Hmm, very interesting. Yes, this is pretty much what I want. I'll test it
ASAP on my QA env.
Thanks a lot for the help and details. They could be very useful and save
me quite some time.
On Thu, Aug 29, 2013 at 2:27 PM, Daniel Litzbach wrote: I see…**** ** ** In my setup, the user exists in the DB, right. It has to exist for the
agent to be able to work with the system. But the users have no passwords
configured. All authentication is done via AD.**** ** ** $Self->{'AuthModule1'} = 'Kernel::System::Auth::LDAP';**** $Self->{'AuthModule::LDAP::Host1'} = xxx.xxx.xxx.xxx;**** $Self->{'AuthModule::LDAP::BaseDN1'} = '[Bind-DN]';**** ** ** $Self->{'AuthModule::LDAP::UID1'} = 'samaccountname';**** $Self->{'AuthModule::LDAP::GroupDN1'} = '[Group-DN]';**** $Self->{'AuthModule::LDAP::AccessAttr1'} = 'member'; **** $Self->{'AuthModule::LDAP::UserAttr1'} = 'DN';**** $Self->{'AuthModule::LDAP::SearchUserDN1'} = '[User-DN]';**** $Self->{'AuthModule::LDAP::SearchUserPw1'} = '[User-Password]';**** ** ** $Self->{'UserSyncLDAPMap1'} = {**** 'UserEmail' => 'mail',**** 'UserFirstname' => 'givenName',**** 'UserLastname' => 'sn',**** 'UserLogin' => 'sAMAccountName'**** };**** ** ** $Self->{UserSyncLDAPMap};**** $Self->{UserSyncLDAPGroups};**** $Self->{'UserSyncLDAPGroupsDefination'};**** $Self->{'UserSyncLDAPRolesDefination'};**** $Self->{'UserSyncLDAPAttibuteGroupsDefination'};**** $Self->{'UserSyncLDAPAttibuteRolesDefination'};**** $Self->{'UserSyncLDAPGroupsDefination'};**** ** ** The difference might be that I use “$Self->{'AuthModule1'}” in my setup,
not “$Self->{'AuthModule'}”. I guess, the system then first checks the
local database and if this is not successful, it checks the AD. Is this
what you want?**** ** ** Mit freundlichen Grüßen *Daniel Litzbach* Security Support Engineer Com-Sys ...Connecting Technology To Success. Communication Systems Ges. für Netzwerktechnik mbH
Im Geisbaum 17 B - D-63329 Egelsbach
Tel: 06103 5983 320 - Fax.: +49 6103 5983 655
E-Mail: Daniel.Litzbach@com-sys.de - Web: www.com-sys.de Geschäftsführer: Detlef Heinzig
HRB 33354 - Amtsgericht Offenbach**** *Von:* otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] *Im Auftrag
von *Bogdan Iosif
*Gesendet:* Donnerstag, 29. August 2013 13:13 *An:* User questions and discussions about OTRS.
*Betreff:* Re: [otrs] Using multiple databases as external backend?**** ** ** For me this doesn't work. I tested it in the past and just now. After
configuring LDAP as an agent backend, all auth attempts are performed
against LDAP. It kind of makes sense because in Config.pm I have: $Self->{AuthModule} = 'Kernel::System::Auth::LDAP';**** instead of $Self->{AuthModule} = 'Kernel::System::Auth::DB';**** and no entries for settings like AuthModule::DB::*, only for
AuthModule::LDAP::***** I don't understand how come that it works for you. Could it be that you
only have the impression it works because your agent user actually also
exists in your LDAP / AD or maybe it's configured with the same password in
both your DB backend and LDAP?**** When I try to login with a user from DB that is not in LDAP I get this in
otrs.log (ignore XXX) [Thu Aug 29 14:00:44 2013][Notice][Kernel::System::Auth::LDAP::Auth] User:
TestAg1 authentication failed, no LDAP entry
found!BaseDN='DC=XXX,DC=local', Filter='(sAMAccountName=TestAg1)',
(REMOTE_ADDR: XXX).**** ** ** ** ** On Thu, Aug 29, 2013 at 1:56 PM, Daniel Litzbach <
Daniel.Litzbach@com-sys.de> wrote:**** I guess it is, I also have a local user in our OTRS which is syncing with
AD. That works fine.**** **** Just try to add the local agent in the admin area and set a password.**** **** Regards,**** **** Daniel**** **** *Von:* otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] *Im Auftrag
von *Bogdan Iosif
*Gesendet:* Donnerstag, 29. August 2013 12:51**** *An:* User questions and discussions about OTRS.
*Betreff:* Re: [otrs] Using multiple databases as external backend?**** **** That's somewhat correct. AFAIK, during login the credentials are first
checked against LDAP and then, optionally, some of their details are
synched from LDAP into DB, presumably so that the rest of the application
still works by querying the DB for user details. However, what I need is to have some users defined in DB, beside those
from LDAP. For example I may need to grant temporary access to OTRS, as an
agent, for an external contractor whom I don't want to include in Active
Directory / LDAP for both security and licensing reasons. I don't know if
this is currently possible.**** /bogdan**** **** On Thu, Aug 29, 2013 at 1:43 PM, Daniel Litzbach <
Daniel.Litzbach@com-sys.de> wrote:**** If I’m not completely wrong, the LDAP users actually are DB users that are
synced from the LDAP to the DB. When logging in, the agent data is read
from the DB and the credentials checked against LDAP, right?**** **** Daniel**** **** *Von:* otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] *Im Auftrag
von *Bogdan Iosif
*Gesendet:* Donnerstag, 29. August 2013 12:38
*An:* User questions and discussions about OTRS.
*Betreff:* Re: [otrs] Using multiple databases as external backend?**** **** "you can use one Company Backend"**** I take it to mean you can only use one backend for agents. Can anyone else
confirm this please? I'm interested to know if I can use both DB and LDAP
for agents.**** **** On Thu, Aug 29, 2013 at 10:47 AM, Florian Edlhuber <
florian.edlhuber@gmx.de> wrote:**** Hi, it is in
http://doc.otrs.org/3.2/en/html/external-backends.html#multiple-customer-bac... You can use up to 10 Customer Information backends. But IIRC you can use
one Company Backend. Ciao
Flo 29.08.2013 09:42 - Stefan Michael Guenther schrieb: **** Hello, am I right in assuming, that it is only possible to have ONE external
customer
user backend, but not more? One of our clients has bought another company and if it is not possible to
connect
both customer databases to OTRS, we would have to find a way to merge the
two
database into an internal customer database for OTRS. Regards, Stefan
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs**** ---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs**** **** ---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs**** **** ---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs**** ** ** ---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs