LDAP Integration with Active Directory

Moderator: crythias

Locked
Vinoth
Znuny newbie
Posts: 1
Joined: 20 Nov 2012, 20:53
Znuny Version: OTRS 3.1
Real Name: Vinoth
Company: BakeMark

LDAP Integration with Active Directory

Post by Vinoth »

I have done some changes to the config.pm to integrate LDAP users from a admin group with OTRS. Able to login from the OTRS agent interface as Active Directory (LDAP) users.

From here, what i am expecting is the roles of a admin user should be applied in OTRS system as well.

This is the config i have:

Code: Select all

  # Enable LDAP lookups of Agent account informations and default roles.
    $Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
    $Self->{'AuthSyncModule::LDAP::Host'} = <My host name>;
    $Self->{'AuthSyncModule::LDAP::BaseDN'} = <My Domain Name>;
    $Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
    $Self->{'AuthSyncModule::LDAP::SearchUserDN'} = <search user defined as user@domian.dn>;
    $Self->{'AuthSyncModule::LDAP::SearchUserPw'} = pass;
    #$Self->{'AuthSyncModule::LDAP::AlwaysFilter'} = '(objectclass=user)';
    $Self->{'AuthSyncModule::LDAP::GroupDN'} = 'CN=Domain Admins,OU=Users,DC=<domain>';
    $Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'member';
    $Self->{'AuthSyncModule::LDAP::UserAttr'} = 'DN';
    $Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
        UserFirstname => 'givenName',
        UserLastname  => 'sn',
        UserEmail     => 'mail',
    };

	
	# AuthSyncModule::LDAP::UserSyncInitialRoles
	# (sync following roles after initial create of first agent login)
	$Self->{'AuthSyncModule::LDAP::UserSyncInitialRoles'} = [
		'users',
	];

	# AuthSyncModule::LDAP::UserSyncRolesDefinition
	# (If "LDAP" was selected for AuthModule and you want to sync LDAP
	# groups to otrs roles, define the following.)
	#$Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'member';
	$Self->{'AuthSyncModule::LDAP::UserSyncRolesDefinition'} = {
			# AD/LDAP group
			'CN=Domain Admins,OU=Users,DC=<Domian>' => {
					'AdminRole' => 1,
			},
	};
The log i got is:

Tue Nov 20 13:02:07 2012][Notice][Kernel::System::Auth::Sync::LDAP::Sync] User: 'bmu_otrstest' sync ldap groups CN=Domain Admins,OU=Users, to roles!
[Tue Nov 20 13:02:08 2012][Error][Kernel::System::Auth::Sync::LDAP::Sync][456] Search failed! (CN=Domain Admins,OU=Users,) filter='(member=CN=OTRS Test,CN=Users,)' 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of: 'DC=CSMBSNABMU,'

OTRS is trying to search in the Admin group, but not able to get the roles applied for the user.

Need a help from this point. Thanks in advance.
Top
crythias
Moderator
Posts: 10170
Joined: 04 May 2010, 18:38
Znuny Version: 5.0.x
Location: SouthWest Florida, USA
Contact:
Contact crythias

Re: LDAP Integration with Active Directory

Post by crythias »

There is a filter that is conflicting with your group membership.
Currently, it says, OTRS Test is not a Domain Admin.

At least, it's not in that specific OU.
It's attempting to use
$Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthSyncModule::LDAP::UserAttr'} = 'DN';
#(member=distinguishedName of user)
against
CN=Domain Admins,OU=Users,DC=<Domian>
OTRS 6.0.x (private/testing/public) on Linux with MySQL database.
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
Top
Locked

Return to “Help”