We have successfully configured customer login via LDAP (AD) but we are still having difficulty with the Agent login.

Can anyone identify the specific parts (entries) in the config.pm that pertain to Agent LDAP login?

Are the local agent accounts then just paired with an LDAP account with the same username? (In other words, to create an agent, would one just create a user in the front end that has the same username as an LDAP account; resulting in a local username that just passes authentication to LDAP?)

Below is a copy of our config.pl:

CONFIG.PM

package Kernel::Config;

sub Load {

my $Self = shift;

# ---------------------------------------------------- #

# #

# Start of your own config options!!! #

# #

# ---------------------------------------------------- #

# database settings #

# ---------------------------------------------------- #

# DatabaseHost

# (The database host.)

$Self->{'DatabaseHost'} = 'localhost';

# Database

# (The database name.)

$Self->{'Database'} = 'otrs';

# DatabaseUser

# (The database user.)

$Self->{'DatabaseUser'} = 'otrs';

# DatabasePw

# (The password of database user. You also can use bin/CryptPassword.pl

# for crypted passwords.)

$Self->{'DatabasePw'} = 'hot';

# DatabaseDSN

# (The database DSN for MySQL ==> more: "man DBD::mysql")

$Self->{DatabaseDSN} = "DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost};";

# (The database DSN for PostgreSQL ==> more: "man DBD::Pg")

# if you want to use a local socket connection

# $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};";

# if you want to use a tcpip connection

# $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};host=$Self->{DatabaseHost};";

# ---------------------------------------------------- #

# fs root directory

# ---------------------------------------------------- #

$Self->{Home} = 'C:/OTRS/otrs';

# ---------------------------------------------------- #

# insert your own config settings "here" #

# config settings taken from Kernel/Config/Defaults.pm #

# ---------------------------------------------------- #

# $Self->{SessionUseCookie} = 0;

# $Self->{'CheckMXRecord'} = 1;

# ---------------------------------------------------- #

# data inserted by installer #

# ---------------------------------------------------- #

$Self->{'LogModule'} = 'Kernel::System::Log::File';

$Self->{'LogModule::LogFile'} = 'C:/OTRS/otrs/var/log/otrs.log';

# $DIBI$

$Self->{'SystemID'} = 10;

$Self->{'SecureMode'} = 1;

$Self->{'Organization'} = 'URMC';

$Self->{'FQDN'} = 'hslt-wowserver';

$Self->{'DefaultLanguage'} = 'en';

$Self->{'AdminEmail'} = some_user@urmc.rochester.edu';

$Self->{'DefaultCharset'} = 'utf-8';

#Enable LDAP authentication for Customers / Users

$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';

$Self->{'Customer::AuthModule::LDAP::Host'} = 'ldap.urmc.rochester.edu:389';

$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=urmc-sh,dc=rochester,dc=edu';

$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';

#The following is valid but would only be necessary if the

#anonymous user do NOT have permission to read from the LDAP tree

$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'CN=LDAP_admin,OU=admin,OU=Miner Library,DC=urmc-sh,DC=rochester,DC=edu';

$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'SOMEPASSWORD123';

#CustomerUser

#(customer user database backend and settings)

$Self->{CustomerUser} = {

Module => 'Kernel::System::CustomerUser::LDAP',

Params => {

Host => 'ldap.urmc.rochester.edu:389',

BaseDN => 'dc=urmc-sh,dc=rochester,dc=edu',

SSCOPE => 'sub',

UserDN =>'CN=LDAP_admin,OU=admin,OU=Miner Library,DC=urmc-sh,DC=rochester,DC=edu',

UserPw => 'SOMEPASSWORD123',

# customer unique id

CustomerKey => 'sAMAccountName',

# customer #

CustomerID => 'mail',

CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],

CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],

CustomerUserSearchPrefix => '',

CustomerUserSearchSuffix => '*',

CustomerUserSearchListLimit => 250,

CustomerUserPostMasterSearchFields => ['mail'],

CustomerUserNameFields => ['givenname', 'sn'],

Map => [

# note: Login, Email and CustomerID needed!

# var, frontend, storage, shown, required, storage-type

#[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],

[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],

[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],

[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],

[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],

[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],

[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],

#[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],

#[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],

};

# UserSyncLDAPMap

# (map if agent should create/synced from LDAP to DB after login)

$Self->{UserSyncLDAPMap} = {

# DB -> LDAP

Firstname => 'givenName',

Lastname => 'sn',

Email => 'mail',

CustomerID => 'mail',

};

#Add the following lines when only users are allowed to login if they reside in the spicified security group

#Remove these lines if you want to provide login to all users specified in the User Base DN

#example: $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=BaseOU, dc=example, dc=com';

# $Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'CN=otrs_ldap_allow_C,OU=Groups,OU=BaseOU,DC=example,DC=com';

# $Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';

# $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN'

# ---------------------------------------------------- #

# #

# End of your own config options!!! #

# #

# ---------------------------------------------------- #

}

# ---------------------------------------------------- #

# needed system stuff (don't edit this) #

# ---------------------------------------------------- #

use strict;

use vars qw(@ISA $VERSION);

use Kernel::Config::Defaults;

push (@ISA, 'Kernel::Config::Defaults');

$VERSION = '$Revision: 1.18 $';

$VERSION =~ s/^\$.*:\W(.*)\W.+?$/$1/;

# -----------------------------------------------------#