[otrs] Novell LDAP customer Auth

David Benjamin Dbenjamin at ontario.k12.or.us
Thu Aug 9 08:27:44 GMT 2007 

Scott,

Below is the LDAP part from my Config.pm from my /opt/otrs/Kernel directory.  Of course I needed the LDAP module installed.


    # ---------------------------------------------------- #
    # LDAP Auth                                            #
    # ---------------------------------------------------- #
    $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
    $Self->{'AuthModule::LDAP::Host'} = 'ldap1.sch';
    $Self->{'AuthModule::LDAP::BaseDN'} = 'o=sd8c';
    $Self->{'AuthModule::LDAP::UID'} = 'uid';
    $Self->{'AuthModule::LDAP::UserAttr'} = 'UID';

    $Self->{'AuthModule::LDAP::SearchUserDN'} = 'cn=PROXY_LDAP,o=testing';
    $Self->{'AuthModule::LDAP::SearchUserPw'} = 'proxy';
    $Self->{'AuthModule::LDAP::AlwaysFilter'} = '(objectclass=user)';
    # UserSyncLDAPMap
    # (map if agent should create/synced from LDAP to DB after login)
    $Self->{UserSyncLDAPMap} = {
        # DB -> LDAP
        Firstname => 'givenName',
        Lastname => 'sn',
        Email => 'mail',
    };

    # ---------------------------------------------------- #
    # LDAP Customer                                        #
    # ---------------------------------------------------- #
    # CustomerUser
    # (customer user ldap backend and settings)
    $Self->{CustomerUser1} = {
        Name => 'LDAP SD8C',
        Module => 'Kernel::System::CustomerUser::LDAP',
        Params => {
            # ldap host
            Host => 'ldap1.sch',
            # ldap base dn
            BaseDN => 'o=sd8c',
            # search scope (one|sub)
            SSCOPE => 'sub',
            # The following is valid but would only be necessary if the
            # anonymous user does NOT have permission to read from the LDAP tree
            UserDN => 'cn=PROXY_LDAP,o=sd8c',
            UserPw => 'proxymein',
            # in case you want to add always one filter to each ldap query, use
            # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
            AlwaysFilter => '(&(objectClass=user)(mail=*))',
            # if your frontend is e. g. iso-8859-1 and the charset of your
            # ldap server is utf-8, use this options (if not, ignore it)
#            SourceCharset => 'utf-8',
#            DestCharset => 'iso-8859-1',
            # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
            Params => {
                port => 389,
                timeout => 120,
                async => 0,
                version => 3,
            },
        },
        # customer uniq id
        CustomerKey => 'uid',
        # customer #
        CustomerID => 'mail',
        CustomerUserListFields => ['cn', 'mail'],
        CustomerUserSearchFields => ['uid', 'givenname', 'sn'],
        CustomerUserSearchPrefix => '',
        CustomerUserSearchSuffix => '*',
        CustomerUserSearchListLimit => 250,
        CustomerUserPostMasterSearchFields => ['mail'],
        CustomerUserNameFields => ['givenname', 'sn'],
        # show now own tickets in customer panel, CompanyTickets
        CustomerUserExcludePrimaryCustomerID => 0,
        # add a ldap filter for valid users (expert setting)
#       CustomerUserValidFilter => '(!(description=gesperrt))',
        # admin can't change customer preferences
        AdminSetPreferences => 0,
        Map => [
            # note: Login, Email and CustomerID needed!
            # var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly
            [ 'UserSalutation', 'Title',      'title',           1, 0, 'var', '', 1 ],
            [ 'UserFirstname',  'Firstname',  'givenname',       1, 1, 'var', '', 1 ],
            [ 'UserLastname',   'Lastname',   'sn',              1, 1, 'var', '', 1 ],
            [ 'UserLogin',      'Username',   'uid',             1, 1, 'var', '', 1 ],
            [ 'UserEmail',      'Email',      'mail',            1, 1, 'var', '', 1 ],
            [ 'UserCustomerID', 'CustomerID', 'mail',            0, 1, 'var', '', 1 ],
#            [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1, 0, 'var', '', 0 ],
            [ 'UserPhone',      'Phone',      'telephonenumber', 1, 0, 'var', '', 1 ],
            [ 'UserAddress',    'Address',    'postaladdress',   1, 0, 'var', '', 1 ],
            [ 'UserLocation',    'Location',    'l',     1, 0, 'var', '', 1 ],
        ],
    };







>>> "Greg Horne" <gehorne at jws.com> 8/9/2007 3:53 AM >>>
Scott,

Don't think we have enought information yet.  Posting the LDAP section of
your config file and the error messages from your syslog may give the group
more to go on.

Thanks

Greg Horne
GEH
gehorne

-----Original Message-----
From: otrs-bounces at otrs.org [mailto:otrs-bounces at otrs.org]On Behalf Of
Scott Plough
Sent: Wednesday, August 08, 2007 2:35 PM
To: otrs at otrs.org 
Subject: [otrs] Novell LDAP customer Auth


Can anyone help me out on the setup of otrs 2.2.2 to have my customers
authenticate through Novell E-dir.  I know where to set all the settings but
am
having a little trouble getting it to work. I used ldapsearch to test my
LDAP
server and all seemed to work ok, but can't get it to work with otrs login.

Thanks Scott

_______________________________________________
OTRS mailing list: otrs - Webpage: http://otrs.org/ 
Archive: http://lists.otrs.org/pipermail/otrs 
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs 
Support or consulting for your OTRS system?
=> http://www.otrs.com/ 

_______________________________________________
OTRS mailing list: otrs - Webpage: http://otrs.org/ 
Archive: http://lists.otrs.org/pipermail/otrs 
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs 
Support or consulting for your OTRS system?
=> http://www.otrs.com/

More information about the otrs mailing list