#
# Agent-Login via LDAP
#
# This is an example configuration for an LDAP auth. backend.
    # (take care that Net::LDAP is installed!)
    $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
    $Self->{'AuthModule::LDAP::Host'} = server.mydomain.intern';
    $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=mydomain,dc=intern';
    $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
#    # Check if the user is allowed to auth in a posixGroup
#    # (e. g. user needs to be in a group xyz to use otrs)
#    $Self->{'AuthModule::LDAP::GroupDN'} = 'cn=EDV,ou=Gruppen,ou=meineou,dc=mydomain,dc=intern';
#    $Self->{'AuthModule::LDAP::AccessAttr'} = 'memberUid';
#    # for ldap posixGroups objectclass (just uid)
#    $Self->{'AuthModule::LDAP::UserAttr'} = 'UID';
#    # for non ldap posixGroups objectclass (with full user dn)
#    $Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
#
#    # The following is valid but would only be necessary if the
#    # anonymous user do NOT have permission to read from the LDAP tree
    $Self->{'AuthModule::LDAP::SearchUserDN'} = 'otrsuser';
    $Self->{'AuthModule::LDAP::SearchUserPw'} = 'otrsuser-pw';
#
#    # in case you want to add always one filter to each ldap query, use
#    # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
    $Self->{'AuthModule::LDAP::AlwaysFilter'} = '(objectclass=user)';
#
#    # in case you want to add a suffix to each login name, then
#    # you can use this option. e. g. user just want to use user but
#    # in your ldap directory exists user@domain.
#    $Self->{'AuthModule::LDAP::UserSuffix'} = '@mydomain.intern';
#
#    # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
    $Self->{'AuthModule::LDAP::Params'} = {
        port => 389,
        timeout => 120,
        async => 0,
        version => 3,
    };

    # UserSyncLDAPMap
    # (map if agent should create/synced from LDAP to DB after login)
    $Self->{UserSyncLDAPMap} = {
        # DB -> LDAP
        Firstname => 'givenName',
        Lastname => 'sn',
        Email => 'mail',
    };

    # UserSyncLDAPGroups
    # (If "LDAP" was selected for AuthModule, you can specify
    # initial user groups for first login.)
    $Self->{UserSyncLDAPGroups} = [
        'users',
                                   ];

    # UserTable
    $Self->{DatabaseUserTable} = 'system_user';
    $Self->{DatabaseUserTableUserID} = 'id';
    $Self->{DatabaseUserTableUserPW} = 'pw';
    $Self->{DatabaseUserTableUser} = 'login';



#
#
# CustomerUser mydomain-Mitarbeiter
#    # (customer user ldap backend and settings)
#
    $Self->{CustomerUser} = {
        Name => 'Mitarbeiter',
        Module => 'Kernel::System::CustomerUser::LDAP',
        Params => {
            # ldap host
            Host => server.mydomain.intern',
            # ldap base dn
            BaseDN => 'ou=Benutzer,ou=mydomain,dc=mydomain,dc=intern',
#           BaseDN => 'ou=Benutzer,ou=mydomain,dc=mydomain,dc=intern',
            # search scope (one|sub)
            SSCOPE => 'sub',
#            # The following is valid but would only be necessary if the
#            # anonymous user does NOT have permission to read from the LDAP tree
            UserDN => 'otrsuser',
            UserPw => 'otrsuser-pw',
            # in case you want to add always one filter to each ldap query, use
            # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
            AlwaysFilter => '(objectclass=user)',
#           AlwaysFilter => '',
            # if your frontend is e. g. iso-8859-1 and the charset of your
            # ldap server is utf-8, use this options (if not, ignore it)
            SourceCharset => 'utf-8',
            DestCharset => 'iso-8859-1',
            # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
            Params => {
                port => 389,
                timeout => 120,
                async => 0,
                version => 3,
            },
        },
        # customer uniq id
        CustomerKey => 'mail',
        # customer #
        CustomerID => 'cn',
        CustomerUserListFields => ['cn', 'mail'],
        CustomerUserSearchFields => ['uid', 'cn', 'mail'],
        CustomerUserSearchPrefix => '',
        CustomerUserSearchSuffix => '*',
        CustomerUserSearchListLimit => 250,
        CustomerUserPostMasterSearchFields => ['mail'],
        CustomerUserNameFields => ['sn', 'givenname' ],
        # show now own tickets in customer panel, CompanyTickets
#        CustomerUserExcludePrimaryCustomerID => 0,
        # add a ldap filter for valid users (expert setting)
#       CustomerUserValidFilter => '(!(description=gesperrt))',
        # admin can't change customer preferences
        AdminSetPreferences => 1,

        Map => [
            # note: Login, Email and CustomerID needed!
            # var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly
            [ 'UserSalutation', 'Title',      'title',           1, 0, 'var', '', 1 ],
            [ 'UserFirstname',  'Vorname',  'givenname',       1, 0, 'var', '', 1 ],
            [ 'UserLastname',   'Nachname',   'sn',              1, 0, 'var', '', 1 ],
            [ 'UserLogin',      'Benutzername',   'sAMAccountname',             1, 0, 'var', '', 1 ],
#           [ 'Department',      'Abteilung',   'department',             1, 0, 'var', '', 1 ],
            [ 'UserEmail',      'E-Mail',      'mail',            1, 0, 'var', '', 1 ],
            [ 'UserCustomerID', 'CustomerID', 'mail',            0, 0, 'var', '', 1 ],
#            [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1, 0, 'var', '', 0 ],
            [ 'UserPhone',      'Telefon',      'telephonenumber', 1, 0, 'var', '', 1 ],
#           [ 'UserFax',      'Fax',      'facsimileTelephonenumber', 1, 0, 'var', '', 1 ],
            [ 'UserAddress',    'Adresse',    'postaladdress',   1, 0, 'var', '', 1 ],
            [ 'UserComment',    'Kommentar',    'description',     1, 0, 'var', '', 1 ],
        ],
};