LDAP - CONFIG ADMIN GROUPS [SOLVED]

Moderator: crythias

Locked
fmattos
Znuny newbie
Posts: 18
Joined: 23 Aug 2012, 00:39
Znuny Version: 3.1.8
Real Name: Flavio
Company: student

LDAP - CONFIG ADMIN GROUPS [SOLVED]

Post by fmattos »

Hi everyone!

I am using LDAP authentication to authenticate agents and customers with success, but I am having problems to assing agents to groups and roles as well.
This is relevant piece of my Config.pm

Code: Select all

$Self->{'AuthModule::LDAP::GroupDN'} = 'cn=otrs_adm,ou=groups,ou=otrs,ou=systems,dc=mycompany,dc=com';
    $Self->{'AuthModule::LDAP::GroupDN1'} = 'cn=otrs_users,ou=groups,ou=otrs,ou=systems,dc=mycompany,dc=com';
    # Attributes needed for group syncs
    # (attribute name for group value key)
    $Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'member';
    # (attribute for type of group content UID/DN for full ldap name)
    $Self->{'AuthSyncModule::LDAP::UserAttr'} = 'uid';


    # AuthSyncModule::LDAP::UserSyncInitialGroups
    # (sync following group with rw permission after initial create of first agent
    # login)
    $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
        'users',
    ];

    # AuthSyncModule::LDAP::UserSyncGroupsDefinition
    # (If "LDAP" was selected for AuthModule and you want to sync LDAP
    # groups to otrs groups, define the following.)
    $Self->{'AuthSyncModule::LDAP::UserSyncGroupsDefinition'} = {
        # ldap group
        'cn=otrs_adm,ou=groups,ou=otrs,ou=systems,dc=mycompany,dc=com' => {
            # otrs group
            'admin' => {
                # permission
                rw => 1,
		move_into => 1,
		create => 1,
		note => 1,
		owner => 1,
		priority => 1,
                ro => 1,
            },
        },
        'cn=otrs_users,ou=groups,ou=otrs,ou=systems,dc=mycompany,dc=com' => {
            'users' => {
                rw => 1,
		move_into => 1,
		create => 1,
		note => 1,
		owner => 1,
		priority => 1,
                ro => 1,
            },
        }
    };

    # AuthSyncModule::LDAP::UserSyncRolesDefinition
    # (If "LDAP" was selected for AuthModule and you want to sync LDAP
    # groups to otrs roles, define the following.)
    $Self->{'AuthSyncModule::LDAP::UserSyncRolesDefinition'} = {
        # ldap group
        'cn=otrs_users,ou=groups,ou=otrs,ou=systems,dc=mycompany,dc=com' => {
            # otrs role
            'role1' => 1,
            'role2' => 0,
        },
        'cn=otrs_adm,ou=groups,ou=otrs,ou=systems,dc=mycompany,dc=com' => {
            'role3' => 1,
        }
    };
What am I doing wrong?
Thanks in advance
Last edited by fmattos on 23 Dec 2013, 22:02, edited 1 time in total.
Top
crythias
Moderator
Posts: 10170
Joined: 04 May 2010, 18:38
Znuny Version: 5.0.x
Location: SouthWest Florida, USA
Contact:
Contact crythias

Re: LDAP - CONFIG ADMIN GROUPS

Post by crythias »

You're not asking good questions. As in, even if you are correct, you aren't explaining what happens, and why it's not what you are expecting to happen.
OTRS 6.0.x (private/testing/public) on Linux with MySQL database.
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
Top
fmattos
Znuny newbie
Posts: 18
Joined: 23 Aug 2012, 00:39
Znuny Version: 3.1.8
Real Name: Flavio
Company: student

Re: LDAP - CONFIG ADMIN GROUPS

Post by fmattos »

Hi crythias, thanks for reading my question

I will try a better explanation about what is happening...

After reading the manual I could authenticate my agents from my LDAP server, so my agents can login with their username and password stored in my LDAP server.
Now I would like to associate those agents to groups and roles. I have tried to insert the configuration posted earlier but it is not working.
I would like to know if I am missing some configuration or if the configuration I have made are wrong.

Thank you
Top
crythias
Moderator
Posts: 10170
Joined: 04 May 2010, 18:38
Znuny Version: 5.0.x
Location: SouthWest Florida, USA
Contact:
Contact crythias

Re: LDAP - CONFIG ADMIN GROUPS

Post by crythias »

It is hard to troubleshoot not working.
OTRS 6.0.x (private/testing/public) on Linux with MySQL database.
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
Top
fmattos
Znuny newbie
Posts: 18
Joined: 23 Aug 2012, 00:39
Znuny Version: 3.1.8
Real Name: Flavio
Company: student

Re: LDAP - CONFIG ADMIN GROUPS

Post by fmattos »

I am sorry.. but that is the strange part.. The log file does not say anything... when I login with my admin user (that was previously created) and I navigate to the agent/group page none of my agents are assigned to any group... That is why I am asking if I am missing something.. That is why I posted that piece of configuration...
Top
crythias
Moderator
Posts: 10170
Joined: 04 May 2010, 18:38
Znuny Version: 5.0.x
Location: SouthWest Florida, USA
Contact:
Contact crythias

Re: LDAP - CONFIG ADMIN GROUPS

Post by crythias »

fmattos wrote:navigate to the agent/group page none of my agents are assigned to any group
This is the first post that indicates the issue to solve. I would generally doubt that the agents wouldn't at least be AuthSync'd to users as a group:
$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
'users',
];


Please post your entire config.pm, at least anything at all related to Auth.
For instance:
$Self->{'AuthModule::UseSyncBackend'} = 'AuthSyncBackend';
OTRS 6.0.x (private/testing/public) on Linux with MySQL database.
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
Top
fmattos
Znuny newbie
Posts: 18
Joined: 23 Aug 2012, 00:39
Znuny Version: 3.1.8
Real Name: Flavio
Company: student

Re: LDAP - CONFIG ADMIN GROUPS

Post by fmattos »

This is my Config.pm

Code: Select all

# --
# Kernel/Config.pm - Config file for OTRS kernel
# Copyright (C) 2001-2013 xxx, http://otrs.org/
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (AGPL). If you
# did not receive this file, see http://www.gnu.org/licenses/agpl.txt.
# --
#  Note:
#
#  -->> Most OTRS configuration should be done via the OTRS web interface
#       and the SysConfig. Only for some configuration, such as database
#       credentials and customer data source changes, you should edit this
#       file. For changes do customer data sources you can copy the definitions
#       from Kernel/Config/Defaults.pm and paste them in this file.
#       Config.pm will not be overwritten when updating OTRS.
# --

package Kernel::Config;

use strict;
use warnings;
use utf8;

sub Load {
    my $Self = shift;

    # ---------------------------------------------------- #
    # database settings                                    #
    # ---------------------------------------------------- #

    # The database host
    $Self->{'DatabaseHost'} = 'localhost';

    # The database name
    $Self->{'Database'} = 'otrs';

    # The database user
    $Self->{'DatabaseUser'} = 'otrs';

    # The password of database user. You also can use bin/otrs.CryptPassword.pl
    # for crypted passwords
    $Self->{'DatabasePw'} = 'otrs';

    # The database DSN for MySQL ==> more: "perldoc DBD::mysql"
    $Self->{DatabaseDSN} = "DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost};";

    # The database DSN for PostgreSQL ==> more: "perldoc DBD::Pg"
    # if you want to use a local socket connection
#    $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};";
    # if you want to use a TCP/IP connection
#    $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};host=$Self->{DatabaseHost};";
    # if you have PostgresSQL 8.1 or earlier, activate the legacy driver with this line:
#    $Self->{DatabasePostgresqlBefore82} = 1;

    # The database DSN for Microsoft SQL Server - only supported if OTRS is
    # installed on Windows as well
#    $Self->{DatabaseDSN} = "DBI:ODBC:driver={SQL Server};Database=$Self->{Database};Server=$Self->{DatabaseHost},1433";

    # The database DSN for Oracle ==> more: "perldoc DBD::oracle"
#    $ENV{ORACLE_HOME} = '/u01/app/oracle/product/10.2.0/client_1';
#    $ENV{NLS_DATE_FORMAT} = 'YYYY-MM-DD HH24:MI:SS';
#    $ENV{NLS_LANG} = "american_america.utf8";

#    $Self->{DatabaseDSN} = "DBI:Oracle:sid=OTRS;host=$Self->{DatabaseHost};port=1522;";

    # ---------------------------------------------------- #
    # fs root directory
    # ---------------------------------------------------- #
    $Self->{Home} = '/opt/otrs';

    # ---------------------------------------------------- #
    # insert your own config settings "here"               #
    # config settings taken from Kernel/Config/Defaults.pm #
    # ---------------------------------------------------- #
    # $Self->{SessionUseCookie} = 0;
    # $Self->{CheckMXRecord} = 0;
	
    # ------------- CONFIG LDAP BEGINNING -----------------#

	# CustomerUser
# (customer user ldap backend and settings)
    $Self->{CustomerUser} = {
        Name => 'LDAP Backend',
        Module => 'Kernel::System::CustomerUser::LDAP',
        Params => {
            # ldap host
            Host => 'myhost',
            # ldap base dn
            BaseDN => 'ou=customer_db,dc=mydomain,dc=mycompany,dc=com',
            # search scope (one|sub)
            SSCOPE => 'sub',
            # The following is valid but would only be necessary if the
            # anonymous user does NOT have permission to read from the LDAP tree
            UserDN => '',
            UserPw => '',
            # in case you want to add always one filter to each ldap query, use
            # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
            AlwaysFilter => '',
            # if both your frontend and your LDAP are unicode, use this:
            SourceCharset => 'utf-8',
            DestCharset   => 'utf-8',
            # if your frontend is unicode and the charset of your
            # ldap server is iso-8859-1, use these options.
            # SourceCharset => 'iso-8859-1',
            # DestCharset => 'utf-8',
            # die if backend can't work, e. g. can't connect to server
            Die => 0,
            # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
            Params => {
                port    => 389,
                timeout => 120,
                async   => 0,
                version => 3,
            },
        },
        # customer unique id
        CustomerKey => 'uid',
        # customer #
        CustomerID => 'mail',
        CustomerUserListFields => ['cn', 'mail'],
        CustomerUserSearchFields => ['uid', 'cn', 'mail'],
        CustomerUserSearchPrefix => '',
        CustomerUserSearchSuffix => '*',
        CustomerUserSearchListLimit => 250,
        CustomerUserPostMasterSearchFields => ['mail'],
        CustomerUserNameFields => ['givenname', 'sn'],
        # show now own tickets in customer panel, CompanyTickets
        CustomerUserExcludePrimaryCustomerID => 0,
        # add a ldap filter for valid users (expert setting)
        # CustomerUserValidFilter => '(!(description=gesperrt))',
        # admin can't change customer preferences
        AdminSetPreferences => 0,
        # cache time to live in sec. - cache any ldap queries
        CacheTTL => 0,
        Map => [
            # note: Login, Email and CustomerID needed!
            # var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly
            [ 'UserTitle',      'Title',      'title',           1, 0, 'var', '', 0 ],
            [ 'UserFirstname',  'Firstname',  'givenname',       1, 1, 'var', '', 0 ],
            [ 'UserLastname',   'Lastname',   'sn',              1, 1, 'var', '', 0 ],
            [ 'UserLogin',      'Username',   'uid',             1, 1, 'var', '', 0 ],
            [ 'UserEmail',      'Email',      'mail',            1, 1, 'var', '', 0 ],
            [ 'UserCustomerID', 'CustomerID', 'mail',            0, 1, 'var', '', 0 ],
            # [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1, 0, 'var', '', 0 ],
            [ 'UserPhone',      'Phone',      'telephonenumber', 1, 0, 'var', '', 0 ],
            [ 'UserAddress',    'Address',    'postaladdress',   1, 0, 'var', '', 0 ],
            [ 'UserComment',    'Comment',    'description',     1, 0, 'var', '', 0 ],
        ],
    };

# >>Customer Auth

    # This is an example configuration for an LDAP auth. backend.
    # (take care that Net::LDAP is installed!)
    # Number one means - LDAP and DB authentication
    $Self->{'Customer::AuthModule1'} = 'Kernel::System::CustomerAuth::LDAP';
    $Self->{'Customer::AuthModule::LDAP::Host1'} = 'myhost';
    $Self->{'Customer::AuthModule::LDAP::BaseDN1'} = 'ou=customer_db,dc=mydomain,dc=mycompany,dc=com';
    $Self->{'Customer::AuthModule::LDAP::UID1'} = 'uid';

# >>Agent Auth

    # This is an example configuration for an LDAP auth. backend.
    # (take care that Net::LDAP is installed!)
    $Self->{AuthModule2} = 'Kernel::System::Auth::LDAP';
    $Self->{'AuthModule::LDAP::Host2'} = 'myhost';
    $Self->{'AuthModule::LDAP::BaseDN2'} = 'ou=customer_service,ou=employees,dc=mycompany,dc=com';
    $Self->{'AuthModule::LDAP::UID2'} = 'uid';


    # AuthSyncModule::LDAP::UserSyncMap
    # (map if agent should create/synced from LDAP to DB after successful login)
    $Self->{AuthSyncModule1} = 'Kernel::System::Auth::Sync::LDAP';
    $Self->{'AuthSyncModule::LDAP::Host1'} = 'myhost';
    $Self->{'AuthSyncModule::LDAP::BaseDN1'} = 'ou=customer_service,ou=employees,dc=mycompany,dc=com';
    $Self->{'AuthSyncModule::LDAP::UID1'} = 'uid'; 
    $Self->{'AuthSyncModule::LDAP::UserSyncMap1'} = {
        # DB -> LDAP
        UserFirstname => 'givenName',
        UserLastname  => 'sn',
        UserEmail     => 'mail',
    };   
    #$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'cn=Manager,ou=customer_service,ou=employees,dc=mycompany,dc=com';
    #$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'userPassword';


    $Self->{'AuthModule::LDAP::GroupDN'} = 'cn=otrs_adm,ou=groups,ou=otrs,ou=systems,dc=mycompany,dc=com';
    $Self->{'AuthModule::LDAP::GroupDN1'} = 'cn=otrs_users,ou=groups,ou=otrs,ou=systems,dc=mycompany,dc=com';
    # Attributes needed for group syncs
    # (attribute name for group value key)
    $Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'member';
    # (attribute for type of group content UID/DN for full ldap name)
    $Self->{'AuthSyncModule::LDAP::UserAttr'} = 'uid';


    # AuthSyncModule::LDAP::UserSyncInitialGroups
    # (sync following group with rw permission after initial create of first agent
    # login)
    $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
        'users',
    ];

    # AuthSyncModule::LDAP::UserSyncGroupsDefinition
    # (If "LDAP" was selected for AuthModule and you want to sync LDAP
    # groups to otrs groups, define the following.)
    $Self->{'AuthSyncModule::LDAP::UserSyncGroupsDefinition'} = {
        # ldap group
        'cn=otrs_adm,ou=groups,ou=otrs,ou=systems,dc=mycompany,dc=com' => {
            # otrs group
            'admin' => {
                # permission
                rw => 1,
		move_into => 1,
		create => 1,
		note => 1,
		owner => 1,
		priority => 1,
                ro => 1,
            },
        },
        'cn=otrs_users,ou=groups,ou=otrs,ou=systems,dc=mycompany,dc=com' => {
            'users' => {
                rw => 1,
		move_into => 1,
		create => 1,
		note => 1,
		owner => 1,
		priority => 1,
                ro => 1,
            },
        }
    };



    # ------------ CONFIG LDAP ENDING ---------------------#	

    # ---------------------------------------------------- #

    # ---------------------------------------------------- #
    # data inserted by installer                           #
    # ---------------------------------------------------- #
    # $DIBI$

    # ---------------------------------------------------- #
    # ---------------------------------------------------- #
    #                                                      #
    # end of your own config options!!!                    #
    #                                                      #
    # ---------------------------------------------------- #
    # ---------------------------------------------------- #
}



# ---------------------------------------------------- #
# needed system stuff (don't edit this)                #
# ---------------------------------------------------- #
use strict;
use warnings;

use vars qw(@ISA);

use Kernel::Config::Defaults;
push (@ISA, 'Kernel::Config::Defaults');

# -----------------------------------------------------#

1;
Top
crythias
Moderator
Posts: 10170
Joined: 04 May 2010, 18:38
Znuny Version: 5.0.x
Location: SouthWest Florida, USA
Contact:
Contact crythias

Re: LDAP - CONFIG ADMIN GROUPS

Post by crythias »

$Self->{AuthModule2} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host2'} = 'myhost';
$Self->{'AuthModule::LDAP::BaseDN2'} = 'ou=customer_service,ou=employees,dc=mycompany,dc=com';
$Self->{'AuthModule::LDAP::UID2'} = 'uid'; #might consider sAMAccountName


# AuthSyncModule::LDAP::UserSyncMap
# (map if agent should create/synced from LDAP to DB after successful login)
$Self->{AuthSyncModule1} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host1'} = 'myhost';
$Self->{'AuthSyncModule::LDAP::BaseDN1'} = 'ou=customer_service,ou=employees,dc=mycompany,dc=com';
$Self->{'AuthSyncModule::LDAP::UID1'} = 'uid'; #might consider sAMAccountName

Also,your AuthSyncModule isn't consistently numbered ... If you mean to use 1, use it for all AuthSyncModules.
OTRS 6.0.x (private/testing/public) on Linux with MySQL database.
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
Top
fmattos
Znuny newbie
Posts: 18
Joined: 23 Aug 2012, 00:39
Znuny Version: 3.1.8
Real Name: Flavio
Company: student

Re: LDAP - CONFIG ADMIN GROUPS

Post by fmattos »

[solved]

crythias, Thank you for the patience.. I figured out how to make it work...

Here is the config file.. Maybe can be useful for someone..

Code: Select all

  # ------------- CONFIG LDAP BEGINNING -----------------#

    # CustomerUser
# (customer user ldap backend and settings)
    $Self->{CustomerUser} = {
        Name => 'LDAP Backend',
        Module => 'Kernel::System::CustomerUser::LDAP',
        Params => {
            # ldap host
            Host => '10.5.10.100',
            # ldap base dn
            BaseDN => 'ou=customer_db,dc=myXdomain,dc=mycompany,dc=com',
            # search scope (one|sub)
            SSCOPE => 'sub',
            # The following is valid but would only be necessary if the
            # anonymous user does NOT have permission to read from the LDAP tree
            UserDN => '',
            UserPw => '',
            # in case you want to add always one filter to each ldap query, use
            # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
            AlwaysFilter => '',
            # if both your frontend and your LDAP are unicode, use this:
            SourceCharset => 'utf-8',
            DestCharset   => 'utf-8',
            # if your frontend is unicode and the charset of your
            # ldap server is iso-8859-1, use these options.
            # SourceCharset => 'iso-8859-1',
            # DestCharset => 'utf-8',
            # die if backend can't work, e. g. can't connect to server
            Die => 0,
            # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
            Params => {
                port    => 389,
                timeout => 120,
                async   => 0,
                version => 3,
            },
        },
        # customer unique id
        CustomerKey => 'uid',
        # customer #
        CustomerID => 'mail',
        CustomerUserListFields => ['cn', 'mail'],
        CustomerUserSearchFields => ['uid', 'cn', 'mail'],
        CustomerUserSearchPrefix => '',
        CustomerUserSearchSuffix => '*',
        CustomerUserSearchListLimit => 250,
        CustomerUserPostMasterSearchFields => ['mail'],
        CustomerUserNameFields => ['givenname', 'sn'],
        # show now own tickets in customer panel, CompanyTickets
        CustomerUserExcludePrimaryCustomerID => 0,
        # add a ldap filter for valid users (expert setting)
        # CustomerUserValidFilter => '(!(description=gesperrt))',
        # admin can't change customer preferences
        AdminSetPreferences => 0,
        # cache time to live in sec. - cache any ldap queries
        CacheTTL => 0,
        Map => [
            # note: Login, Email and CustomerID needed!
            # var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly
            [ 'UserTitle',      'Title',      'title',           1, 0, 'var', '', 0 ],
            [ 'UserFirstname',  'Firstname',  'givenname',       1, 1, 'var', '', 0 ],
            [ 'UserLastname',   'Lastname',   'sn',              1, 1, 'var', '', 0 ],
            [ 'UserLogin',      'Username',   'uid',             1, 1, 'var', '', 0 ],
            [ 'UserEmail',      'Email',      'mail',            1, 1, 'var', '', 0 ],
            [ 'UserCustomerID', 'CustomerID', 'mail',            0, 1, 'var', '', 0 ],
            # [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1, 0, 'var', '', 0 ],
            [ 'UserPhone',      'Phone',      'telephonenumber', 1, 0, 'var', '', 0 ],
            [ 'UserAddress',    'Address',    'postaladdress',   1, 0, 'var', '', 0 ],
            [ 'UserComment',    'Comment',    'description',     1, 0, 'var', '', 0 ],
        ],
    };

# >>Customer Auth

    # This is an example configuration for an LDAP auth. backend.
    # (take care that Net::LDAP is installed!)
    # Number one means - LDAP and DB authentication
    $Self->{'Customer::AuthModule1'} = 'Kernel::System::CustomerAuth::LDAP';
    $Self->{'Customer::AuthModule::LDAP::Host1'} = '10.5.10.100';
    $Self->{'Customer::AuthModule::LDAP::BaseDN1'} = 'ou=customer_db,dc=myXdomain,dc=mycompany,dc=com';
    $Self->{'Customer::AuthModule::LDAP::UID1'} = 'uid';

# >>Agent Auth
 
    # This is an example configuration for an LDAP auth. backend.
    # (take care that Net::LDAP is installed!)
    $Self->{AuthModule} = 'Kernel::System::Auth::LDAP';
    $Self->{'AuthModule::LDAP::Host'} = '10.5.10.100';
    $Self->{'AuthModule::LDAP::BaseDN'} = 'ou=customer_service,ou=employees,dc=mycompany,dc=com';
    $Self->{'AuthModule::LDAP::UID'} = 'uid';

    # Check if the user is allowed to auth in a posixGroup
    # (e. g. user needs to be in a group xyz to use otrs)

    $Self->{'AuthModule::LDAP::GroupDN'} = 'cn=otrs_users,ou=groups,ou=otrs,ou=systems,dc=mycompany,dc=com';
    $Self->{'AuthModule::LDAP::AccessAttr'} = 'member=uid';
    # for ldap posixGroups objectclass (just uid)
    $Self->{'AuthModule::LDAP::UserAttr'} = 'uid';
    # for non ldap posixGroups objectclass (with full user dn)

    # AuthSyncModule::LDAP::UserSyncMap
    # (map if agent should create/synced from LDAP to DB after successful login)
    $Self->{AuthSyncModule} = 'Kernel::System::Auth::Sync::LDAP';
    $Self->{'AuthSyncModule::LDAP::Host'} = '10.5.10.100';
    $Self->{'AuthSyncModule::LDAP::BaseDN'} = 'ou=customer_service,ou=employees,dc=mycompany,dc=com';
    $Self->{'AuthSyncModule::LDAP::UID'} = 'uid'; 
    $Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
        # DB -> LDAP
        UserFirstname => 'givenName',
        UserLastname  => 'sn',
        UserEmail     => 'mail',
    }; 

    # Attributes needed for group syncs
    # (attribute name for group value key)
    $Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'member=uid';
    # (attribute for type of group content UID/DN for full ldap name)
    $Self->{'AuthSyncModule::LDAP::UserAttr'} = 'uid';
    # AuthSyncModule::LDAP::UserSyncInitialGroups
    # (sync following group with rw permission after initial create of first agent
    # login)
    #$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
    #    'users',
    #]; 
    # AuthSyncModule::LDAP::UserSyncGroupsDefinition
    # (If "LDAP" was selected for AuthModule and you want to sync LDAP
    # groups to otrs groups, define the following.)
    $Self->{'AuthSyncModule::LDAP::UserSyncGroupsDefinition'} = {
        # ldap group
        'cn=otrs_adm,ou=groups,ou=otrs,ou=systems,dc=mycompany,dc=com' => {
            # otrs group
            'admin' => {
                # permission
                rw => 1,
        move_into => 1,
        create => 1,
        note => 1,
        owner => 1,
        priority => 1,
                ro => 1,
            },
        },
    'cn=otrs_users,ou=groups,ou=otrs,ou=systems,dc=mycompany,dc=com' => {
            'users' => {
                rw => 1,
        move_into => 1,
        create => 1,
        note => 1,
        owner => 1,
        priority => 1,
                ro => 1,
            },
        }
    };


    # ------------ CONFIG LDAP ENDING ---------------------#
Top
Locked

Return to “Help”