I have a fully working ldap, where it allows to enter the given group from ldap. After starting SSO, it allows all ldap users to enter. Can SSO be limited to a group with ldap???
My config below ...
/opt/otrs/Kernel/Config.pm
#######################
...
$Self->{'AuthModule'} = 'Kernel::System::Auth::HTTPBasicAuth';
$Self->{'AuthModule::HTTPBasicAuth::ReplaceRegExp'} ='@XX.LOCAL';
#$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::HTTPBasicAuth';
#$Self->{'Customer::AuthModule::HTTPBasicAuth::ReplaceRegExp'} ='@XX.LOCAL';
#$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = '10.65.216.44';
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=xx,dc=local';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::GroupDN'} = 'cn=GRP_KOMORNIKI_IT_HELPDESK_ddd,ou=Groups,dc=xx,dc=local';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=srv.xx_otrs,OU=Functional account,OU=Admin account,DC=xx,DC=local';
$Self->{'AuthModule::LDAP::SearchUserPw'} = '******';
$Self->{'AuthModule::LDAP::AlwaysFilter'} = '';
$Self->{'AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
...
#######################
/etc/apache2/http.conf
#######################
....
<Directory "/opt/otrs/">
AuthType Kerberos
KrbMethodNegotiate On
KrbMethodK5Passwd On
KrbAuthRealms XX.LOCAL
Krb5KeyTab /etc/krb5.keytab
require valid-user
</Directory>
...
#######################
SSO require group ldap
Moderator: crythias