On 01/12/2010 04:44 PM, Nils Leideck - ITSM wrote:
Hi Dant,
On 12.01.2010, at 23:35, Dan Trainor wrote:
My question is, however, can I use AuthModule::LDAP::GroupDN more than once? If you're still following me, I'd like to use AuthModule::LDAP::GroupDN once for each AD group present, so I don't need to maintain a separate list of groups in AD, to signify which users can have access to what, outside of the one-AD-group-per-OTRS-queue system that I'm shooting for.
Am I going about this the right way? In theory, this all looks great :)
AuthModule::LDAP::GroupDN is for limiting the login to certain people based on the AD configuration.
If you want to control the permissioning within OTRS based on AD Groups please have a look at Defaults.pm starting at line 421 (if you use OTRS 2.4.5) or search for "AuthSyncModule". There you can copy the example configuration, copy that to Config.pm and configure the the connection to your needs. A few lines below that there is a configuration starting with "AuthSyncModule::LDAP::UserSyncRolesDefinition", this is used to define which Role shall be assigned to an authenticated Agent based on the AD Group DN and based on the Agents memberships.
I hope that helps .....
((enjoy))
Nils Leideck
Good afternoon, Nils - I sincerely appreciate your reply, and it did help, thanks. I think I was confused on the subsequent AuthModule::LDAP::AccessAttr, which did not seem to work as I had expected it to. I eventually got it working, but I think that it led me in the wrong direction when dealing with AuthModule::LDAP::GroupDN Thanks -dant