Hi, I’m going through the configuration of LDAP(e-directory) for OTRS. I’ve been able to configure that Agents/Customers use LDAP for authentication and that a new agent can automatically be created from LDAP when he logs in the first time in the agent web interface thanks to the documentation and some examples I found in this mailing list.

I’m trying to accomplish the same thing now for Customers who log in the first time through the Customer web interface but can’t seem to get it to work.

To my understanding it is the #UserSyncLDAPMap (see the config below) section that makes it possible that a new agent (which has an account in e-directory) can log in on the agent web interface and that his user data gets mapped to the OTRS database. What do I need to use to make the same thing possible for a new customer (which has an account in e-directory) who logs in on the customer web interface?

Any help or comments on my configuration are much appreciated.

This is my config :

# ---------------------------------------------------- #

# LDAP Agent Auth #

# ---------------------------------------------------- #

$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';

$Self->{'AuthModule::LDAP::Host'} = '193.190.59.1';

$Self->{'AuthModule::LDAP::BaseDN'} = 'o=khlim';

$Self->{'AuthModule::LDAP::UID'} = 'uid';

$Self->{'AuthModule::LDAP::UserAttr'} = 'UID';

$Self->{'AuthModule::LDAP::SearchUserDN'} = 'cn=helpdesk,ou=res,ou=die,o=khlim';

$Self->{'AuthModule::LDAP::SearchUserPw'} = '';

# ---------------------------------------------------- #

# LDAP Customer Auth #

# ---------------------------------------------------- #

$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';

$Self->{'Customer::AuthModule::LDAP::Host'} = '193.190.59.1';

$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'o=khlim';

$Self->{'Customer::AuthModule::LDAP::UID'} = 'UID';

$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=helpdesk,ou=res,ou=die,o=khlim';

$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = '';

# ---------------------------------------------------- #

# LDAP Customer/Agent Data from LDAP #

# ---------------------------------------------------- #

# CustomerUser

# (customer user ldap backend and settings)

$Self->{CustomerUser} = {

Name => 'LDAP Khlim',

Module => 'Kernel::System::CustomerUser::LDAP',

Params => {

# ldap host

Host => '193.190.59.1',

# ldap base dn

BaseDN => 'o=khlim',

# search scope (one|sub)

SSCOPE => 'sub',

# The following is valid but would only be necessary if the

# anonymous user does NOT have permission to read from the LDAP tree

UserDN => 'cn=helpdesk,ou=res,ou=die,o=khlim',

UserPw => '',

# in case you want to add always one filter to each ldap query, use

# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'

#AlwaysFilter => '(&(objectClass=user)(mail=*@khlim))',

# if your frontend is e. g. iso-8859-1 and the charset of your

# ldap server is utf-8, use this options (if not, ignore it)

#SourceCharset => 'utf-8',

#DestCharset => 'iso-8859-1',

# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)

Params => {

port => 389,

timeout => 120,

async => 0,

version => 3,

# customer uniq id

CustomerKey => 'uid',

# customer #

CustomerID => 'mail',

CustomerUserListFields => ['cn', 'mail'],

CustomerUserSearchFields => ['uid', 'givenName', 'sn'],

CustomerUserSearchPrefix => '',

CustomerUserSearchSuffix => '*',

CustomerUserSearchListLimit => 250,

CustomerUserPostMasterSearchFields => ['mail'],

CustomerUserNameFields => ['givenName', 'sn'],

# show now own tickets in customer panel, CompanyTickets

CustomerUserExcludePrimaryCustomerID => 0,

# add a ldap filter for valid users (expert setting)

#CustomerUserValidFilter => '(!(description=gesperrt))',

# admin can't change customer preferences

AdminSetPreferences => 0,

Map => [

# note: Login, Email and CustomerID needed!

# var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly

[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var', '', 0 ],

[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var', '', 0 ],

[ 'UserLogin', 'Username', 'uid', 1, 1, 'var', '', 0 ],

[ 'UserEmail', 'Email', 'mail', 1, 1, 'var', '', 0 ],

[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var', '', 0 ],

#[ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1, 0, 'var', '', 0 ],

[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var', '', 0 ],

[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var', '', 0 ],

[ 'UserComment', 'Comment', 'description', 1, 0, 'var', '', 0 ],

};

#UserSyncLDAPMap

# (map if agent should create/synced from LDAP to DB after login)

$Self->{UserSyncLDAPMap} = {

# DB -> LDAP

UserFirstname => 'givenName',

UserLastname => 'sn',

UserEmail => 'mail',

};

#UserSyncLDAPGroups

#(If "LDAP" was selected="selected" for AuthModule, you can specify

# initial user groups for first login.)

$Self->{UserSyncLDAPGroups} = [

'users',

];

# UserTable

$Self->{DatabaseUserTable} = 'system_user';

$Self->{DatabaseUserTableUserID} = 'id';

$Self->{DatabaseUserTableUserPW} = 'pw';

$Self->{DatabaseUserTableUser} = 'login';

No virus found in this outgoing message.
Checked by AVG.
Version: 7.5.524 / Virus Database: 269.23.3/1392 - Release Date: 22/04/2008 15:51