Good day!
I have this kind of problem.
Somewhere over Interet I saw a possibility to add a several LDAP servers for
authentication and authorization, but I can't find this solution right now.
Could you tell me how can I achive this?
Right now, I have one MS Active Directory with 2 groups: otrs_admins and
otrs_users. The first one contains administrators, the second one - users.
My LDAP auth works well. But the LDAP's groupDN parameter I have to set to DN
'CN=OTRS_USERS,CN=Users,...'.
My admins are in OTRS_USERS and OTRS_ADMIN groups.
Users are in OTRS_USERS group.
This is my configuration:
$Self->{'UserSyncLDAPGroupsDefinition'} = {
# ldap group
'CN=OTRS_USERS,CN=Users,DC=td,DC=kms' => {
# otrs users
'admin' => {
# permission
rw => 0,
ro => 0,
},
'faq' => {
# permission
rw => 1,
ro => 1,
},
'faq_admin' => {
# perm
rw => 0,
ro => 1,
},
'itsm-configitem' => {
# perm
rw => 0,
ro => 1,
},
'itsm-service' => {
# perm
rw => 0,
ro => 1,
},
'stats' => {
# perm
rw => 0,
ro => 1,
},
'time_accounting' => {
# perm
rw => 0,
ro => 1,
},
'users' => {
# perm
rw => 0,
ro => 1,
},
},
'CN=OTRS_ADMINS,CN=Users,DC=td,DC=kms' => {
# otrs admins
'admin' => {
# permission
rw => 1,
ro => 1,
},
'faq' => {
# permission
rw => 1,
ro => 1,
},
'faq_admin' => {
# perm
rw => 1,
ro => 1,
},
'itsm-configitem' => {
# perm
rw => 1,
ro => 1,
},
'itsm-service' => {
# perm
rw => 1,
ro => 1,
},
'stats' => {
# perm
rw => 1,
ro => 1,
},
'time_accounting' => {
# perm
rw => 1,
ro => 1,
},
'users' => {
# perm
rw => 1,
ro => 1,
},
},
}
# UserSyncLDAPMap
# (map if agent should create/synced from LDAP to DB after login)
$Self->{UserSyncLDAPMap} = {
# DB -> LDAP
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail'
};
# UserSyncLDAPGroups
# (If "LDAP" was selected for AuthModule, you can specify initial
# user groups for first login.)
$Self->{UserSyncLDAPGroups} = [
'OTRS_USERS','OTRS_ADMINS'
];
But when I try to do this, my admins gets only user's rights, not
administrator's. How can I solve this?