I find the solution. But I can't explain why !!
I delete my AD groups and recreate them !!

Le 01/02/2010 12:27, Guillaume Rehm a écrit :

Hi all,

I try to sync Active Directory groups and Otrs Roles in OTRS 2.4.6.

In found this doc http://lists.otrs.org/pipermail/otrs/2009-November/029206.html from the list.

But if have some problem to implement it.

Before testing, OTRS works fine with AD sync for Agents.

I have created 1 AD group called Inscriptions like this cn=Inscriptions,ou=OTRS,ou=Pro,dc=exploitation,dc=local
I put the AD account of 1 agent into it (in AD, adlogin).

I modified my Config.pm file like this :

$Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'member'; # I have test memberOf, MemberOf, memberUid

     $Self->{'AuthSyncModule::LDAP::UserAttr'} = 'DN';
    # AuthSyncModule::LDAP::UserSyncInitialGroups
    # (sync following group with rw permission after initial create of first agent login)
    $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
        'users',
    ];

$Self->{'AuthSyncModule::LDAP::UserSyncRolesDefinition'} = {
         # ldap group
         'cn=Inscriptions,ou=OTRS,ou=Pro,dc=exploitation,dc=local' => {
             # otrs role
             'Inscriptions' => 1,
         }

     };

In OTRS log if have this:

User: adlogin not in GroupDN='cn=Inscriptions,ou=OTRS,ou=Pro,dc=exploitation,dc=local', Filter='(member=CN=My Name,OU=Pro,DC=exploitation,DC=local)'! (REMOTE_ADDR: X.X.X.X).
User: 'adlogin' sync ldap groups cn=Inscriptions,ou=OTRS,ou=Pro,dc=exploitation,dc=local to roles!
User: 'adlogin' changed password successfully!
User: 'adlogin' updated successfully (1)!
User: adlogin (CN=My Name,OU=Pro,DC=exploitation,DC=local) authentication ok (REMOTE_ADDR: X.X.X.X).

adlogin = my sAMAccountName, member of AD group Inscriptions

I think OTRS find the AD group (if I give an unkown name, I have an other error), but can't test if the agent account is member of the group.

Anyone have an idea ??

Thanks in advance for your help.

OTRS is a great product and I like it ;-)
-- 
Guillaume REHM
Centre de Ressources Informatiques
Responsable Sécurité du Système d'Information (RSSI)

Bibliothèque Nationale et Universitaire de Strasbourg
5 rue du Maréchal Joffre
BP 51029
67070 Strasbourg

tél: 03 88 25 28 23
fax: 03 88 25 28 03
mail: guillaume.rehm@bnu.fr
web: http://www.bnu.fr
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/

-- 
Guillaume REHM
Centre de Ressources Informatiques
Responsable Sécurité du Système d'Information (RSSI)

Bibliothèque Nationale et Universitaire de Strasbourg
5 rue du Maréchal Joffre
BP 51029
67070 Strasbourg

tél: 03 88 25 28 23
fax: 03 88 25 28 03
mail: guillaume.rehm@bnu.fr
web: http://www.bnu.fr