LDAP works for customers, but not agents?

hopeitl · Post by **hopeitl** » 08 Aug 2011, 14:40

I have LDAP setup for customers, and I only want people in the LDAP security group (under "hope.local","HopeInternational","Security Groups") otrsagent to access the agent side of things. Customers works great, but for the life of me, I can't figure out agents. Any help? This is off an Ubuntu 10.04 OTRS 3.0.9 install.

My Config.pm

Code: Select all

####LDAP SETTINGS####
   $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
   $Self->{'AuthModule::LDAP::Host'} = '192.168.47.6'; 
   $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=hope, dc=local';
   $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
   $Self->{'AuthModule::LDAP::SearchUserDN'} = 'OTRS';
   $Self->{'AuthModule::LDAP::SearchUserPw'} = 'password';

##Agents##
 $Self->{'AuthModule::LDAP::GroupDN'} = 'cn=otrsagent,ou=HopeInternational,dc=hope,dc=local';
 $Self->{'AuthModule::LDAP::AccessAttr'} = 'memberUid';
 $Self->{'AuthModule::LDAP::UserAttr'} = 'UID';
 $Self->{'AuthModule::LDAP::UserAttr'} = 'DN';

##Customers##
  $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
  $Self->{'Customer::AuthModule::LDAP::Host'} = '192.168.47.6';
  $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=HopeInternational,dc=hope,dc=local';
  $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
  $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'OTRS';
  $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'password';
  $Self->{CustomerUser} = {
    Module => 'Kernel::System::CustomerUser::LDAP',
    Params => {
      Host => '192.168.47.6',
      BaseDN => 'ou=HopeInternational,dc=hope,dc=local',
      SSCOPE => 'sub',
      UserDN => 'OTRS',
      UserPw => 'password',
    },
    CustomerKey => 'sAMAccountName',
    CustomerID => 'mail',
    CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserPostMasterSearchFields => ['mail'],
    CustomerUserNameFields => ['givenname', 'sn'],
    Map => [
      # note: Login, Email and CustomerID needed!
      # var, frontend, storage, shown, required, storage-type
#       [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
      [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
      [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
      [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
      [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
      [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
#       [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
#       [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
#       [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
    ],
  };
####END LDAP SETTINGS####

Wolfgangf · Post by **Wolfgangf** » 08 Aug 2011, 14:45

did you create local user accounts for agents - otherwise it will not work

hopeitl · Post by **hopeitl** » 08 Aug 2011, 14:51

Wolfgangf wrote:did you create local user accounts for agents - otherwise it will not work

Explain a little more on the local server (ticketing) or in the AD? I'm a little new to this, and I took this project on before I really knew what I was getting into, sorry

I can't have people log in with their AD username as long as their in the otrsagent security group?

ferrosti · Post by **ferrosti** » 08 Aug 2011, 17:52

Have a look at the manual where it´s about the authentiacation sync settings. Agents need to be in OTRSs internal DB, but they can be synced on the first login automatically.

It goes something like that:

Code: Select all

# UserSyncLDAPMap
$Self->{'UserSyncLDAPMap'} = {
    # DB -> LDAP
    UserFirstname => 'givenName',
    UserLastname => 'sn',
    UserEmail => 'mail',
};

Znuny Open Source Ticketsystem

LDAP works for customers, but not agents?

LDAP works for customers, but not agents?

Re: LDAP works for customers, but not agents?

Re: LDAP works for customers, but not agents?

Re: LDAP works for customers, but not agents?