I discovered this forum and i think it is assume. I have been working with OTRS for a few years ago and then i have had a "pause" for a few years, but now I´m back in business i. at first i want to excause me for my bad english.
I have installed a fresh new install of OTRS 3.2.1 with ITSM and FAQ and i have a problem with some agent issues and som customer issues, and i have done this before but i must have missed something. And i hope that someone in this forum can help me and get me in the right way.
Here is my goal:
I want 3 Customer Directories:
1. EndCustomer DB (The one included in OTRS)
2. Internal Customer LDAP (Active Directory) (colleagues)
3. Partners customer LDAP (Standalone OpenLDAP) (Partners)
From customer.pl i want the all of these above Customer Directories can login.
This is the result i get with my configuration, (se code)
1. LDAP User can login
, however they can create new tickets, but when they click on an existing ticket it says "No Permission". I have try and activate and deaktivate "Customer groups" with no result. In the log it says User has no permission "ro" (readonly).2. The Users in EndCustomer DB can not log in, only ldap users
3. When agent create new ticket or edit a existing one, the customersearch is not working, only Endcustomer from DB is showing. Even if i go in in customer center i can´t search for "LDAP" internal customers.
4. Well i have not configured the third customer directory until i get the first two ones to work. But is there anything to think of here?
5. I have created an AD group called OTRS_Agents, and in there i have 3 groups that has the members of the users. But when i have configuration OTRS cant find the users. Because it does not look in the underlying groups.
6. Agents working perfectly with the mapping from LDAP groups to OTRS Roles
So does anyone have an idea?
My Config.pm
Code: Select all
#
my $nx_BaseDN = 'DC=mydomain,DC=com';
my $nx_Host = 'X.X.X.X';
my $nx_SearchUserDN = 'CN=OTRS Service,OU=OTRS,OU=SvcAccounts,OU=NonHuman,OU=SOMEOU,DC=mydomain,DC=com';
my $nx_SearchUserPw = 'SOMEPASSWORD';
# LDAP Lookup Agents
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = $nx_Host;
$Self->{'AuthModule::LDAP::BaseDN'} = $nx_BaseDN;
$Self->{'AuthModule::LDAP::SearchUserDN'} = $nx_SearchUserDN;
$Self->{'AuthModule::LDAP::SearchUserPw'} = $nx_SearchUserPw;
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::AlwaysFilter'} = '(objectclass=user)';
$Self->{'AuthModule::LDAP::GroupDN'} = 'CN=AccessServiceOTRS_Agents,OU=OTRSAccessgroups,OU=Groups,OU=SOMEOU,DC=mydomain,DC=com';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
$Self->{'AuthModule::LDAP::UserLowerCase'} = 0;
# End Lookup Agent
# LDAP Lookup Agents and set roles
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = $nx_Host;
$Self->{'AuthSyncModule::LDAP::BaseDN'} = $nx_BaseDN;
$Self->{'AuthModule::LDAP::SearchUserDN'} = $nx_SearchUserDN;
$Self->{'AuthModule::LDAP::SearchUserPw'} = $nx_SearchUserPw;
$Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthSyncModule::LDAP::AlwaysFilter'} = '(objectclass=user)';
$Self->{'AuthSyncModule::LDAP::GroupDN'} = 'CN=AccessServiceOTRS_Agents,OU=OTRSAccessgroups,OU=Groups,OU=SOMEOU,DC=mydomain,DC=com';
$Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthSyncModule::LDAP::UserAttr'} = 'DN';
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
UserMobile => 'mobile',
};
# Map LDAP Groups to OTRS Roles
$Self->{'AuthSyncModule::LDAP::UserSyncRolesDefinition'} = {
'CN=AccessServiceOTRS_Admin,OU=OTRSAccessgroups,OU=Groups,OU=SOMEOU,DC=mydomain,DC=com' => {
'OTRS SuperAdmin' => 1,
},
'CN=AccessServiceOTRS_IS_Admin,OU=OTRSAccessgroups,OU=Groups,OU=SOMEOU,DC=mydomain,DC=com' => {
'IS Admin' => 1,
},
'CN=AccessServiceOTRS_IS_Agent,OU=OTRSAccessgroups,OU=Groups,OU=SOMEOU,DC=mydomain,DC=com' => {
'IS Agents' => 1,
},
'CN=AccessServiceOTRS_TS_Admin,OU=OTRSAccessgroups,OU=Groups,OU=SOMEOU,DC=mydomain,DC=com' => {
'TS Admin' => 1,
},
'CN=AccessServiceOTRS_TS_Agent,OU=OTRSAccessgroups,OU=Groups,OU=SOMEOU,DC=mydomain,DC=com' => {
'TS Agents' => 1,
},
'CN=AccessServiceOTRS_CS_Admin,OU=OTRSAccessgroups,OU=Groups,OU=SOMEOU,DC=mydomain,DC=com' => {
'CS Admin' => 1,
},
'CN=AccessServiceOTRS_CS_Agent,OU=OTRSAccessgroups,OU=Groups,OU=SOMEOU,DC=mydomain,DC=com' => {
'CS Agents' => 1,
}
};
# End of Lookup Agents and set roles
# Lookup LDAP Customer (Internal Users)
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = $nx_Host;
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = $nx_BaseDN;
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = $nx_SearchUserDN;
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = $nx_SearchUserPW;
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '(objectclass=user)';
$Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'CN=AccessServiceOTRS_Users,OU=OTRSAccessgroups,OU=Groups,OU=SOMEOU,DC=mydomain,DC=com';
$Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN';
$Self->{'Customer::AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
# Lookup LDAP Customer (Internal Users)
$Self->{CustomerUser1} = {
Name => 'Nexus LDAP',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => $nx_Host,
BaseDN => $nx_BaseDN,
SSCOPE => 'sub',
UserDN => $nx_SearchUserDN,
UserPw => $nx_SearchUserPw,
AlwaysFilter => '(objectclass=user)',
GroupDN => 'CN=AccessServiceOTRS_Users,OU=OTRSAccessgroups,OU=Groups,OU=SOMEOU,DC=mydomain,DC=com',
AccessAttr => 'member',
UserAttr => 'DN',
},
CustomerKey => 'sAMAccountName',
CustomerID => 'mail',
# CustomerValid => 'valid_id',
CustomerUserListFields => ['sAMAccountName', 'sn', 'givenname', 'company', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'sn', 'givenname', 'company', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserExcludePrimaryCustomerID => 0,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
# CustomerUserValidFilter => '(company=*)',
AdminSetPreferences => 0,
CacheTTL => 0,
Map => [
[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'mail', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
[ 'UserMobile', 'Mobile', 'mobile', 1, 0, 'var', '', 0 ],
[ 'UserStreet', 'Street', 'street', 1, 0, 'var', '', 0 ],
[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
# [ 'ValidID','Valid','valid_id',0, 1, 'int', '', 0 ],
],
};
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# data inserted by installer #
# ---------------------------------------------------- #
# $DIBI$
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# #
# End of your own config options!!! #
# #
# ---------------------------------------------------- #
# ---------------------------------------------------- #
}
# ---------------------------------------------------- #
# needed system stuff (don't edit this) #
# ---------------------------------------------------- #
use strict;
use warnings;
use vars qw(@ISA $VERSION);
$VERSION = qw($Revision: 1.27 $)[1];
use Kernel::Config::Defaults;
push (@ISA, 'Kernel::Config::Defaults');
# -----------------------------------------------------#
1;