Hi all,

Am 07.11.2009 um 21:57 schrieb Adam Bator:
I would also like to see an answer to this one :(

Josh Higgins pisze:
Does anyone have a sample configuration of syncing LDAP groups to OTRS roles in v2.4?

this changed in 2.4.4.
Here is a example configuration (Defaults.pm line # 414) for having roles assigned based on ldap group assignment:


    # This is an example configuration for an LDAP auth sync. backend.
    # (take care that Net::LDAP is installed!)
    $Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
    $Self->{'AuthSyncModule::LDAP::Host'} = 'ldap.example.com';
    $Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=example,dc=com';
    $Self->{'AuthSyncModule::LDAP::UID'} = 'uid';

    # The following is valid but would only be necessary if the
    # anonymous user do NOT have permission to read from the LDAP tree
#    $Self->{'AuthSyncModule::LDAP::SearchUserDN'} = '';
#    $Self->{'AuthSyncModule::LDAP::SearchUserPw'} = '';

    # in case you want to add always one filter to each ldap query, use
    # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
#    $Self->{'AuthSyncModule::LDAP::AlwaysFilter'} = '';

    # AuthSyncModule::LDAP::UserSyncMap
    # (map if agent should create/synced from LDAP to DB after successful login)
    $Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
        # DB -> LDAP
        UserFirstname => 'givenName',
        UserLastname  => 'sn',
        UserEmail     => 'mail',
    };

    # In case you need to use OTRS in iso-charset, you can define this
    # by using this option (converts utf-8 data from LDAP to iso).
#    $Self->{'AuthSyncModule::LDAP::Charset'} = 'iso-8859-1';

    # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
#    $Self->{'AuthSyncModule::LDAP::Params'} = {
#        port    => 389,
#        timeout => 120,
#        async   => 0,
#        version => 3,
#    };

    # Die if backend can't work, e. g. can't connect to server.
#    $Self->{'AuthSyncModule::LDAP::Die'} = 1;

    # Attributes needed for group syncs
    # (attribute name for group value key)
    $Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'memberUid';
    # (attribute for type of group content UID/DN for full ldap name)
#    $Self->{'AuthSyncModule::LDAP::UserAttr'} = 'UID';
    $Self->{'AuthSyncModule::LDAP::UserAttr'} = 'DN';

    # AuthSyncModule::LDAP::UserSyncInitialGroups
    # (sync following group with rw permission after initial create of first agent
    # login)
#    $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
#        'users',
#    ];

    # AuthSyncModule::LDAP::UserSyncRolesDefinition
    # (If "LDAP" was selected for AuthModule and you want to sync LDAP
    # groups to otrs roles, define the following.)
    $Self->{'AuthSyncModule::LDAP::UserSyncRolesDefinition'} = {
        # ldap group
        'cn=agent,o=otrs' => {
            # otrs role
            'role1' => 1,
            'role2' => 0,
        },
        'cn=agent2,o=otrs' => {
            'role3' => 1,
        }
    };


Nils Leideck

-- 
Nils Leideck
Senior Consultant
nils.leideck@leidex.net

LeideX.net
Nils Leideck - ITSM
Greesbergstr. 11
D - 50668 Köln Altstadt-Nord

Mobile +49 (0) 173 2733 892
Tel. +49 (0) 221 1689 6910
FAX +49 (0) 221 2711 285

Geschäftssitz: Köln Altstadt-Nord, Amtsgericht: Köln, HRB 10751
Steuernummer: 215/5102/2272, IdNr: 49 303 782 567

http://webint.cryptonode.de / a Fractal project