Re: [otrs] Sync LDAP Agent Roles in OTRS v2.4

7 Nov 2009

      Hi all,

Am 07.11.2009 um 21:57 schrieb Adam Bator:
...
I would also like to see an answer to this one :(
Josh Higgins pisze:
...
Does anyone have a sample configuration of syncing LDAP groups to  
OTRS roles in v2.4?
this changed in 2.4.4.
Here is a example configuration (Defaults.pm line # 414) for having  
roles assigned based on ldap group assignment:

     # This is an example configuration for an LDAP auth sync. backend.
     # (take care that Net::LDAP is installed!)
     $Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
     $Self->{'AuthSyncModule::LDAP::Host'} = 'ldap.example.com';
     $Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=example,dc=com';
     $Self->{'AuthSyncModule::LDAP::UID'} = 'uid';

     # The following is valid but would only be necessary if the
     # anonymous user do NOT have permission to read from the LDAP tree
#    $Self->{'AuthSyncModule::LDAP::SearchUserDN'} = '';
#    $Self->{'AuthSyncModule::LDAP::SearchUserPw'} = '';

     # in case you want to add always one filter to each ldap query, use
     # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter  
=> '(objectclass=user)'
#    $Self->{'AuthSyncModule::LDAP::AlwaysFilter'} = '';

     # AuthSyncModule::LDAP::UserSyncMap
     # (map if agent should create/synced from LDAP to DB after  
successful login)
     $Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
         # DB -> LDAP
         UserFirstname => 'givenName',
         UserLastname  => 'sn',
         UserEmail     => 'mail',
     };

     # In case you need to use OTRS in iso-charset, you can define this
     # by using this option (converts utf-8 data from LDAP to iso).
#    $Self->{'AuthSyncModule::LDAP::Charset'} = 'iso-8859-1';

     # Net::LDAP new params (if needed - for more info see perldoc  
Net::LDAP)
#    $Self->{'AuthSyncModule::LDAP::Params'} = {
#        port    => 389,
#        timeout => 120,
#        async   => 0,
#        version => 3,
#    };

     # Die if backend can't work, e. g. can't connect to server.
#    $Self->{'AuthSyncModule::LDAP::Die'} = 1;

     # Attributes needed for group syncs
     # (attribute name for group value key)
     $Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'memberUid';
     # (attribute for type of group content UID/DN for full ldap name)
#    $Self->{'AuthSyncModule::LDAP::UserAttr'} = 'UID';
     $Self->{'AuthSyncModule::LDAP::UserAttr'} = 'DN';

     # AuthSyncModule::LDAP::UserSyncInitialGroups
     # (sync following group with rw permission after initial create  
of first agent
     # login)
#    $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
#        'users',
#    ];

     # AuthSyncModule::LDAP::UserSyncRolesDefinition
     # (If "LDAP" was selected for AuthModule and you want to sync LDAP
     # groups to otrs roles, define the following.)
     $Self->{'AuthSyncModule::LDAP::UserSyncRolesDefinition'} = {
         # ldap group
         'cn=agent,o=otrs' => {
             # otrs role
             'role1' => 1,
             'role2' => 0,
         },
         'cn=agent2,o=otrs' => {
             'role3' => 1,
         }
     };

Nils Leideck

-- 
Nils Leideck
Senior Consultant
nils.leideck@leidex.net

LeideX.net
Nils Leideck - ITSM
Greesbergstr. 11
D - 50668 Köln Altstadt-Nord

Mobile	: 	+49 (0) 173 2733 892
Tel.		: 	+49 (0) 221 1689 6910
FAX		: 	+49 (0) 221 2711 285

Geschäftssitz: Köln Altstadt-Nord, Amtsgericht: Köln, HRB 10751
Steuernummer: 215/5102/2272, IdNr: 49 303 782 567

http://webint.cryptonode.de / a Fractal project