RE: [otrs] Customers and AD LDAP + general authentication

I've got authentication with AD LDAP working, as well as better filtering of customers when using AD LDAP. If someone else want's to do the same (get rid of machine accounts and groups from the customer list), add the following changes to Kernel/System/CustomerUser/LDAP.pm Line 39 (to increase search limit from 200 to a higher value. The bigger your LDAP tree is (amount of objects), the higher value you need. We have about 500 user accounts.): Change from: $Self->{UserSearchListLimit} = 200; to: $Self->{UserSearchListLimit} = 4000; Line 124 (New Ticket -> Customer Search): Change line 124 to $Filter = '(&(sAMAccountType=805306368)(|'; and line 128 to $Filter .= '))'; Line 186 (Customers view from the AdminArea to only show actual user accounts): Change to: filter => "(&(sAMAccountType=805306368)($Self->{CustomerKey}=*))", There might be a better way to configure the LDAP interface to include the sAMAccountType.. in the Config.pm file, but I couldn't find any obvious ways of doing it. So now we are on the right track to get OTRS implemented... Regards, Thomas

-----Original Message----- From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org]On Behalf Of Chris Salter Sent: Friday, October 03, 2003 6:18 PM To: 'User questions and discussions about OTRS.' Subject: RE: [otrs] Customers and AD LDAP + general authentication

Hi Thomas,

Regarding LDAP integration, there are some LDAP authentication modules for both agent and customer. There's a section of the manual that deals with setting up customer info, and gives info for both the DB setup and for LDAP setup. See:

http://doc.otrs.org/1.1/html/customer.html

In my Defaults.pm file in the Config directory (OTRS 1.1.3), I also found a bunch of customer authentication setting options using LDAP starting at line 1335.

I hope this helps!

-- Chris Salter

-----Original Message----- From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org]On Behalf Of Thomas Nilsen Sent: October 3, 2003 10:53 AM To: otrs@otrs.org Subject: [otrs] Customers and AD LDAP + general authentication

Hi,

We are currently looking at using OTRS to handle our IT dept support desk. However, we have a couple of issues, all relating to Windows Active Directory integration. ORTS is installed on a Linux box.

* The customer LDAP integration: Is it possible to filter on the LDAP query? The default customer LDAP query brings back users, groups and computer accounts, and all we need is the user accounts. Is it possible to include a filter in this function which only looks up the user values if let's say "sAMAccountType=805306368"?

* Agent/Customer Login authentication: Have anyone integrated the login screens for agent and Customers with normal Apache HTTP AUTH type authentication? We are using NTLM via the perl module Authen::NTLM for apache. With this we can authenticate seamless for all IE users. It would be extremely nice to be able to use this function with OTRS as well. Since OTRS is written in Perl it ought to be possible to do this, but I'm not very good with perl coding yet... The other option would be to use cookie authentication from a trusted SSO system like WebAuth http://webauthv3.stanford.edu/.

* Customers import from Active Directory: As the customer must exist in the OTRS database, have anyone written any synchronisation scripts to update ORTS with data directly from Active Directory (or any other LDAP database) on a daily basis? If not, is it enough to populate the customer_user table, or are there other tables that needs to be updated at the same time when inserting a new customer from the "back side"?

Regards, Thomas Nilsen Svg Support Tel: +47 51 81 01 30 - Mob: +47 916 98 229

DISCLAIMER: This message contains information that may be privileged or confidential and is the property of the Roxar Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorised to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. _______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System?

DISCLAIMER: This message contains information that may be privileged or confidential and is the property of the Roxar Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorised to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.