I am no expert in giving a step by step, but here is a
copy of my config.pm file which is working for customer LDAP auth via my
Windows AD domain... hope it helps:
As always, make a backup copy of the original Config.pm
file before you start modifying....
I created a user account in AD called "otrs ldap" and
use that account to authenticate the LDAP query from otrs. Windows AD will
not allow anonymous lookups so this is a necessary
step...
# This is an
example configuration for an LDAP auth. backend.
# (take
care that Net::LDAP is installed!)
$Self->{'Customer::AuthModule'} =
'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = '10.xxx.xxx.xx';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=domain,dc=local';
$Self->{'Customer::AuthModule::LDAP::UID'} =
'sAMAccountName';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'CN=otrs
ldap,OU=Users,DC=domain,DC=local';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'password';
The
section below is for the customer lookups via the Phone Ticket/Email Ticket
screen to add a new ticket for a customer. It allows the agent type a
piece of the customer info and search AD for the user... The system must
be able to verify the customer in AD before it will let you enter a
ticket.
# (customer user ldap backend and
settings)
$Self->{CustomerUser1} = {
Name =>'LDAP
Backend',
Module =>
'Kernel::System::CustomerUser::LDAP',
Params =>
{
# ldap
host
Host
=> '10.xxx.xxx.xx',
# ldap base
dn
BaseDN
=> 'dc=domain,dc=local',
# search scope
(one|sub)
SSCOPE =>
'sub',
#
The following is valid but would only be necessary if
the
#
anonymous user does NOT have permission to read from the LDAP
tree
UserDN => 'CN=otrs ldap,OU=Users,DC=domain,DC=local',
UserPw => 'password',
AlwaysFilter =>
'',
#SourceCharset =>
'utf-8',
#DestCharset => 'iso-8859-1',
},
# customer uniq id
CustomerKey =>
'sAMAccountName',
# customer
#
CustomerID =>
'mail',
CustomerUserListFields
=> ['sAMAccountName', 'cn',
'mail'],
CustomerUserSearchFields
=> ['sAMAccountName', 'cn',
'mail'],
CustomerUserSearchPrefix
=> '',
CustomerUserSearchSuffix
=> '*',
CustomerUserSearchListLimit =>
250,
CustomerUserPostMasterSearchFields =>
['mail'],
CustomerUserNameFields
=> ['givenname', 'sn'],
Map
=> [
#
note: Login, Email and CustomerID
needed!
#
var, frontend, storage, shown, required,
storage-type
#[ 'UserSalutation', 'Title', 'title', 1, 0, 'var'
],
[
'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var'
],
[
'UserLastname', 'Lastname', 'sn', 1, 1, 'var'
],
[
'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var'
],
[
'UserEmail', 'Email', 'mail', 1, 1, 'var'
],
[
'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var'
],
[
'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var'
],
#[
'UserAddress', 'Address', 'postaladdress', 1, 0, 'var'
],
#[
'UserComment', 'Comment', 'description', 1, 0, 'var'
],
],
};
With Best
Regards,
Tim
Miller
Network
Administrator
DBT America,
Inc.
Houston,
PA
Is there anyone who can give me a
step-by-step guide to configure ldap autentiation for
costumers?
I’ve added this
entry:
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} =
'vidc2.battistolligroup.it';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} =
'dc=battistolligroup,dc=it';
. . . . . . . . . .
. . . . . . . . .
Mario
Tonin
mario.tonin@battistolli.it
B.T.V.
s.p.a.– Sistemi Informativi
Via Luca della
Robbia 60
36100 – Vicenza –
Italy
w http://www.battistolli.it