I'm using OTRS 3.0b7 on Ubuntu with mySQL.
I've now got both my Agent and Customer back ends connected to our company's Active Directory through LDAP searches which then resort to the local Agent and Customer databases if no matching LDAP accounts are found.
I've also setup the Agent and Customer authentication to be reliant on special AD OU's. My question is can I limit the LDAP searches for both Agent and Customers to the members of each AD group (OTRS Agents and OTRS Customers respectively) instead of bringing up everyone in the whole domain?
Thanks
Agent and Customer LDAP Search
Moderator: crythias
-
Wolfgangf
- Znuny ninja
- Posts: 1029
- Joined: 13 Apr 2009, 12:26
- Znuny Version: 6.0.13
- Real Name: Wolfgang Fürtbauer
- Company: PBS Logitek GmbH
- Location: Pinsdorf
Re: Agent and Customer LDAP Search
you could use an "alwaysfilter" in the LDAP query for this
Produktiv:
OTRS 6.0.13/ ITSM 6.0.13
OS: SUSE Linux (SLES 12, Leap), MySql 5.5.x, 5.6.x
Windows 2012 AD Integration (agents and customers), Nagios integration (incidents, CMDB), Survey, TimeAccounting
OTRS 6.0.13/ ITSM 6.0.13
OS: SUSE Linux (SLES 12, Leap), MySql 5.5.x, 5.6.x
Windows 2012 AD Integration (agents and customers), Nagios integration (incidents, CMDB), Survey, TimeAccounting
Re: Agent and Customer LDAP Search
Yes I could, however I'm unsure of the proper syntax. I've looked through the Wiki and done several Google searches however nothing has come close.
-
Wolfgangf
- Znuny ninja
- Posts: 1029
- Joined: 13 Apr 2009, 12:26
- Znuny Version: 6.0.13
- Real Name: Wolfgang Fürtbauer
- Company: PBS Logitek GmbH
- Location: Pinsdorf
Re: Agent and Customer LDAP Search
in this case, you have to google for active directory query and a hint would be the M$ knowledge base
Produktiv:
OTRS 6.0.13/ ITSM 6.0.13
OS: SUSE Linux (SLES 12, Leap), MySql 5.5.x, 5.6.x
Windows 2012 AD Integration (agents and customers), Nagios integration (incidents, CMDB), Survey, TimeAccounting
OTRS 6.0.13/ ITSM 6.0.13
OS: SUSE Linux (SLES 12, Leap), MySql 5.5.x, 5.6.x
Windows 2012 AD Integration (agents and customers), Nagios integration (incidents, CMDB), Survey, TimeAccounting
Re: Agent and Customer LDAP Search
This should work, as I've tested the query in AD with success, however it doesn't filter out anything in OTRS. Did I miss something?
$Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '(&(objectCategory=user)(memberOf=CN=OTRS Customers,OU=OTRS,DC=psg,DC=net))';
$Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '(&(objectCategory=user)(memberOf=CN=OTRS Customers,OU=OTRS,DC=psg,DC=net))';
-
Wolfgangf
- Znuny ninja
- Posts: 1029
- Joined: 13 Apr 2009, 12:26
- Znuny Version: 6.0.13
- Real Name: Wolfgang Fürtbauer
- Company: PBS Logitek GmbH
- Location: Pinsdorf
Re: Agent and Customer LDAP Search
this should be correct for Agent login;
I would add the same for customer login; something like :
I would add the same for customer login; something like :
Code: Select all
$Self->{CustomerUser} = {
Name => 'Active Directory',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
...
AlwaysFilter => 'your_filter'
Produktiv:
OTRS 6.0.13/ ITSM 6.0.13
OS: SUSE Linux (SLES 12, Leap), MySql 5.5.x, 5.6.x
Windows 2012 AD Integration (agents and customers), Nagios integration (incidents, CMDB), Survey, TimeAccounting
OTRS 6.0.13/ ITSM 6.0.13
OS: SUSE Linux (SLES 12, Leap), MySql 5.5.x, 5.6.x
Windows 2012 AD Integration (agents and customers), Nagios integration (incidents, CMDB), Survey, TimeAccounting
Re: Agent and Customer LDAP Search
Thanks. I ended up figuring out the issue when I found another thread with that same code in it. 