LDAP Auth with serveral Groups

[FloBo]

Hello everybody,

I would like to use multiple Groups within one LDAP for Agent authentication.

At the moment we are using one entry:

Code: Select all

$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'host';
$Self->{'AuthModule::LDAP::BaseDN'} = 'DC=base1,DC=base2';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
$Self->{'AuthModule::LDAP::GroupDN'} = 'CN=group1-otrs-agents,OU=location1,OU=Groups,DC=base1,DC=base2';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=OTRS LDAP,CN=Builtin,DC=base1,DC=base2';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'password!';

I would like to add another group (group2-otrs-agents). Is this possible? If yes, how can I do this?

While I was searching for a solution I read about multiple LDAP itself but not about the same LDAP and different groups. I tried to just copy&paste the code above and replace the GroupDN part. Unfortunately, I was able to log in with one group, either group1 or group2, not both. It seems like OTRS recognizes only one group. Maybe I need to add something like "use group1 or group2"-command.

Any hint is appreshiated.

Thanks and best regards,
Florian

[crythias]

Read about ldapsearch on the Web about filters on groups. (|(attribute1=x)(attribute2=y))

[FloBo]

Thank you, I will have a look at it.