBasicAuth::ReplaceRegExp'} = '^(.+?)@.+?$';
# Note:
# If you use this module, you should use as fallback the following
# config settings if user isn't login through apache ($ENV{REMOTE_USER}).
# $Self->{LoginURL} = 'http://host.example.com/not-authorised-for-otrs.html';
# $Self->{LogoutURL} = 'http://host.example.com/thanks-for-using-otrs.html';

# This is example configuration to auth. agents against a radius server.
# $Self->{'AuthModule'} = 'Kernel::System::Auth::Radius';
# $Self->{'AuthModule::Radius::Host'} = 'radiushost';
# $Self->{'AuthModule::Radius::Password'} = 'radiussecret';

# Die if backend can't work, e. g. can't connect to server.
# $Self->{'AuthModule::Radius::Die'} = 1;

# --------------------------------------------------- #
# authentication sync settings #
# (enable agent data sync. after succsessful #
# authentication) #
# --------------------------------------------------- #
# This is an example configuration for an LDAP auth sync. backend.
# (take care that Net::LDAP is installed!)
$Self->{AuthSyncModule1} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host1'} = 'ldap://your_openLDAP_server';
$Self->{'AuthSyncModule::LDAP::BaseDN1'} = 'dc=example,dc=com';
$Self->{'AuthSyncModule::LDAP::UID1'} = 'cn';

# The following is valid but would only be necessary if the
# anonymous user do NOT have permission to read from the LDAP tree
$Self->{'AuthSyncModule::LDAP::SearchUserDN1'} = 'cn=admin,dc=example,dc=com';
$Self->{'AuthSyncModule::LDAP::SearchUserPw1'} = 'your_code_cn_admin_ldap';

# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
# $Self->{'AuthSyncModule::LDAP::AlwaysFilter'} = '';

# AuthSyncModule::LDAP::UserSyncMap
# (map if agent should create/synced from LDAP to DB after successful login)
$Self->{'AuthSyncModule::LDAP::UserSyncMap1'} = {
# # DB -> LDAP
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};

# In case you need to use OTRS in iso-charset, you can define this
# by using this option (converts utf-8 data from LDAP to iso).
$Self->{'AuthSyncModule::LDAP::Charset1'} = 'iso-8859-1';

# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'AuthSyncModule::LDAP::Params1'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};

# Die if backend can't work, e. g. can't connect to server.
# $Self->{'AuthSyncModule::LDAP::Die'} = 1;

# Attributes needed for group syncs
# (attribute name for group value key)
# $Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'memberUid';
# (attribute for type of group content UID/DN for full ldap name)
# $Self->{'AuthSyncModule::LDAP::UserAttr'} = 'uid';
# $Self->{'AuthSyncModule::LDAP::UserAttr'} = 'dn';

# AuthSyncModule::LDAP::UserSyncInitialGroups
# (sync following group with rw permission after initial create of first agent
# login)
# $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
# 'users',
# ];

# AuthSyncModule::LDAP::UserSyncGroupsDefinition
# (If "LDAP" was selected for AuthModule and you want to sync LDAP
# groups to otrs groups, define the following.)
# $Self->{'AuthSyncModule::LDAP::UserSyncGroupsDefinition'} = {
# # ldap group
# 'cn=agent,o=otrs' => {
# # otrs group
# 'admin' => {
# permission
# rw => 1,
# ro => 1,
# },
# 'faq' => {
# rw => 0,
# ro => 1,
# },
# },
# 'cn=agent2,o=otrs' => {
# 'users' => {
# rw => 1,
# ro => 1,
# },
# }
# };
# AuthSyncModule::LDAP::UserSyncRolesDefinition
# (If "LDAP" was selected for AuthModule and you want to sync LDAP
# groups to otrs roles, define the following.)
# $Self->{'AuthSyncModule::LDAP::UserSyncRolesDefinition'} = {
# # ldap group
# 'cn=agent,o=otrs' => {
# # otrs role
# 'role1' => 1,
# 'role2' => 0,
# },
# 'cn=agent2,o=otrs' => {
# 'role3' => 1,
# }
# };

# AuthSyncModule::LDAP::UserSyncAttributeGroupsDefinition
# (If "LDAP" was selected for AuthModule and you want to sync LDAP
# attributes to otrs groups, define the following.)
# $Self->{'AuthSyncModule::LDAP::UserSyncAttributeGroupsDefinition'} = {
# # ldap attribute
# 'LDAPAttribute' => {
# # ldap attribute value
# 'LDAPAttributeValue1' => {
# # otrs group
# 'admin' => {
# # permission
# rw => 1,
# ro => 1,
# },
# 'faq' => {
# rw => 0,
# ro => 1,
# },
# },
# },
# 'LDAPAttribute2' => {
# 'LDAPAttributeValue' => {
# 'users' => {
# rw => 1,
# ro => 1,
# },
# },
# }
# };

# AuthSyncModule::LDAP::UserSyncAttributeRolesDefinition
# (If "LDAP" was selected for AuthModule and you want to sync LDAP
# attributes to otrs roles, define the following.)
# $Self->{'AuthSyncModule::LDAP::UserSyncAttributeRolesDefinition'} = {
# # ldap attribute
# 'LDAPAttribute' => {
# # ldap attribute value
# 'LDAPAttributeValue1' => {
# # otrs role
# 'role1' => 1,
# 'role2' => 1,
# },
# },
# 'LDAPAttribute2' => {
# 'LDAPAttributeValue1' => {
# 'role3' => 1,
# },
# },
# };



##################################################################