wir versuchen hier gerade ORTS an unser LDAP zu binden. Leider ergibt sich hierbei folgendes Problem:
In die Gruppe OTRS Benutzer haben wir alle Gruppen eingefügt, welche später Kunden sein sollen. Leider werden die Gruppen nicht aufgelöst. (s.Bild)
Das Ziel wäre, statt der Gruppen die Benutzer zu sehen.
Hier unsere Config.pm:
Code: Select all
# --
# Kernel/Config.pm - Config file for OTRS kernel
# Copyright (C) 2001-2011 xxx, http://otrs.org/
# --
# $Id: Config.pm.dist,v 1.25 2011/09/16 10:58:28 mg Exp $
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (AGPL). If you
# did not receive this file, see http://www.gnu.org/licenses/agpl.txt.
# --
# Note:
#
# -->> OTRS does have a lot of config settings. For more settings
# (Notifications, Ticket::ViewAccelerator, Ticket::NumberGenerator,
# LDAP, PostMaster, Session, Preferences, ...) see
# Kernel/Config/Defaults.pm and copy your wanted lines into "this"
# config file. This file will not be changed on update!
#
# --
package Kernel::Config;
use utf8;
sub Load {
my $Self = shift;
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# #
# Start of your own config options!!! #
# #
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# database settings #
# ---------------------------------------------------- #
# DatabaseHost
# (The database host.)
$Self->{'DatabaseHost'} = 'localhost';
# Database
# (The database name.)
$Self->{'Database'} = 'otrs';
# DatabaseUser
# (The database user.)
$Self->{'DatabaseUser'} = 'otrs';
# DatabasePw
# (The password of database user. You also can use bin/otrs.CryptPassword.pl
# for crypted passwords.)
$Self->{'DatabasePw'} = 'Thoxei9aeF';
# DatabaseDSN
# (The database DSN for MySQL ==> more: "man DBD::mysql")
$Self->{DatabaseDSN} = "DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost};";
# (The database DSN for PostgreSQL ==> more: "man DBD::Pg")
# if you want to use a local socket connection
# $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};";
# if you want to use a tcpip connection
# $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};host=$Self->{DatabaseHost};";
# if you have PostgresSQL 8.1 or earlier, activate the legacy driver with this line:
# $Self->{DatabasePostgresqlBefore82} = 1;
# ---------------------------------------------------- #
# fs root directory
# ---------------------------------------------------- #
$Self->{Home} = '/opt/otrs';
# ---------------------------------------------------- #
# insert your own config settings "here" #
# config settings taken from Kernel/Config/Defaults.pm #
# ---------------------------------------------------- #
# $Self->{SessionUseCookie} = 0;
# $Self->{CheckMXRecord} = 0;
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# data inserted by installer #
# ---------------------------------------------------- #
# $DIBI$
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# #
# End of your own config options!!! #
# #
# ---------------------------------------------------- #
# ---------------------------------------------------- #
########################################################
##
## Agenten aus AD
##
########################################################
#Enable LDAP authentication for Customers / Users
$Self->{'AuthModule1'} = 'Kernel::System::Auth::LDAP';
# Namen des zu verwendenden DC am besten in /etc/hosts eintragen
$Self->{'AuthModule::LDAP::Host1'} = 'DomainControll';
# Suchbasis
$Self->{'AuthModule::LDAP::BaseDN1'} = 'dc=FIRMA,dc=local';
$Self->{'AuthModule::LDAP::UID1'} = 'sAMAccountName';
# Anmeldung am Directory, damit suchen erlaubt ist:
$Self->{'AuthModule::LDAP::SearchUserDN1'} = 'cn=LDAPSurfer,cn=Users,dc=FIRMA,dc=local';
$Self->{'AuthModule::LDAP::SearchUserPw1'} = 'K3nnw0rt';
# UserSyncLDAPMap
$Self->{UserSyncLDAPMap} = {
# DB -> LDAP
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
# UserSyncLDAPGroups
$Self->{UserSyncLDAPGroups} = [
'users',
];
$Self->{'AuthModule::LDAP::GroupDN1'} = 'cn=Grp_otrs_agent,ou=_FIRMA_Gruppen,dc=FIRMA,dc=local';
$Self->{'AuthModule::LDAP::AccessAttr1'} = 'member';
$Self->{'AuthModule::LDAP::UserAttr1'} = 'DN';
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = '100.10.2.13';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=FIRMA,dc=local';
$Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthSyncModule::LDAP::UserAttr'} = 'DN';
$Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'cn=LDAPSurfer,cn=Users,dc=FIRMA,dc=local';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'K3nnw0rt';
$Self->{'AuthSyncModule::LDAP::GroupDN'} = 'cn=Grp_otrs_agent,ou=_FIRMA_Gruppen,dc=FIRMA,dc=local';
$Self->{'AuthSyncModule::LDAP::AlwaysFilter'} = '';
$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
'users',
];
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
# DB -> LDAP
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail'
};
# DB Auth auch noch....
$Self->{'AuthModule2'} = 'Kernel::System::Auth::DB';
########################################################
##
## Customer aus AD
##
########################################################
# LDAP authentifizierung verwenden
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
# Namen des zu verwendenden DC am besten in /etc/hosts eintragen
$Self->{'Customer::AuthModule::LDAP::Host'} = 'DomainControll';
# Suchbasis
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=FIRMA,dc=local';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'Customer::AuthModule::LDAP::Charset1'} = 'utf-8';
# Anmeldung am Directory, damit suchen erlaubt ist:
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=LDAPSurfer,cn=Users,dc=FIRMA,dc=local';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'K3nnw0rt';
# Einstellung für Customer User:
$Self->{CustomerUser} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => '100.10.2.13',
BaseDN => 'dc=FIRMA,dc=local',
SSCOPE => 'sub',
UserDN =>'cn=LDAPSurfer,cn=Users,dc=FIRMA,dc=local',
UserPw => 'K3nnw0rt',
SourceCharset => 'utf-8',
DestCharset => 'utf-8',
},
CustomerKey => 'sAMAccountName',
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
CustomerUserValidFilter => '(memberOf=cn=Grp_otrs_customer,ou=_FIRMA_Gruppen,dc=FIRMA,dc=local)',
Map => [
# note: Login, Email and CustomerID needed!
#[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
#[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
#[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
$Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'cn=Grp_otrs_customer,ou=_FIRMA_Gruppen,dc=FIRMA,dc=local';
$Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN';
}
# ---------------------------------------------------- #
# needed system stuff (don't edit this) #
# ---------------------------------------------------- #
use strict;
use warnings;
use vars qw(@ISA $VERSION);
$VERSION = qw($Revision: 1.25 $)[1];
use Kernel::Config::Defaults;
push (@ISA, 'Kernel::Config::Defaults');
# -----------------------------------------------------#
1;
Gruß
Kevin
