Hey there, this is my first message to this list
I'm trying to authenticate otrs with our W2K server using ActiveDir.
This solution seems perfect for our organization since we are requiring
a help desk and we already have about a thousand AD users. I have been
using Linux and LDAP for years and I tough this wouldn't be that
hard... and it was.
My problem is that I'm able to authenticate agents -well, just the one
that is in mysql and in AD- but I'm not able to authenticate clients
-regular AD users- to the customer.pl interface.
I'm copying the config stuff in case anybody sees anything wrong, BTW,
I have tweaked some of the sAMAccount parts just for testing
Thanks for your help
Vlad
#agentes
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'w2k';
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=domain, dc=com';
$Self->{'AuthModule::LDAP::UID'} = 'userPrincipalName';
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'cn=Soporte Consultores, cn=Users, dc=domainx, dc=com';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'pass';
#$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
#---------------Clientes---------------------------------------#
$Self->{CustomerDefaultState} = 'new';
$Self->{CustomerUser} = {
Name => 'LDAP Source',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
# ldap host
Host => 'w2k',
# ldap base dn
BaseDN => 'DC=doamin,DC=com',
# search scope (one|sub)
SSCOPE => 'sub',
# The following is valid but would only be necessary if the
# anonymous user does NOT have permission to read from the LDAP tree
# Absolutely necessary for Active Directory
UserDN => 'cn=Soporte Consultores, cn=Users, dc=domain,
dc=com',
UserPw => 'passwd',
},
# customer uniq id
CustomerKey => 'sAMAccountName',
# customer #
CustomerID => 'mail',
CustomerUserListFields => ['givenname', 'sn', 'mail'],
CustomerUserSearchFields =>
['displayName','sAMAccountName','givenname', 'sn',
'mail','description'],
CustomerUserPostMasterSearchFields =>
['displayName','sAMAccountName','givenname','sn','mail','description'],
#CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'url', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
#------------------------------------------------------#
# Customer LDAP
Authentication
#
#------------------------------------------------------#
# This is an example configuration for an LDAP auth. backend.
# (take care that Net::LDAP is installed!)
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'w2k';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=domain,dc=com';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'CN=otrs,OU=Gente,DC=domain,DC=com';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'pass';