Agenten aus dem AD importieren

[Simste]

Hallo Leute,

ich weis das Thema gibts schon 1000 mal, aber ich komm einfach nicht mehr weiter.

Derzeit ist es bei mir so das ich die Kunden aus dem AD einwandfrei rein bekomme, nur leider sind darunter auch die Agenten!!
Die sind also als Kunden gespeichert und haben somit keine Admin rechte.

vllt kann mal wer über meine config.pm schauen ob euch n Fehler auffällt.

MfG
Stefan

Code: Select all

# --
# Kernel/Config.pm - Config file for OTRS kernel
# Copyright (C) 2001-2011 xxx, http://otrs.org/
# --
# $Id: Config.pm.dist,v 1.25 2011/09/16 10:58:28 mg Exp $
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (AGPL). If you
# did not receive this file, see http://www.gnu.org/licenses/agpl.txt.
# --
#  Note:
#
#  -->> OTRS does have a lot of config settings. For more settings
#       (Notifications, Ticket::ViewAccelerator, Ticket::NumberGenerator,
#       LDAP, PostMaster, Session, Preferences, ...) see
#       Kernel/Config/Defaults.pm and copy your wanted lines into "this"
#       config file. This file will not be changed on update!
#
# --

package Kernel::Config;

use utf8;

sub Load {
    my $Self = shift;
    # ---------------------------------------------------- #
    # ---------------------------------------------------- #
    #                                                      #
    #         Start of your own config options!!!          #
    #                                                      #
    # ---------------------------------------------------- #
    # ---------------------------------------------------- #

    # ---------------------------------------------------- #
    #                 database settings                    #
    # ---------------------------------------------------- #
    # DatabaseHost
    # (The database host.)
    $Self->{'DatabaseHost'} = 'localhost';
    # Database
    # (The database name.)
    $Self->{'Database'} = 'otrs';
    # DatabaseUser
    # (The database user.)
    $Self->{'DatabaseUser'} = 'otrs';
    # DatabasePw
    # (The password of database user. You also can use bin/otrs.CryptPassword.pl
    # for crypted passwords.)
    $Self->{'DatabasePw'} = 'Passwort';
    # DatabaseDSN
    # (The database DSN for MySQL ==> more: "man DBD::mysql")
    $Self->{DatabaseDSN} = "DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost};";

    # (The database DSN for PostgreSQL ==> more: "man DBD::Pg")
    # if you want to use a local socket connection
	#    $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};";
    # if you want to use a tcpip connection
	#    $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};host=$Self->{DatabaseHost};";
    # if you have PostgresSQL 8.1 or earlier, activate the legacy driver with this line:
	#    $Self->{DatabasePostgresqlBefore82} = 1;

    # ---------------------------------------------------- #
    # fs root directory
    # ---------------------------------------------------- #
    $Self->{Home} = 'C:/OTRS/OTRS';

    # ---------------------------------------------------- #
    # insert your own config settings "here"               #
    # config settings taken from Kernel/Config/Defaults.pm #
    # ---------------------------------------------------- #
    # $Self->{SessionUseCookie} = 0;
    # $Self->{CheckMXRecord} = 0;
	
	
	
	

    # ---------------------------------------------------- #
    # data inserted by installer                           #
    # ---------------------------------------------------- #

    $Self->{LogModule}          = 'Kernel::System::Log::File';
    $Self->{LogModule::LogFile} = 'C:/OTRS/OTRS/var/log/otrs.log';
    # $DIBI$

# --------------------------------------------------------------------------------------------------- #
    # default values                                                                                      #
    # (default values for GUIs)                                                                           #
    # --------------------------------------------------------------------------------------------------- #
    # default valid
    $Self->{DefaultValid} = 'valid';

    # DEPRECATED. Compatibilty setting for older 3.0 code.
    # Internal charset must always be utf-8.
    $Self->{DefaultCharset} = 'utf-8';

    # default language
    # (the default frontend language) [default: en]
    $Self->{DefaultLanguage} = 'de';

    # used languages
    # (short name = long name and file)
    $Self->{DefaultUsedLanguages} = {
#        ar_SA   => 'Arabic (Saudi Arabia)',
#        bg      => 'Bulgarian (Български)',
#        ca      => 'Català',
#        cs      => 'Czech (Česky)',
#        da      => 'Dansk',
         de      => 'Deutsch',
         en      => 'English (United States)',
#        en_CA   => 'English (Canada)',
         en_GB   => 'English (United Kingdom)',
#        el      => 'Greek (Ελληνικά)',
#        es      => 'Español',
#        es_MX   => 'Español (México)',
#        et      => 'Eesti',
#        fa      => 'Persian (فارسى)',
         fr      => 'Français',
#        fi      => 'Suomi',
#        hi      => 'Hindi',
#        hr      => 'Hrvatski',
#        hu      => 'Magyar',
#        it      => 'Italiano',
#        ja      => 'Japanese (日本&#x8a9e)',
#        lt      => 'Lietuvių kalba',
#        lv      => 'Latvijas',
#        nl      => 'Nederlands',
#        nb_NO   => 'Norsk bokmål',
#        pt_BR   => 'Português Brasileiro',
#        pt      => 'Português',
#        pl      => 'Polski',
#        ru      => 'Russian (Русский)',
#        sl      => 'Slovenian (Slovenščina)',
#        sk_SK   => 'Slovak (Slovenčina)',
#        sr_Cyrl => 'Serbian Latin (Srpski)',
#        sr_Latn => 'Serbian Cyrillic (српски)',
#        sv      => 'Svenska',
#        tr      => 'Türkçe',
#        uk      => 'Ukrainian (Українська)',
#        vi_VN   => 'Vietnam (ViɆt Nam)',
#        zh_CN   => 'Chinese (Sim.) (简体中文)',
#        zh_TW   => 'Chinese (Tradi.) (正體中文)',
#        th => 'Thai (ไทย)',
#        ro => 'Românä',
#        hr => 'Croatian',
#        jp => 'Japanese (日本語)',
    };

################################################################################################################################
#------------------------------------------------------------------------------------------------------------------------------#
#                                                        LDAP Anbindung Firma                                                  #
#------------------------------------------------------------------------------------------------------------------------------#

#------------------------------------------------------------------------------------------------------------------------------#
#                                     Authentifizierung Agenten via LDAP (AD) Firma                                            #
#------------------------------------------------------------------------------------------------------------------------------#



$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'dcs3.domain.com';
$Self->{'AuthModule::LDAP::BaseDN'} = 'ou=USR,ou=AWI-ORG,dc=domain,dc=com';
$Self->{'AuthModule::LDAP::UID'} = 'samaccountname';
$Self->{'AuthModule::LDAP::GroupDN'} = 'CN=OTRS Admin User,OU=OTRS,OU=GRP,OU=AWI-ORG,DC=domain,DC=com';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=OTRS Helpdesk,OU=Konten IT,OU=SYS,OU=AWI-ORG,DC=domain,DC=com';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'Passwort';

     $Self->{'UserSyncLDAPMap'} =  {
     'UserEmail' => 'mail',
     'UserFirstname' => 'givenName',
     'UserLastname' => 'sn',
     'UserLogin' => 'sAMAccountName'
	};

################################################################################################################################
#------------------------------------------------------------------------------------------------------------------------------#
#                                                            Customer                                                          #
#------------------------------------------------------------------------------------------------------------------------------#
        $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
        $Self->{'Customer::AuthModule::LDAP::Host'} = 'dcs3.domain.com';
        $Self->{'Customer::AuthModule::LDAP::BaseDN'} ='OU=USR,OU=AWI-ORG,DC=domain,DC=com';
        $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
		$Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'CN=OTRS Kunden User,OU=OTRS,OU=GRP,OU=AWI-ORG,DC=domain,DC=com';
		$Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
        $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'CN=OTRS Helpdesk,OU=Konten IT,OU=SYS,OU=AWI-ORG,DC=domain,DC=com';
        $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'Passwort';
		$Self->{'Customer::AuthModule::LDAP::Params'} = {
            port => 389,
            timeout => 120,
            async => 0,
            version => 3,
			};
	
#------------------------------------------------------------------------------------------------------------------------------#
#                                                       LDAP System Users                                                      #
#------------------------------------------------------------------------------------------------------------------------------#
        $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
        $Self->{'AuthModule::LDAP::Host'} =  'dcs3.domain.com';
        $Self->{'AuthModule::LDAP::BaseDN'} =  'OU=USR,OU=AWI-ORG,DC=domain,DC=com';
        $Self->{'AuthModule::LDAP::UID'} =  'sAMAccountName';
        $Self->{'AuthModule::LDAP::SearchUserDN'} =  'CN=OTRS Helpdesk,OU=Konten IT,OU=SYS,OU=AWI-ORG,DC=domain,DC=com';
        $Self->{'AuthModule::LDAP::SearchUserPw'} =  'Passwort';
        $Self->{'AuthModule::LDAP::Params'} =  {
              'async' => '0',
              'timeout' => '120',
              'version' => '3',
              'port' => '389'
			};

		$Self->{'AuthModule::LDAP::Die'} = 1;
	
#------------------------------------------------------------------------------------------------------------------------------#
#                                                           UserSyncLDAPMap                                                    #
#------------------------------------------------------------------------------------------------------------------------------#

      $Self->{'UserSyncLDAPMap'} =  {
      'UserEmail' => 'mail',
      'UserFirstname' => 'givenName',
      'UserLastname' => 'sn',
      'UserLogin' => 'sAMAccountName'
    };      

    $Self->{CustomerUser1} = {
    Name => 'Firma',
    Module => 'Kernel::System::CustomerUser::LDAP',
	Params => {
    Host => 'dcs3.domain.com',
    BaseDN => 'OU=USR,OU=AWI-ORG,DC=domain,DC=com', 
    SSCOPE => 'sub',
    UserDN => 'CN=OTRS Helpdesk,OU=Konten IT,OU=SYS,OU=AWI-ORG,DC=domain,DC=com',
    UserPw => 'Passwort',
    },
    CustomerKey => 'sAMAccountName',
    CustomerID => 'mail',
    CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
	CustomerUserPostMasterSearchFields => ['mail'],
    CustomerUserNameFields => ['givenname', 'sn'],
	CustomerUserSearchListLimit => 800,	

    Map => [
    [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
    [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
    [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
    [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
    [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
    [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
    [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
    ],
    };

#------------------------------------------------------------------------------------------------------------------------------#
#                                                     LDAP ENDE                                                              #
#------------------------------------------------------------------------------------------------------------------------------#
################################################################################################################################

    # ---------------------------------------------------- #
    # ---------------------------------------------------- #
    #                                                      #
    #           End of your own config options!!!          #
    #                                                      #
    # ---------------------------------------------------- #
    # ---------------------------------------------------- #
}

# ---------------------------------------------------- #
# needed system stuff (don't edit this)                #
# ---------------------------------------------------- #
use strict;
use warnings;

use vars qw(@ISA $VERSION);
$VERSION = qw($Revision: 1.25 $)[1];

use Kernel::Config::Defaults;
push (@ISA, 'Kernel::Config::Defaults');

# -----------------------------------------------------#

1;

[jojo]

Agenten können auch Kunden sein.

Es gibt eine klare Trennung von Agenten und Kundenfrontend (index.pl und customer.pl)

Von daher verstehe ich Deine Frage nicht

[Simste]

oh ok das hab ich nicht gewusst

worauf ich hinaus will ist
Wie bringe ich es zustande die Agenten nicht mehr als Kunden eingetragen zu bekommen, sondern eben als Agenten
normalerweise müsste das ja mit einer Trennung durch zwei AD Gruppen funktionieren oder?

[DavidLambauer]

Ja das geht mit AD Gruppen. Normalerweise hat man aber nicht allzuviele Agenten, also kann man sie auch per Hand eintragen. Ausser du hast 100+ Natürlich :p

[Simste]

ne sind nicht so viele 10-15

nur in letzter Zeit kommen und gehehn die bei uns schneller als mir lieb ist :-/

kannst du mir mal erklärn wie das mit den Gruppen in der Config zu machen ist?
habs ja schon mal probiert (s.o.) aber will noch nicht so wirklich funktionieren.

Stefan

[DavidLambauer]

Code: Select all

   
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = '[AD_server]'; 
$Self->{'AuthModule::LDAP::BaseDN'} = '[base_dn]';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::SearchUserDN'} = '[user_dn]';
  $Self->{'AuthModule::LDAP::SearchUserPw'} = '[passwort]';

  $Self->{'AuthModule::LDAP::GroupDN'} = 'cn=otrsallow_A, ou=posixGroups, dc=example, dc=com';
  $Self->{'AuthModule::LDAP::AccessAttr'} = 'memberUid';
 #$Self->{'AuthModule::LDAP::UserAttr'} = 'UID';
  $Self->{'AuthModule::LDAP::UserAttr'} = 'DN';

http://doc.otrs.org/1.3/de/html/ldap-integration.html

Nach der Installation hab ichs gemacht und da läufts...?!

Gruß

[VivaLaBam]

Hallo zusammen,

ich habe das Problem wenn ich folgende Konfiguration in der Config.pm eintrage:

Code: Select all

    
# Check if the user is allowed to auth in a posixGroup
    # (e. g. user needs to be in a group xyz to use otrs)
    $Self->{'AuthModule::LDAP::GroupDN'} = 'CN=abc\, abc,OU=Users.IT,OU=01_User,DC=abcd,DC=com';
    $Self->{'AuthModule::LDAP::AccessAttr'} = 'memberUid';
    # for ldap posixGroups objectclass (just uid)
#    $Self->{'AuthModule::LDAP::UserAttr'} = 'UID';
    # for non ldap posixGroups objectclass (with full user dn)
    $Self->{'AuthModule::LDAP::UserAttr'} = 'DN';  

ich mich nicht mehr als Agent authentifizieren kann.

Fehlermeldung im OTRS Log ist folgende:

Code: Select all

[Fri Jul  6 13:39:06 2012]
[Notice][Kernel::System::Auth::LDAP::Auth] User: "AAAA" authentication failed, no LDAP group entry foundGroupDN='CN=abc\, abc,OU=Users.IT,OU=01_User,DC=abcd,DC=com', Filter='(memberUid=CN=abc\\, abc,OU=Users.IT,OU=01_User,DC=abcd,DC=com)'! (REMOTE_ADDR: 10.81.184.30).

Die Authentifizierung erfolgt mit dem Windows Anmeldenamen und dem dazugehörigen Passwort, hier vermute ich den Fehler !
Als Anmeldenamen müsste ich doch dann eigentlich "sAMAccountName" oder, an welche Stelle muss dieses Attribut hin ? das die Authentifizierung funktioniert ?

Danke für eure Hilfe !

Gruß

Problem hat sich erledigt !