Hi, To just authorize some AD users to be agents use this: # Check if the user is allowed to auth in a posixGroup # (e. g. user needs to be in a group xyz to use otrs) $Self->{'AuthModule::LDAP::GroupDN'} = 'cn=AgentsOTRS,ou=YourOU,dc=domain,dc=local'; And put your AD users in this AD Group (AgentsOTRS). Hope this help Le 21/04/2010 21:57, Martin, Michael a écrit :
Hello again. I have tried to get this working with Microsoft’s A.D. but I’m still having troubles, but I think I’m getting closer. I’ve adapted my Config with help from this email list. (Thank You to Michiel Beijen and Guillaume Rehm.)
My question is how do I allow some A.D. users to be “users” and other A.D. users to be “Agents” or “Admins?” Here is my config so far:
((SNIP))
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'AD Server';
$Self->{'AuthModule::LDAP::BaseDN'} = 'DC=my,DC=corp';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::GroupDN'} = 'CN=Agents-Group,OU=My-OU,DC=my,DC=corp';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=otrs-user,OU=user-acct,DC=my,DC=corp';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'Password';
# $Self->{'AuthModule::LDAP::AlwaysFilter'} = ;
$Self->{'AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = 'AD Server';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'DC=my,DC=corp';
$Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'CN=otrs-user,OU=user-Acct,DC=my,DC=corp';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'Password';
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
# DB -> LDAP
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
'users',
];
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'AD Server';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'DC=my,DC=corp';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'CN=otrs-user,OU=user-acct,DC=my,DC=corp';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'Password';
$Self->{CustomerUser} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'AD Server',
BaseDN => 'DC=my,DC=corp',
SSCOPE => 'sub',
UserDN => 'CN=otrs-user,OU=user-acct,DC=my,DC=corp',
UserPw => 'Password',
},
CustomerKey => 'sAMAccountName',
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserPostMasterSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
# note: Login, Email and CustomerID needed!
# # var, frontend, storage, shown, required, storage-type
# # [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephoneNumber', 1, 0, 'var' ],
#[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
#[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
((END SNIP))
I’m sure I’m missing something fundamental in this configuration. Any pointers would be appreciated very much!
/MM
Michael Martin Systems Administrator, Local Government Division P: 800-646-2633
--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
-- Guillaume REHM Centre de Ressources Informatiques Responsable Sécurité du Système d'Information (RSSI) Bibliothèque Nationale et Universitaire de Strasbourg 5 rue du Maréchal Joffre BP 51029 67070 Strasbourg tél: 03 88 25 28 23 fax: 03 88 25 28 03 mail: guillaume.rehm@bnu.fr web: http://www.bnu.fr