Hi, es ist schon mehrfach in der Liste aufgetaucht, ich konnte mein Problem aber dennoch nicht loesen. 1. Man kann sowohl agenten als auch Kunden ueber ldap authentifizieren und ggf. automatisch den kunden/agenten in der DB anlegen ? Entsprechend der Dokumentation und Hinweisen aus der Liste sieht die Config.pm in Auszuegen wie folgt aus (ip und hostnamen sind veraendert angegeben). sub Load { my $Self = shift; # ---------------------------------------------------- # # ---------------------------------------------------- # # # # Start of your own config options!!! # # # # ---------------------------------------------------- # # ---------------------------------------------------- # # ---------------------------------------------------- # # database settings # # ---------------------------------------------------- # # DatabaseHost # (The database host.) $Self->{'DatabaseHost'} = 'localhost'; # Database # (The database name.) $Self->{'Database'} = 'otrs'; # DatabaseUser # (The database user.) $Self->{'DatabaseUser'} = 'otrs'; # DatabasePw # (The password of database user. You also can use bin/CryptPassword.pl # for crypted passwords.) $Self->{'DatabasePw'} = 'pw'; # DatabaseDSN # (The database DSN for MySQL ==> more: "man DBD::mysql") $Self->{DatabaseDSN} = "DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost};"; # (The database DSN for PostgrSQL ==> more: "man DBD::Pg") # if you want to use a local socket connection # $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};"; # if you want to use a tcpip connection # $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};host=$Self->{DatabaseHost};"; # ---------------------------------------------------- # # fs root directory # ---------------------------------------------------- # $Self->{Home} = '/usr/share/otrs'; # **************************************************** # # insert your own config settings "here" # # config settings taken from Kernel/Config/Defaults.pm # # **************************************************** # # $Self->{SessionUseCookie} = 0; # $Self->{'CheckMXRecord'} = 1; # **************************************************** # # ---------------------------------------------------- # # data inserted by installer # # ---------------------------------------------------- # # $DIBI$ $Self->{'SystemID'} = 10; $Self->{'SecureMode'} = 1; $Self->{'Organization'} = 'Org'; $Self->{'LogModule::LogFile'} = '/tmp/otrs.log'; $Self->{'LogModule'} = 'Kernel::System::Log::SysLog'; $Self->{'FQDN'} = 'localhost'; $Self->{'DefaultLanguage'} = 'de'; $Self->{'DefaultCharset'} = 'iso-8859-1'; $Self->{'AdminEmail'} = 'user@localhost'; # ---------------------------------------------------- # # ---------------------------------------------------- # # # # End of your own config options!!! # # # # ---------------------------------------------------- # # ---------------------------------------------------- # # CustomerUser # (customer user ldap backend and settings) $Self->{CustomerUser} = { Name => 'LDAP Datenquelle', Module => 'Kernel::System::CustomerUser::LDAP', Params => { # ldap host Host => '10.x.x.x', # ldap base dn BaseDN => 'o=ROOT', # search scope (one|sub) SSCOPE => 'sub', # # The following is valid but would only be necessary if the # # anonymous user does NOT have permission to read from the LDAP tree UserDN => '', UserPw => '', # in case you want to add always one filter to each ldap query, use # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)' AlwaysFilter => '', # if your frontend is e. g. iso-8859-1 and the charset of your # ldap server is utf-8, use this options (if not, ignore it) # SourceCharset => 'utf-8', # DestCharset => 'iso-8859-1', # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP) Params => { port => 389, timeout => 120, async => 0, version => 3, }, }, # customer uniq id CustomerKey => 'uid', # customer # CustomerID => 'mail', CustomerUserListFields => ['cn', 'mail'], CustomerUserSearchFields => ['uid', 'cn', 'mail'], CustomerUserSearchPrefix => '', CustomerUserSearchSuffix => '*', CustomerUserSearchListLimit => 250, CustomerUserPostMasterSearchFields => ['mail'], CustomerUserNameFields => ['givenname', 'sn'], # show now own tickets in customer panel, CompanyTickets CustomerUserExcludePrimaryCustomerID => 0, # add a ldap filter for valid users (expert setting) # CustomerUserValidFilter => '(!(description=gesperrt))', # admin can't change customer preferences AdminSetPreferences => 0, Map => [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly [ 'UserSalutation', 'Title', 'title', 1, 0, 'var', '', 0 ], [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var', '', 0 ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var', '', 0 ], [ 'UserLogin', 'Username', 'uid', 1, 1, 'var', '', 0 ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var', '', 0 ], [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var', '', 0 ], # [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1, 0, 'var', '', 0 ], [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var', '', 0 ], [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var', '', 0 ], [ 'UserComment', 'Comment', 'description', 1, 0, 'var', '', 0 ], ], }; # Custom user authentication via LDAP # This is an example configuration for an LDAP auth. backend. # (take care that Net::LDAP is installed!) $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self->{'AuthModule::LDAP::Host'} = 'ldaps://hostname.local'; $Self->{'AuthModule::LDAP::BaseDN'} = 'o=ROOT'; $Self->{'AuthModule::LDAP::UID'} = 'uid'; # for ldap posixGroups objectclass (just uid) $Self->{'AuthModule::LDAP::UserAttr'} = 'uid'; # The following is valid but would only be necessary if the # anonymous user do NOT have permission to read from the LDAP tree $Self->{'AuthModule::LDAP::SearchUserDN'} = ''; $Self->{'AuthModule::LDAP::SearchUserPw'} = ''; # in case you want to add always one filter to each ldap query, use # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)' $Self->{'AuthModule::LDAP::AlwaysFilter'} = '(objectClass=Person)'; # sets the scope to use for LDAP->search # basiert auf ergaenzung des ldap auth modules $Self->{'AuthModule::LDAP::SScope'} = 'sub'; # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP) $Self->{'AuthModule::LDAP::Params'} = { port => 636, timeout => 120, async => 0, version => 3, capath => '/etc/ldap/certs/', version => 3 # ldaps only works with LDAPv3 }; $Self->{UserSyncLDAPMap} = { # DB -> LDAP salutation => 'generationQualifier', Firstname => 'givenName', Lastname => 'sn', Email => 'mail', }; # UserSyncLDAPGroups # (If "LDAP" was selected for AuthModule, you can specify # initial user groups for first login.) #$Self->{UserSyncLDAPGroups} = [ # 'users', #]; # UserTable #$Self->{DatabaseUserTable} = 'system_user'; #$Self->{DatabaseUserTableUserID} = 'id'; #$Self->{DatabaseUserTableUserPW} = 'pw'; #$Self->{DatabaseUserTableUser} = 'login'; } Sowohl kunden als auch agenten login scheitern damit. Der agentenlogin scheitert damit, dass keine daten fuer den user gefunden werden. Das uebliche Panic! No user data oder so aehnlich erscheint nach vielen minuten. Wo wird eigendlich zwischen agenten und kundenauth unterschieden ? Ich moechte zwischen kunden und agenten im ldap ueber gruppezugehoerigkeiten unterscheiden. Ist so etwas moegich ? Gruss