[SOLVED] Authenticate Agents from Specific AD Group

Moderator: crythias

Locked
tmoore82
Znuny newbie
Posts: 27
Joined: 11 Nov 2013, 16:35
Znuny Version: 3.2.12
Real Name: Tyler Moore
Company: Installed Building Products

[SOLVED] Authenticate Agents from Specific AD Group

Post by tmoore82 »

I have been experimenting with AD integration with OTRS for the past couple days. I have authentication working successfully, which is great. But now I want to limit agent sign-in to a specific AD security group. I've followed the models I've found online, but it's not working. Everyone who has tested the agent log-in so far has been authenticated whether they're in the OTRS_Agents security group or not. I've posted the relevant chunk of my Config.pm file. Any thoughts as to why it's authenticating everyone and not just users in that group? Also, since syncing is turned on, the folks who have already tested it are in the DB. Can I keep having the same people run the test? Or do I need to delete those users from the database before having them test again?

Code: Select all

	
    # Agent DB authentication
    $Self->{'AuthModule1'} = 'Kernel::System::Auth::DB';

    # Agent LDAP authentication
    $Self->{'AuthModule2'} = 'Kernel::System::Auth::LDAP';
    $Self->{'AuthModule::LDAP::Host2'} = 'server.domain.com';
    $Self->{'AuthModule::LDAP::BaseDN2'} = 'OU=OTRS_Groups,dc=domain,dc=com';
    $Self->{'AuthModule::LDAP::UID2'} = 'sAMAccountName';

    # Check if the user is allowed to auth based on AD group membership
    $Self->{'AuthModule::LDAP::GroupDN'} = 'CN=OTRS_Agents, OU=OTRS_Groups, dc=domain, dc=com';
    $Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
    $Self->{'AuthModule::LDAP::UserAttr'} = 'DN';


    # The following is valid but would only be necessary if the
    # anonymous user does NOT have permission to read from the LDAP tree
    $Self->{'AuthModule::LDAP::SearchUserDN2'} = 'adreader@domain.com';
    $Self->{'AuthModule::LDAP::SearchUserPw2'} = 'pw';

    $Self->{'AuthModule::LDAP::Params'} = {
        port => 389,
        timeout => 120,
        async => 0,
        version => 3,
    };

    # agent data sync against ldap
    $Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
    $Self->{'AuthSyncModule::LDAP::Host'} = 'server.domain.com';
    $Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=domain,dc=com';
	$Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
    $Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'adreader@domain.com';
    $Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'pw';
    $Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
    # DB -> LDAP
        UserFirstname => 'givenName',
        UserLastname  => 'sn',
        UserEmail     => 'mail',
    };

    # AuthSyncModule::LDAP::UserSyncInitialGroups
    # (sync following group with rw permission after initial create of first agent
    # login)
    $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
        'users',
    ];

    # Customer DB authentication
    $Self->{'Customer::AuthModule1'} = 'Kernel::System::CustomerAuth::DB';
    $Self->{'Customer::AuthModule::DB::Table1'} = 'customer_user';
    $Self->{'Customer::AuthModule::DB::CustomerKey1'} = 'login';
    $Self->{'Customer::AuthModule::DB::CustomerPassword1'} = 'pw';

    # Customer DB Backend
    $Self->{CustomerUser1} = {
      Name => 'OTRS DB',
      Module => 'Kernel::System::CustomerUser::DB',
      Params => {
         Table => 'customer_user',
      },
    CustomerKey => 'login',
    CustomerID => 'customer_id',
    CustomerValid => 'valid_id',
    CustomerUserListFields => ['first_name', 'last_name', 'email'],
    CustomerUserSearchFields => ['login', 'last_name', 'customer_id'],
    CustomerUserSearchPrefix => '',
    CustomerUserSearchSuffix => '*',
    CustomerUserSearchListLimit => 250,
    CustomerUserPostMasterSearchFields => ['email'],
    CustomerUserNameFields => ['title', 'first_name', 'last_name'],
    CustomerUserEmailUniqCheck => 1,
    Map => [
        [ 'UserTitle',      'Title',      'title',       1, 0 ,'var', '', 0 ],
        [ 'UserFirstname',  'Fristname',  'first_name',  1, 1, 'var', '', 0 ],
        [ 'UserLastname',   'Lastname',   'last_name',   1, 1, 'var', '', 0 ],
        [ 'UserLogin',      'Username',   'login',       1, 1, 'var', '', 0 ],
        [ 'UserPassword',   'Password',   'pw',          0, 0, 'var', '', 0 ],
        [ 'UserEmail',      'Email',      'email',       1, 1, 'var', '', 0 ],
        [ 'UserCustomerID', 'CustomerID', 'customer_id', 0, 1, 'var', '', 0 ],
        [ 'UserPhone',      'Phone',      'phone',       1, 0, 'var', '', 0 ],
        [ 'UserFax',        'Fax',        'fax',         1, 0, 'var', '', 0 ],
        [ 'UserMobile',     'Mobile',     'mobile',      1, 0, 'var', '', 0 ],
        [ 'UserStreet',     'Street',     'street',      1, 0, 'var', '', 0 ],
        [ 'UserZip',        'Zip',        'zip',         1, 0, 'var', '', 0 ],
        [ 'UserCity',       'City',       'city',        1, 0, 'var', '', 0 ],
        [ 'UserCountry',    'Country',    'country',     1, 0, 'var', '', 0 ],
        [ 'UserComment',    'Comment',    'comments',    1, 0, 'var', '', 0 ],
		[ 'ValidId',        'Valid',      'valid_id',    0, 1, 'int', '', 0 ],
      ],
    Selections => {
        UserTitle => {
            'Mr.' => 'Mr.',
            'Mrs.' => 'Mrs.',
        },
    },
};

#-------------------------------------------------------------------------------------------#
#                                  Customer Authentication                                  #
#-------------------------------------------------------------------------------------------#
  $Self->{'Customer::AuthModule2'} = 'Kernel::System::CustomerAuth::LDAP';
  $Self->{'Customer::AuthModule::LDAP::Host2'} = 'server.domain.com';
  $Self->{'Customer::AuthModule::LDAP::BaseDN2'} = 'ou=Managed Units,dc=domain,dc=com';
  $Self->{'Customer::AuthModule::LDAP::UID2'} = 'sAMAccountName';
                #$Self->{'Customer::AuthModule::LDAP::GroupDN2'} = 'CN=otrscustomer,CN=Users,DC=Company,DC=tld';
                # only Member of this group are allowed to login, erase the commentsymbol(#) to enable filtering
  $Self->{'Customer::AuthModule::LDAP::SearchUserDN2'} = 'adreader@domain.com';
  $Self->{'Customer::AuthModule::LDAP::SearchUserPw2'} = 'pw';
#-------------------------------------------------------------------------------------------#
#                                     Customerdata                                          #
#-------------------------------------------------------------------------------------------#
   $Self->{CustomerUser2} = {
    Name => 'ActiveDirectory',
    Module => 'Kernel::System::CustomerUser::LDAP',
    Params => {
      Host => 'server.domain.com',
      BaseDN => 'OU=Managed Units,DC=domain,DC=com',
      SSCOPE => 'sub',
      UserDN => 'adreader@domain.com',
      UserPw => 'pw',
          AlwaysFilter =>  '(&)',
    },
    CustomerKey => 'sAMAccountName',
    CustomerID => 'domain',
    CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserSearchPrefix => '',
    CustomerUserSearchSuffix => '*',
    CustomerUserSearchListLimit => 250,
    CustomerUserPostMasterSearchFields => ['mail'],
    CustomerUserNameFields => ['givenname', 'sn'],
    Map => [
        ['UserFirstname', 'Firstname', 'givenname', '1', '1', 'var'],
        ['UserLastname', 'Lastname', 'sn', '1', '1', 'var'],
        ['UserLogin', 'Login', 'sAMAccountName', '1', '1', 'var'],
        ['UserEmail', 'Email', 'mail', '1', '1', 'var'],
        ['UserCustomerID', 'CustomerID', 'mail', '0', '1', 'var'],
    ],
  };

 #-------------------------------------------------------------------------------------------#
 #                                      Company1 End                                         #
 #-------------------------------------------------------------------------------------------#
Last edited by tmoore82 on 06 Jan 2014, 23:21, edited 2 times in total.
OTRS v. 3.3.3, Cent OS 6.4, MySQL 5.1.71
Top
crythias
Moderator
Posts: 10170
Joined: 04 May 2010, 18:38
Znuny Version: 5.0.x
Location: SouthWest Florida, USA
Contact:
Contact crythias

Re: Authenticate Agents from Specific AD Group

Post by crythias »

If you're going to append "2" be consistent...
OTRS 6.0.x (private/testing/public) on Linux with MySQL database.
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
Top
tmoore82
Znuny newbie
Posts: 27
Joined: 11 Nov 2013, 16:35
Znuny Version: 3.2.12
Real Name: Tyler Moore
Company: Installed Building Products

Re: Authenticate Agents from Specific AD Group

Post by tmoore82 »

Thanks, crythias. It took a little bit of tweaking, but it is working now. My working config is below:

Code: Select all

    # Agent DB authentication
    $Self->{'AuthModule1'} = 'Kernel::System::Auth::DB';

    # Agent LDAP authentication
    $Self->{'AuthModule2'} = 'Kernel::System::Auth::LDAP';
    $Self->{'AuthModule2::LDAP::Host2'} = 'host.domain.com';
    $Self->{'AuthModule2::LDAP::BaseDN2'} = 'dc=domain,dc=com';
    $Self->{'AuthModule2::LDAP::UID2'} = 'sAMAccountName';

    # Check if the user is allowed to auth based on AD group membership
    $Self->{'AuthModule2::LDAP::GroupDN'} = 'CN=OTRS_Agents, OU=OTRS_Groups, dc=domain, dc=com';
    $Self->{'AuthModule2::LDAP::AccessAttr'} = 'member';
    $Self->{'AuthModule2::LDAP::UserAttr'} = 'DN';


    # The following is valid but would only be necessary if the
    # anonymous user does NOT have permission to read from the LDAP tree
    $Self->{'AuthModule2::LDAP::SearchUserDN2'} = 'adreader@domain.com';
    $Self->{'AuthModule2::LDAP::SearchUserPw2'} = 'pw';

    $Self->{'AuthModule2::LDAP::Params'} = {
        port => 389,
        timeout => 120,
        async => 0,
        version => 3,
    };

    # agent data sync against ldap
    $Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
    $Self->{'AuthSyncModule::LDAP::Host'} = 'host.domain.com';
    $Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=domain,dc=com';
    $Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
    $Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'adreader@domain.com';
    $Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'pw';
    $Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
    # DB -> LDAP
        UserFirstname => 'givenName',
        UserLastname  => 'sn',
        UserEmail     => 'mail',
    };

    # AuthSyncModule::LDAP::UserSyncInitialGroups
    # (sync following group with rw permission after initial create of first agent
    # login)
    $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
    'users',
    ];

    # Customer DB authentication
    $Self->{'Customer::AuthModule1'} = 'Kernel::System::CustomerAuth::DB';
    $Self->{'Customer::AuthModule::DB::Table1'} = 'customer_user';
    $Self->{'Customer::AuthModule::DB::CustomerKey1'} = 'login';
    $Self->{'Customer::AuthModule::DB::Customerpw'} = 'pw';

    # Customer DB Backend
    $Self->{CustomerUser1} = {
      Name => 'OTRS DB',
      Module => 'Kernel::System::CustomerUser::DB',
      Params => {
         Table => 'customer_user',
      },
    CustomerKey => 'login',
    CustomerID => 'customer_id',
    CustomerValid => 'valid_id',
    CustomerUserListFields => ['first_name', 'last_name', 'email'],
    CustomerUserSearchFields => ['login', 'last_name', 'customer_id'],
    CustomerUserSearchPrefix => '',
    CustomerUserSearchSuffix => '*',
    CustomerUserSearchListLimit => 250,
    CustomerUserPostMasterSearchFields => ['email'],
    CustomerUserNameFields => ['title', 'first_name', 'last_name'],
    CustomerUserEmailUniqCheck => 1,
    Map => [
        [ 'UserTitle',      'Title',      'title',       1, 0 ,'var', '', 0 ],
        [ 'UserFirstname',  'Fristname',  'first_name',  1, 1, 'var', '', 0 ],
        [ 'UserLastname',   'Lastname',   'last_name',   1, 1, 'var', '', 0 ],
        [ 'UserLogin',      'Username',   'login',       1, 1, 'var', '', 0 ],
        [ 'UserPassword',   'Password',   'pw',          0, 0, 'var', '', 0 ],
        [ 'UserEmail',      'Email',      'email',       1, 1, 'var', '', 0 ],
        [ 'UserCustomerID', 'CustomerID', 'customer_id', 0, 1, 'var', '', 0 ],
        [ 'UserPhone',      'Phone',      'phone',       1, 0, 'var', '', 0 ],
        [ 'UserFax',        'Fax',        'fax',         1, 0, 'var', '', 0 ],
        [ 'UserMobile',     'Mobile',     'mobile',      1, 0, 'var', '', 0 ],
        [ 'UserStreet',     'Street',     'street',      1, 0, 'var', '', 0 ],
        [ 'UserZip',        'Zip',        'zip',         1, 0, 'var', '', 0 ],
        [ 'UserCity',       'City',       'city',        1, 0, 'var', '', 0 ],
        [ 'UserCountry',    'Country',    'country',     1, 0, 'var', '', 0 ],
        [ 'UserComment',    'Comment',    'comments',    1, 0, 'var', '', 0 ],
        [ 'ValidId',        'Valid',      'valid_id',    0, 1, 'int', '', 0 ],
      ],
Selections => {
        UserTitle => {
            'Mr.' => 'Mr.',
            'Mrs.' => 'Mrs.',
        },
    },
};

#-------------------------------------------------------------------------------------------#
#                                  Customer Authentication                                  #
#-------------------------------------------------------------------------------------------#
  $Self->{'Customer::AuthModule2'} = 'Kernel::System::CustomerAuth::LDAP';
  $Self->{'Customer::AuthModule2::LDAP::Host2'} = 'host.domain.com';
  $Self->{'Customer::AuthModule2::LDAP::BaseDN2'} = 'ou=Managed Units,dc=domain,dc=com';
  $Self->{'Customer::AuthModule2::LDAP::UID2'} = 'sAMAccountName';
                #$Self->{'Customer::AuthModule::LDAP::GroupDN2'} = 'CN=otrscustomer,CN=Users,DC=Company,DC=tld';
                # only Member of this group are allowed to login, erase the commentsymbol(#) to enable filtering
  $Self->{'Customer::AuthModule2::LDAP::SearchUserDN2'} = 'adreader@domain.com';
  $Self->{'Customer::AuthModule2::LDAP::SearchUserPw2'} = 'pw';
#-------------------------------------------------------------------------------------------#
#                                     Customerdata                                          #
#-------------------------------------------------------------------------------------------#
   $Self->{CustomerUser2} = {
    Name => 'ActiveDirectory',
    Module => 'Kernel::System::CustomerUser::LDAP',
    Params => {
      Host => 'host.domain.com',
      BaseDN => 'OU=Managed Units,DC=domain,DC=com',
      SSCOPE => 'sub',
      UserDN => 'adreader@domain.com',
      UserPw => 'pw',
          AlwaysFilter =>  '(&)',
    },
    CustomerKey => 'sAMAccountName',
    CustomerID => 'domain',
    CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserSearchPrefix => '',
    CustomerUserSearchSuffix => '*',
    CustomerUserSearchListLimit => 250,
    CustomerUserPostMasterSearchFields => ['mail'],
    CustomerUserNameFields => ['givenname', 'sn'],
    Map => [
        ['UserFirstname', 'Firstname', 'givenname', '1', '1', 'var'],
        ['UserLastname', 'Lastname', 'sn', '1', '1', 'var'],
		['UserLogin', 'Login', 'sAMAccountName', '1', '1', 'var'],
        ['UserEmail', 'Email', 'mail', '1', '1', 'var'],
        ['UserCustomerID', 'CustomerID', 'mail', '0', '1', 'var'],
    ],
  };

 #-------------------------------------------------------------------------------------------#
 #                                      Company1 End                                         #
 #-------------------------------------------------------------------------------------------#
The first time around, I had my customer DB authentication setup as follows:

Code: Select all

 # Customer DB authentication
    $Self->{'Customer::AuthModule1'} = 'Kernel::System::CustomerAuth::DB';
    $Self->{'Customer::AuthModule1::DB::Table1'} = 'customer_user';
    $Self->{'Customer::AuthModule1::DB::CustomerKey1'} = 'login';
    $Self->{'Customer::AuthModule1::DB::CustomerPassword1'} = 'pw';
But when I did that, the customer portal page caused a configuration error. I had to take the number off of "AuthModule1" in each line except the first.
OTRS v. 3.3.3, Cent OS 6.4, MySQL 5.1.71
Top
crythias
Moderator
Posts: 10170
Joined: 04 May 2010, 18:38
Znuny Version: 5.0.x
Location: SouthWest Florida, USA
Contact:
Contact crythias

Re: [SOLVED] Authenticate Agents from Specific AD Group

Post by crythias »

AuthModule2::LDAP::UID2 = not good
AuthModule::LDAP::UID2 = good
OTRS 6.0.x (private/testing/public) on Linux with MySQL database.
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
Top
tmoore82
Znuny newbie
Posts: 27
Joined: 11 Nov 2013, 16:35
Znuny Version: 3.2.12
Real Name: Tyler Moore
Company: Installed Building Products

Re: [SOLVED] Authenticate Agents from Specific AD Group

Post by tmoore82 »

But working, so I'm not sure I understand why AuthModule2::LDAP::UID2 is not good. Are you saying that instead of appending 2 to AuthModule in the following lines, I should have appended it to GroupDN, AccessAttr, and UserAttr?

Code: Select all

    # Check if the user is allowed to auth based on AD group membership
    $Self->{'AuthModule2::LDAP::GroupDN'} = 'CN=OTRS_Agents, OU=OTRS_Groups, dc=domain, dc=com';
    $Self->{'AuthModule2::LDAP::AccessAttr'} = 'member';
    $Self->{'AuthModule2::LDAP::UserAttr'} = 'DN';
OTRS v. 3.3.3, Cent OS 6.4, MySQL 5.1.71
Top
crythias
Moderator
Posts: 10170
Joined: 04 May 2010, 18:38
Znuny Version: 5.0.x
Location: SouthWest Florida, USA
Contact:
Contact crythias

Re: [SOLVED] Authenticate Agents from Specific AD Group

Post by crythias »

Some relevant code from Kernel/System/Auth/LDAP.pm

Code: Select all

    $Self->{Count} = $Param{Count} || '';
    $Self->{Die} = $Self->{ConfigObject}->Get( 'AuthModule::LDAP::Die' . $Param{Count} );
    if ( $Self->{ConfigObject}->Get( 'AuthModule::LDAP::Host' . $Param{Count} ) ) {
        $Self->{Host} = $Self->{ConfigObject}->Get( 'AuthModule::LDAP::Host' . $Param{Count} );
    }
    else {
        $Self->{LogObject}->Log(
            Priority => 'error',
            Message  => "Need AuthModule::LDAP::Host$Param{Count} in Kernel/Config.pm",
        );
        return;
    }
    if ( defined( $Self->{ConfigObject}->Get( 'AuthModule::LDAP::BaseDN' . $Param{Count} ) ) ) {
        $Self->{BaseDN} = $Self->{ConfigObject}->Get( 'AuthModule::LDAP::BaseDN' . $Param{Count} );
    }
    else {
        $Self->{LogObject}->Log(
            Priority => 'error',
            Message  => "Need AuthModule::LDAP::BaseDN$Param{Count} in Kernel/Config.pm",
        );
        return;
    }
    if ( $Self->{ConfigObject}->Get( 'AuthModule::LDAP::UID' . $Param{Count} ) ) {
        $Self->{UID} = $Self->{ConfigObject}->Get( 'AuthModule::LDAP::UID' . $Param{Count} );
    }
    else {
        $Self->{LogObject}->Log(
            Priority => 'error',
            Message  => "Need AuthModule::LDAP::UID$Param{Count} in Kernel/Config.pm",
        );
        return;
    }
    $Self->{SearchUserDN}
        = $Self->{ConfigObject}->Get( 'AuthModule::LDAP::SearchUserDN' . $Param{Count} ) || '';
    $Self->{SearchUserPw}
        = $Self->{ConfigObject}->Get( 'AuthModule::LDAP::SearchUserPw' . $Param{Count} ) || '';
    $Self->{GroupDN} = $Self->{ConfigObject}->Get( 'AuthModule::LDAP::GroupDN' . $Param{Count} )
OTRS 6.0.x (private/testing/public) on Linux with MySQL database.
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
Top
tmoore82
Znuny newbie
Posts: 27
Joined: 11 Nov 2013, 16:35
Znuny Version: 3.2.12
Real Name: Tyler Moore
Company: Installed Building Products

Re: [SOLVED] Authenticate Agents from Specific AD Group

Post by tmoore82 »

Ah. That makes a lot of sense. Thank you for pointing that out. I've edited my code to what you see below. It's working great so far.

Code: Select all

# Agent DB authentication
    $Self->{'AuthModule1'} = 'Kernel::System::Auth::DB';

    # Agent LDAP authentication
    $Self->{'AuthModule2'} = 'Kernel::System::Auth::LDAP';
    $Self->{'AuthModule::LDAP::Host2'} = 'server.domain.com';
    $Self->{'AuthModule::LDAP::BaseDN2'} = 'dc=domain,dc=com';
    $Self->{'AuthModule::LDAP::UID2'} = 'sAMAccountName';

    # Check if the user is allowed to auth based on AD group membership
    $Self->{'AuthModule::LDAP::GroupDN2'} = 'CN=OTRS_Agents, OU=OTRS_Groups, dc=domain, dc=com';
    $Self->{'AuthModule::LDAP::AccessAttr2'} = 'member';
    $Self->{'AuthModule::LDAP::UserAttr2'} = 'DN';


    # The following is valid but would only be necessary if the
    # anonymous user does NOT have permission to read from the LDAP tree
    $Self->{'AuthModule::LDAP::SearchUserDN2'} = 'adreader@domain.com';
    $Self->{'AuthModule::LDAP::SearchUserPw2'} = 'pw';

    $Self->{'AuthModule::LDAP::Params'} = {
        port => 389,
        timeout => 120,
        async => 0,
        version => 3,
    };

    # agent data sync against ldap
    $Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
    $Self->{'AuthSyncModule::LDAP::Host'} = 'server.domain.com';
    $Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=domain,dc=com';
    $Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
    $Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'adreader@domain.com';
    $Self->{'AuthSyncModule::LDAP::SearchUserPw'} = ' pw';
    $Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
    # DB -> LDAP
        UserFirstname => 'givenName',
        UserLastname  => 'sn',
        UserEmail     => 'mail',
    };

    # AuthSyncModule::LDAP::UserSyncInitialGroups
    # (sync following group with rw permission after initial create of first agent
    # login)
    $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
        'users',
    ];

    # Customer DB authentication
    $Self->{'Customer::AuthModule1'} = 'Kernel::System::CustomerAuth::DB';
    $Self->{'Customer::AuthModule::DB::Table1'} = 'customer_user';
    $Self->{'Customer::AuthModule::DB::CustomerKey1'} = 'login';
    $Self->{'Customer::AuthModule::DB::Customer pw'} = 'pw';

    # Customer DB Backend
    $Self->{CustomerUser1} = {
      Name => 'OTRS DB',
      Module => 'Kernel::System::CustomerUser::DB',
 Params => {
         Table => 'customer_user',
      },
    CustomerKey => 'login',
    CustomerID => 'customer_id',
    CustomerValid => 'valid_id',
    CustomerUserListFields => ['first_name', 'last_name', 'email'],
    CustomerUserSearchFields => ['login', 'last_name', 'customer_id'],
    CustomerUserSearchPrefix => '',
    CustomerUserSearchSuffix => '*',
    CustomerUserSearchListLimit => 250,
    CustomerUserPostMasterSearchFields => ['email'],
    CustomerUserNameFields => ['title', 'first_name', 'last_name'],
    CustomerUserEmailUniqCheck => 1,
    Map => [
        [ 'UserTitle',      'Title',      'title',       1, 0 ,'var', '', 0 ],
        [ 'UserFirstname',  'Fristname',  'first_name',  1, 1, 'var', '', 0 ],
        [ 'UserLastname',   'Lastname',   'last_name',   1, 1, 'var', '', 0 ],
        [ 'UserLogin',      'Username',   'login',       1, 1, 'var', '', 0 ],
        [ 'UserPassword',   'Password',   'pw',          0, 0, 'var', '', 0 ],
        [ 'UserEmail',      'Email',      'email',       1, 1, 'var', '', 0 ],
        [ 'UserCustomerID', 'CustomerID', 'customer_id', 0, 1, 'var', '', 0 ],
        [ 'UserPhone',      'Phone',      'phone',       1, 0, 'var', '', 0 ],
        [ 'UserFax',        'Fax',        'fax',         1, 0, 'var', '', 0 ],
        [ 'UserMobile',     'Mobile',     'mobile',      1, 0, 'var', '', 0 ],
        [ 'UserStreet',     'Street',     'street',      1, 0, 'var', '', 0 ],
        [ 'UserZip',        'Zip',        'zip',         1, 0, 'var', '', 0 ],
        [ 'UserCity',       'City',       'city',        1, 0, 'var', '', 0 ],
        [ 'UserCountry',    'Country',    'country',     1, 0, 'var', '', 0 ],
        [ 'UserComment',    'Comment',    'comments',    1, 0, 'var', '', 0 ],
        [ 'ValidId',        'Valid',      'valid_id',    0, 1, 'int', '', 0 ],
      ],
    Selections => {
        UserTitle => {
            'Mr.' => 'Mr.',
            'Mrs.' => 'Mrs.',
        },
    },
};

#-------------------------------------------------------------------------------------------#
#                                  Customer Authentication                                  #
#-------------------------------------------------------------------------------------------#
  $Self->{'Customer::AuthModule2'} = 'Kernel::System::CustomerAuth::LDAP';
  $Self->{'Customer::AuthModule::LDAP::Host2'} = 'server.domain.com';
  $Self->{'Customer::AuthModule::LDAP::BaseDN2'} = 'ou=Managed Units,dc=domain,dc=com';
  $Self->{'Customer::AuthModule::LDAP::UID2'} = 'sAMAccountName';
                #$Self->{'Customer::AuthModule::LDAP::GroupDN2'} = 'CN=otrscustomer,CN=Users,DC=Company,DC=tld';
                # only Member of this group are allowed to login, erase the commentsymbol(#) to enable filtering
  $Self->{'Customer::AuthModule::LDAP::SearchUserDN2'} = 'adreader@domain.com';
  $Self->{'Customer::AuthModule::LDAP::SearchUserPw2'} = 'pw';
#-------------------------------------------------------------------------------------------#
#                                     Customerdata                                          #
#-------------------------------------------------------------------------------------------#
   $Self->{CustomerUser2} = {
    Name => 'ActiveDirectory',
    Module => 'Kernel::System::CustomerUser::LDAP',
 Params => {
      Host => 'server.domain.com',
      BaseDN => 'OU=Managed Units,DC=domain,DC=com',
      SSCOPE => 'sub',
      UserDN => 'adreader@domain.com',
      UserPw => ' pw',
          AlwaysFilter =>  '(&)',
    },
    CustomerKey => 'sAMAccountName',
    CustomerID => 'domain',
    CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserSearchPrefix => '',
    CustomerUserSearchSuffix => '*',
    CustomerUserSearchListLimit => 250,
    CustomerUserPostMasterSearchFields => ['mail'],
    CustomerUserNameFields => ['givenname', 'sn'],
    Map => [
        ['UserFirstname', 'Firstname', 'givenname', '1', '1', 'var'],
        ['UserLastname', 'Lastname', 'sn', '1', '1', 'var'],
        ['UserLogin', 'Login', 'sAMAccountName', '1', '1', 'var'],
        ['UserEmail', 'Email', 'mail', '1', '1', 'var'],
        ['UserCustomerID', 'CustomerID', 'mail', '0', '1', 'var'],
    ],
  };

 #-------------------------------------------------------------------------------------------#
 #                                      Company1 End                                         #
 #-------------------------------------------------------------------------------------------#
OTRS v. 3.3.3, Cent OS 6.4, MySQL 5.1.71
Top
Locked

Return to “Help”