my @hosts = ('prvsrvdc.nspnet.net','prvsrvdns.nspnet.net'); #------------------------------------------------------# # Agent LDAP Authentication Settings # #------------------------------------------------------# $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self->{'AuthModule::LDAP::Host'} = \@hosts; $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=domain,dc=com'; $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self->{'AuthModule::LDAP::SearchUserDN'} = 'user'; # Needs to be fully qualified active directory domain name (user@domain.com) $Self->{'AuthModule::LDAP::SearchUserPw'} = 'pass'; $Self->{'AuthModule::LDAP::GroupDN'} = 'cn=otrs,cn=Users,dc=domain,dc=com'; $Self->{'AuthModule::LDAP::AccessAttr'} = 'member'; #------------------------------------------------------# # Customer Search Form Populator # #------------------------------------------------------# $Self->{CustomerUser} = { Name => 'LDAP Source', Module => 'Kernel::System::CustomerUser::LDAP', Params => { # ldap host Host => \@hosts, # ldap base dn BaseDN => 'dc=domain,dc=com', # search scope (one|sub) SSCOPE => 'sub', # The following is valid but would only be necessary if the # anonymous user does NOT have permission to read from the LDAP tree # Absolutely necessary for Active Directory UserDN => 'user', # Needs to be fully qualified active directory domain name (user@domain.com) UserPw => 'pass', }, # customer uniq id CustomerKey => 'sAMAccountName', # customer # CustomerID => 'url', CustomerUserListFields => ['givenname', 'sn', 'mail'], CustomerUserSearchFields => ['displayName','sAMAccountName','givenname', 'sn', 'mail','description'], CustomerUserPostMasterSearchFields => ['displayName','sAMAccountName','givenname','sn','mail','description'], CustomerUserNameFields => ['givenname', 'sn'], Map => [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown, required, storage-type [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ], [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ], [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ], [ 'UserCustomerID', 'CustomerID', 'url', 0, 1, 'var' ], [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ], [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ], [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ], ], }; #------------------------------------------------------# # Customer LDAP Authentication # #------------------------------------------------------# # This is an example configuration for an LDAP auth. backend. # (take care that Net::LDAP is installed!) $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self->{'Customer::AuthModule::LDAP::Host'} = \@hosts; $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=domain,dc=com'; $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName'; # Check if the user is allowed to auth in a posixGroup # (e. g. user needs to be in a group xyz to use otrs) # $Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'cn=otrsAgent,cn=Users,dc=domain,dc=com'; # $Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member'; # The following is valid but would only be necessary if the # anonymous user do NOT have permission to read from the LDAP tree # Absolutely needed for active directory $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'user'; # Needs to be fully qualified active directory domain name (user@domain.com) $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'pass';