My main reasoning for OTRS is to automate as much as possible, I'd
prefer not to have first level agents triaging every single issue.
Below is an example of hour I sorted the groups based on AD (any queue
name company specific has been removed, incase you were wondering why
the logic didn't make a whole lot of sense).
Hope that helps.
$Self->{'AuthSyncModule::LDAP::UserSyncGroupsDefinition'} = {
# ldap group
'CN=Group_A,OU=xxx,OU=Groups,DC=ld,DC=corp,DC=local' => {
# otrs group
'faq' => {
rw => 1,
ro => 1,
},
'faq_admin' => {
rw => 1,
ro => 1,
},
'stats' => {
rw => 1,
ro => 1,
},
'users' => {
rw => 1,
ro => 1,
},
},
'CN=Group_B,OU=xxx,OU=Groups,DC=ld,DC=corp,DC=local' => {
'faq' => {
rw => 1,
ro => 1,
},
'faq_admin' => {
rw => 0,
ro => 0,
},
'stats' => {
rw => 0,
ro => 0,
},
},
'CN=Group_C,OU=xxx,OU=Groups,DC=ld,DC=corp,DC=local' => {
'faq' => {
rw => 0,
ro => 0,
},
'faq_admin' => {
rw => 0,
ro => 0,
},
'stats' => {
rw => 0,
ro => 0,
},
'users' => {
rw => 0,
ro => 0,
},
},
'CN=Group_C,OU=xxx,OU=Groups,DC=ld,DC=corp,DC=local' => {
'Random Group' => {
rw => 1,
ro => 1,
},
},
'CN=Group_D,OU=xxx,OU=Groups,DC=ld,DC=corp,DC=local' => {
'admin' => {
rw => 1,
ro => 1,
},
}
};
--John
________________________________
From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On Behalf Of
Leonardo Certuche
Sent: Wednesday, December 16, 2009 3:39 PM
To: User questions and discussions about OTRS.
Subject: Re: [otrs] Settings Customer Group Permissions via LDAP.
Hi John,
I don't know if it fits your environment but what we did was to give
customers permissions to a single queue which is managed by a group of
first level agents who route tickets to the other queues.
About your 'Agent 1 can see queue A, and Agent 2 can see queue B, but
not vice versa' configuration, I'd love if you share it with us, I tried
that but never worked for me, probably knowing your working
configuration will help (not only me) to accomplish it :)
regards,
Leonardo Certuche
On Wed, Dec 16, 2009 at 6:01 PM, John Stafford