OTRS LDAP capability

[bermelian]

Some OTRS LDAP features that I wish to verify :

• Can it use LDAP groups for permissions?
• Do nested groups work?
• Does it work with both Security and Distribution groups?
• What user info is populated in the software, and is it dynamically updated?
• What happens when a user is disabled or deleted from LDAP?
• What happens with duplicate account names in the software?
• Can it authenticate against multiple domains?

I need to confirm if all the functionalities we require would be met as it will be (OTRS) the backbone of our Service Management infrastructure .

[crythias]

Can it use LDAP groups for permissions?

There's a capability to do that for Agents
viewtopic.php?f=60&t=16543

Do nested groups work?

I don't believe so.

Does it work with both Security and Distribution groups?

It works on Distinguished Names (DN), but doesn't care what the type of group is.

What user info is populated in the software, and is it dynamically updated?

Customer information is not populated into the database from LDAP, it is merely queried from the MAP in Config.pm.
User/Agent information is somewhat synced, and varies if you want to sync it.

What happens when a user is disabled or deleted from LDAP?

The user is no longer able to log in to OTRS. That's all that happens. Tickets are still attached to the username and don't magically disappear.

What happens with duplicate account names in the software?

The duplicate account name can't log in. If this will be a problem, perhaps userPrincipalName may be a better choice than normal login or find a different way (email?) to prevent collisions.

Can it authenticate against multiple domains?

Yes. You should read my link and the appropriate documentation.

[bermelian]

Thank you very much !!