AW: [otrs] Agent login via LDAP
Rene Abdon
RAbdon at multirede.com.br
Wed Mar 5 14:45:04 GMT 2008
Hi Klaus,
Do you have the configuration for LDAP authentication (Agent and
Customer) over Novell eDirectory ?
Att.
Rene.
>>> "Klaus Bruno" <bruno.klaus at infotrust.ch> 5/3/2008 13:30 >>>
Hi Steve
this config works for our environment:
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# Authentification for Agents via AD / LDAP #
# ---------------------------------------------------- #
# ---------------------------------------------------- #
$Self->{'AuthModule1'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host1'} = 'domaincontroller.domain.com';
$Self->{'AuthModule::LDAP::BaseDN1'} =
'ou=OrganisationName,dc=Domain,dc=com';
$Self->{'AuthModule::LDAP::UID1'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::GroupDN'} = 'CN=TEAM,OU=Security
Groups,OU=OrganisationName,DC=Domain,DC=com';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthModule::LDAP::UserAttr1'} = 'UID';
$Self->{'AuthModule::LDAP::SearchUserDN1'} = 'LDAPBindUser';
$Self->{'AuthModule::LDAP::SearchUserPw1'} = 'password';
# ---------------------------------------------------- #
# synch LDAP user to internal DB #
# ---------------------------------------------------- #
$Self->{UserSyncLDAPMap1} = {
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
# ---------------------------------------------------- #
# UserTable #
# ---------------------------------------------------- #
$Self->{DatabaseUserTable1} = 'system_user';
$Self->{DatabaseUserTableUserID1} = 'id';
$Self->{DatabaseUserTableUserPW1} = 'pw';
$Self->{DatabaseUserTableUser1} = 'login';
$Self->{'AuthModule::LDAP::Die1'} = 1;
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# Authentification for Agents via internal DB #
# ---------------------------------------------------- #
# ---------------------------------------------------- #
$Self->{'AuthModule2'} = 'Kernel::System::Auth::DB';
$Self->{'AuthModule::DB::CryptType2'} = 'crypt';
You dont have to create an agent in the otrs environment. After the
first login of an agent, otrs will synchronize the agent information
with it own database. After that, you can linkt the agents with groups
and/or roles in the otrs admin gui.
It is also possible to expand the configuration to match some LDAP
group membership to queues and access rights. We do not work with this
yet but maybe in the near future. Check the documentation for more
infos.
hope it helps
regards, Bruce
-----Ursprüngliche Nachricht-----
Von: otrs-bounces at otrs.org [mailto:otrs-bounces at otrs.org] Im Auftrag
von Clary, Steve
Gesendet: Mittwoch, 5. März 2008 17:05
An: User questions and discussions about OTRS.org
Betreff: [otrs] Agent login via LDAP
We have successfully configured customer login via LDAP (AD) but we are
still having difficulty with the Agent login.
Can anyone identify the specific parts (entries) in the config.pm that
pertain to Agent LDAP login?
Are the local agent accounts then just paired with an LDAP account with
the same username? (In other words, to create an agent, would one just
create a user in the front end that has the same username as an LDAP
account; resulting in a local username that just passes authentication
to LDAP?)
Below is a copy of our config.pl:
CONFIG.PM
package Kernel::Config;
sub Load {
my $Self = shift;
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# #
# Start of your own config options!!! #
# #
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# database settings #
# ---------------------------------------------------- #
# DatabaseHost
# (The database host.)
$Self->{'DatabaseHost'} = 'localhost';
# Database
# (The database name.)
$Self->{'Database'} = 'otrs';
# DatabaseUser
# (The database user.)
$Self->{'DatabaseUser'} = 'otrs';
# DatabasePw
# (The password of database user. You also can use
bin/CryptPassword.pl
# for crypted passwords.)
$Self->{'DatabasePw'} = 'hot';
# DatabaseDSN
# (The database DSN for MySQL ==> more: "man DBD::mysql")
$Self->{DatabaseDSN} =
"DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost};";
# (The database DSN for PostgreSQL ==> more: "man DBD::Pg")
# if you want to use a local socket connection
# $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};";
# if you want to use a tcpip connection
# $Self->{DatabaseDSN} =
"DBI:Pg:dbname=$Self->{Database};host=$Self->{DatabaseHost};";
# ---------------------------------------------------- #
# fs root directory
# ---------------------------------------------------- #
$Self->{Home} = 'C:/OTRS/otrs';
# ---------------------------------------------------- #
# insert your own config settings "here" #
# config settings taken from Kernel/Config/Defaults.pm #
# ---------------------------------------------------- #
# $Self->{SessionUseCookie} = 0;
# $Self->{'CheckMXRecord'} = 1;
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# data inserted by installer #
# ---------------------------------------------------- #
$Self->{'LogModule'} = 'Kernel::System::Log::File';
$Self->{'LogModule::LogFile'} = 'C:/OTRS/otrs/var/log/otrs.log';
# $DIBI$
$Self->{'SystemID'} = 10;
$Self->{'SecureMode'} = 1;
$Self->{'Organization'} = 'URMC';
$Self->{'FQDN'} = 'hslt-wowserver';
$Self->{'DefaultLanguage'} = 'en';
$Self->{'AdminEmail'} = some_user at urmc.rochester.edu';
$Self->{'DefaultCharset'} = 'utf-8';
#Enable LDAP authentication for Customers / Users
$Self->{'Customer::AuthModule'} =
'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} =
'ldap.urmc.rochester.edu:389';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} =
'dc=urmc-sh,dc=rochester,dc=edu';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} =
'CN=LDAP_admin,OU=admin,OU=Miner
Library,DC=urmc-sh,DC=rochester,DC=edu';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} =
'SOMEPASSWORD123';
#CustomerUser
#(customer user database backend and settings)
$Self->{CustomerUser} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'ldap.urmc.rochester.edu:389',
BaseDN => 'dc=urmc-sh,dc=rochester,dc=edu',
SSCOPE => 'sub',
UserDN =>'CN=LDAP_admin,OU=admin,OU=Miner
Library,DC=urmc-sh,DC=rochester,DC=edu',
UserPw => 'SOMEPASSWORD123',
},
# customer unique id
CustomerKey => 'sAMAccountName',
# customer #
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
#[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
#[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
#[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
# UserSyncLDAPMap
# (map if agent should create/synced from LDAP to DB after login)
$Self->{UserSyncLDAPMap} = {
# DB -> LDAP
Firstname => 'givenName',
Lastname => 'sn',
Email => 'mail',
Login => 'sAMAccountName',
CustomerID => 'mail',
};
#Add the following lines when only users are allowed to login if they
reside in the spicified security group
#Remove these lines if you want to provide login to all users specified
in the User Base DN
#example: $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=BaseOU,
dc=example, dc=com';
# $Self->{'Customer::AuthModule::LDAP::GroupDN'} =
'CN=otrs_ldap_allow_C,OU=Groups,OU=BaseOU,DC=example,DC=com';
# $Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
# $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN'
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# #
# End of your own config options!!! #
# #
# ---------------------------------------------------- #
# ---------------------------------------------------- #
}
# ---------------------------------------------------- #
# needed system stuff (don't edit this) #
# ---------------------------------------------------- #
use strict;
use vars qw(@ISA $VERSION);
use Kernel::Config::Defaults;
push (@ISA, 'Kernel::Config::Defaults');
$VERSION = '$Revision: 1.18 $';
$VERSION =~ s/^\$.*:\W(.*)\W.+?$/$1/;
# -----------------------------------------------------#
1;
_______________________________________________
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support or consulting for your OTRS system?
=> http://www.otrs.com/
--
Esta mensagem foi verificada pelo sistema de antivÃrus e
acredita-se estar livre de perigo.
--
Esta mensagem foi verificada pelo sistema de antivírus e
acredita-se estar livre de perigo.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.otrs.org/pipermail/otrs/attachments/20080305/b9c35529/attachment-0001.html
More information about the otrs
mailing list