[otrs] Agent login via LDAP

Shawn Beasley shawn.beasley at otrs.com
Thu Mar 6 08:41:53 GMT 2008 

Clary, Steve schrieb:
>
> We have successfully configured customer login via LDAP (AD) but we 
> are still having difficulty with the Agent login.
>
>  
>
> Can anyone identify the specific parts (entries) in the config.pm that 
> pertain to Agent LDAP login?
>
>  
>
> Are the local agent accounts then just paired with an LDAP account 
> with the same username?  (In other words, to create an agent, would 
> one just create a user in the front end that has the same username as 
> an LDAP account; resulting in a local username that just passes 
> authentication to LDAP?)
>
>  
>
> Below is a copy of our config.pl:
>
>  
>
>  
>
> CONFIG.PM
>
> package Kernel::Config;
>
>  
>
> sub Load {
>
>     my $Self = shift;
>
>     # ---------------------------------------------------- #
>
>     # ---------------------------------------------------- #
>
>     #                                                      #
>
>     #         Start of your own config options!!!          #
>
>     #                                                      #
>
>     # ---------------------------------------------------- #
>
>     # ---------------------------------------------------- #
>
>  
>
>     # ---------------------------------------------------- #
>
>     # database settings                                    #
>
>     # ---------------------------------------------------- #
>
>     # DatabaseHost
>
>     # (The database host.)
>
>     $Self->{'DatabaseHost'} = 'localhost';
>
>     # Database
>
>     # (The database name.)
>
>     $Self->{'Database'} = 'otrs';
>
>     # DatabaseUser
>
>     # (The database user.)
>
>     $Self->{'DatabaseUser'} = 'otrs';
>
>     # DatabasePw
>
>     # (The password of database user. You also can use 
> bin/CryptPassword.pl
>
>     # for crypted passwords.)
>
>     $Self->{'DatabasePw'} = 'hot';
>
>     # DatabaseDSN
>
>     # (The database DSN for MySQL ==> more: "man DBD::mysql")
>
>     $Self->{DatabaseDSN} = 
> "DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost};";
>
>  
>
>     # (The database DSN for PostgreSQL ==> more: "man DBD::Pg")
>
>     # if you want to use a local socket connection
>
> #    $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};";
>
>     # if you want to use a tcpip connection
>
> #    $Self->{DatabaseDSN} = 
> "DBI:Pg:dbname=$Self->{Database};host=$Self->{DatabaseHost};";
>
>  
>
>     # ---------------------------------------------------- #
>
>     # fs root directory
>
>     # ---------------------------------------------------- #
>
>     $Self->{Home} = 'C:/OTRS/otrs';
>
>  
>
>     # ---------------------------------------------------- #
>
>     # insert your own config settings "here"               #
>
>     # config settings taken from Kernel/Config/Defaults.pm #
>
>     # ---------------------------------------------------- #
>
>     # $Self->{SessionUseCookie} = 0;
>
>     # $Self->{'CheckMXRecord'} = 1;
>
>  
>
>     # ---------------------------------------------------- #
>
>  
>
>     # ---------------------------------------------------- #
>
>     # data inserted by installer                           #
>
>     # ---------------------------------------------------- #
>
>     $Self->{'LogModule'} = 'Kernel::System::Log::File';
>
>     $Self->{'LogModule::LogFile'} = 'C:/OTRS/otrs/var/log/otrs.log';
>
>     # $DIBI$
>
>     $Self->{'SystemID'} = 10;
>
>     $Self->{'SecureMode'} = 1;
>
>     $Self->{'Organization'} = 'URMC';
>
>     $Self->{'FQDN'} = 'hslt-wowserver';
>
>     $Self->{'DefaultLanguage'} = 'en';
>
>     $Self->{'AdminEmail'} = some_user at urmc.rochester.edu';
>
>     $Self->{'DefaultCharset'} = 'utf-8';
>
>  
>
>  
>
> #Enable LDAP authentication for Customers / Users
>
>   $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
>
>   $Self->{'Customer::AuthModule::LDAP::Host'} = 
> 'ldap.urmc.rochester.edu:389';
>
>   $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 
> 'dc=urmc-sh,dc=rochester,dc=edu';
>
>   $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
>
>  
>
> #The following is valid but would only be necessary if the
>
> #anonymous user do NOT have permission to read from the LDAP tree
>
>   $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 
> 'CN=LDAP_admin,OU=admin,OU=Miner Library,DC=urmc-sh,DC=rochester,DC=edu';
>
>   $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'SOMEPASSWORD123';
>
>  
>
> #CustomerUser
>
> #(customer user database backend and settings)
>
>     $Self->{CustomerUser} = {
>
>       Module => 'Kernel::System::CustomerUser::LDAP',
>
>       Params => {
>
>       Host => 'ldap.urmc.rochester.edu:389',
>
>       BaseDN => 'dc=urmc-sh,dc=rochester,dc=edu',
>
>       SSCOPE => 'sub',
>
>       UserDN =>'CN=LDAP_admin,OU=admin,OU=Miner 
> Library,DC=urmc-sh,DC=rochester,DC=edu',
>
>       UserPw => 'SOMEPASSWORD123',
>
>     },
>
> # customer unique id
>
>     CustomerKey => 'sAMAccountName',
>
>     # customer #
>
>     CustomerID => 'mail',
>
>     CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
>
>     CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
>
>     CustomerUserSearchPrefix => '',
>
>     CustomerUserSearchSuffix => '*',
>
>     CustomerUserSearchListLimit => 250,
>
>     CustomerUserPostMasterSearchFields => ['mail'],
>
>     CustomerUserNameFields => ['givenname', 'sn'],
>
>     Map => [
>
>       # note: Login, Email and CustomerID needed!
>
>       # var, frontend, storage, shown, required, storage-type
>
>       #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
>
>       [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
>
>       [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
>
>       [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
>
>       [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
>
>       [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
>
>       [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
>
>       #[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
>
>       #[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
>
>     ],
>
>   };
>
>  
>
You are missing this: (For readability I would put the agent login 
information above your customer login info)

# This is an example configuration for an LDAP auth. backend.
# (take care that Net::LDAP is installed!)
    $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
    $Self->{'AuthModule::LDAP::Host'} = 'ldap.urmc.rochester.edu:389';
    $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=urmc-sh,dc=rochester,dc=edu';
    $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';

# The following is valid but would only be necessary if the
# anonymous user do NOT have permission to read from the LDAP tree
#    $Self->{'AuthModule::LDAP::SearchUserDN'} = 
'CN=LDAP_admin,OU=admin,OU=Miner Library,DC=urmc-sh,DC=rochester,DC=edu';
#    $Self->{'AuthModule::LDAP::SearchUserPw'} = 'SOMEPASSWORD'
>
> # UserSyncLDAPMap
>
> # (map if agent should create/synced from LDAP to DB after login)
>
> $Self->{UserSyncLDAPMap} = {
>
>       # DB -> LDAP
>
>       Firstname => 'givenName',
>
>       Lastname => 'sn',
>
>       Email => 'mail',
>
>       Login => 'sAMAccountName',
>
>       CustomerID => 'mail', 
>
> };
>
>  
>
> #Add the following lines when only users are allowed to login if they 
> reside in the spicified security group
>
> #Remove these lines if you want to provide login to all users 
> specified in the User Base DN
>
> #example: $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=BaseOU, 
> dc=example, dc=com';
>
> #  $Self->{'Customer::AuthModule::LDAP::GroupDN'} = 
> 'CN=otrs_ldap_allow_C,OU=Groups,OU=BaseOU,DC=example,DC=com';
>
> #  $Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
>
> #  $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN'
>
>  
>
>  
>
>     # ---------------------------------------------------- #
>
>     # ---------------------------------------------------- #
>
>     #                                                      #
>
>     #           End of your own config options!!!          #
>
>     #                                                      #
>
>     # ---------------------------------------------------- #
>
>     # ---------------------------------------------------- #
>
> }
>
>  
>
> # ---------------------------------------------------- #
>
> # needed system stuff (don't edit this)                #
>
> # ---------------------------------------------------- #
>
> use strict;
>
> use vars qw(@ISA $VERSION);
>
> use Kernel::Config::Defaults;
>
> push (@ISA, 'Kernel::Config::Defaults');
>
> $VERSION = '$Revision: 1.18 $';
>
> $VERSION =~ s/^\$.*:\W(.*)\W.+?$/$1/;
>
> # -----------------------------------------------------#
>
>  
>
> 1;
>
>  
>
>  
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> OTRS mailing list: otrs - Webpage: http://otrs.org/
> Archive: http://lists.otrs.org/pipermail/otrs
> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
> Support or consulting for your OTRS system?
> => http://www.otrs.com/


-- 
Shawn Beasley
((otrs)) :: OTRS AG :: Norsk-Data-Straße 1 :: 61352 Bad Homburg
    Fon: +49 (0) 9421 56818 0 :: Fax: +49 (0) 9421 56818 18
      http://www.otrs.com/ :: Communication with success!


Geschäftssitz: Bad Homburg
Amtsgericht Bad Homburg, HRB 10751
Steuernummer: 003/240/97521

Aufsichtsratsvorsitzender: Burchard Steinbild
Vorstandsvorsitzender: André Mindermann


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://lists.otrs.org/pipermail/otrs/attachments/20080306/5bdaaad4/signature.pgp

More information about the otrs mailing list