Hi Dant, On 12.01.2010, at 23:35, Dan Trainor wrote:
My question is, however, can I use AuthModule::LDAP::GroupDN more than once? If you're still following me, I'd like to use AuthModule::LDAP::GroupDN once for each AD group present, so I don't need to maintain a separate list of groups in AD, to signify which users can have access to what, outside of the one-AD-group-per-OTRS-queue system that I'm shooting for.
Am I going about this the right way? In theory, this all looks great :)
AuthModule::LDAP::GroupDN is for limiting the login to certain people based on the AD configuration. If you want to control the permissioning within OTRS based on AD Groups please have a look at Defaults.pm starting at line 421 (if you use OTRS 2.4.5) or search for "AuthSyncModule". There you can copy the example configuration, copy that to Config.pm and configure the the connection to your needs. A few lines below that there is a configuration starting with "AuthSyncModule::LDAP::UserSyncRolesDefinition", this is used to define which Role shall be assigned to an authenticated Agent based on the AD Group DN and based on the Agents memberships. I hope that helps ..... ((enjoy)) Nils Leideck -- Nils Leideck Senior Consultant nils.leideck@leidex.net nils.leideck@otrs.com http://webint.cryptonode.de / a Fractal project CU @ CeBIT 2010 in Hannover, Germany and get to know more about OTRS at booth no. C37 in hall 2 from March 2-6, 2010!