RE: [otrs] ldap customer auth

Sorry to take so long to reply. I'm afraid I didn't bookmark any URLs but found them all on google.fr with "otrs ldap" - many were in french . . . Here's the Config.pm that works for me - let me know if anything is not clear: # **************************************************** # # insert your own config settings "here" # # config settings taken from Kernel/Config/Defaults.pm # # **************************************************** # $Self->{'SendmailModule'} = 'Kernel::System::Email::SMTP'; $Self->{'SendmailModule::Host'} = 'our.smtp.server'; $Self->{'SendmailModule::Port'} = '25'; # UserSyncLDAPMap # (map if agent should create/synced from LDAP to DB after login) $Self->{UserSyncLDAPMap} = { # DB -> LDAP Firstname => 'givenName', Lastname => 'sn', Email => 'mail', }; $Self->{'SystemID'} = 10; $Self->{'SecureMode'} = 1; $Self->{'Organization'} = 'our company'; use locale; Self->{'AdminEmail'} = 'my@email.com'; $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self->{'AuthModule::LDAP::Host'} = 'LDAP-AD.domain.suffixe'; $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=domain,dc=suffixe'; $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self->{'AuthModule::LDAP::SearchUserDN'} = 'cn=otrs,cn=users,dc=domain,dc=suffixe'; $Self->{'AuthModule::LDAP::SearchUserPw'} = 'xxxxxxxx'; $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self->{'Customer::AuthModule::LDAP::Host'} = 'LDAP-AD.domain.suffixe'; $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=domain,dc=suffixe'; $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=otrs,cn=users,dc=domain,dc=suffixe'; $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'xxxxxxxx'; $Self->{CustomerUser1} = { Module => 'Kernel::System::CustomerUser::LDAP', Params => { # ldap host Host => 'LDAP-AD.domain.suffixe', # ldap base dn BaseDN => 'dc=domain,dc=suffixe', # search scope (one|sub) SSCOPE => 'sub', # The following is valid but would only be necessary if the # anonymous user does NOT have permission to read from the LDAP tree UserDN => 'cn=otrs,cn=users,dc=domain,dc=suffixe', UserPw => 'xxxxxxxx', AlwaysFilter => '', SourceCharset => 'utf-8', DestCharset => 'iso-8859-1', }, # customer uniq id CustomerKey => 'sAMAccountName', # customer # CustomerID => 'uid', CustomerUserListFields => ['userPrincipalName'], CustomerUserSearchFields => ['sAMAccountName', 'sn', 'givenname'], CustomerUserSearchPrefix => '', CustomerUserSearchSuffix => '*', CustomerUserSearchListLimit => 250, CustomerUserPostMasterSearchFields => ['uid'], CustomerUserNameFields => ['givenname', 'sn'], Map => [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown, required, storage-type [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ], [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ], [ 'UserCustomerID', 'CustomerID', 'userPrincipalName', 0, 1, 'var' ], [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ], ], }; $Self->{CustomerUser2} = { Module => 'Kernel::System::CustomerUser::LDAP', Params => { # ldap host Host => 'sfbelgique.suffixe.world', # ldap base dn BaseDN => 'dc=suffixe,dc=world', # search scope (one|sub) SSCOPE => 'sub', # The following is valid but would only be necessary if the # anonymous user does NOT have permission to read from the LDAP tree UserDN => 'cn=otrs,cn=users,dc=suffixe,dc=world', UserPw => 'xxxxxxxx', AlwaysFilter => '', SourceCharset => 'utf-8', DestCharset => 'iso-8859-1', }, # customer uniq id CustomerKey => 'sAMAccountName', # customer # CustomerID => 'uid', CustomerUserListFields => ['userPrincipalName'], CustomerUserSearchFields => ['sAMAccountName','sn', 'givenname'], CustomerUserSearchPrefix => '', CustomerUserSearchSuffix => '*', CustomerUserSearchListLimit => 250, CustomerUserPostMasterSearchFields => ['uid'], CustomerUserNameFields => ['givenname', 'sn'], Map => [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown, required, storage-type [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ], [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ], [ 'UserCustomerID', 'CustomerID', 'userPrincipalName', 0, 1, 'var' ], [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ], ], }; # ---------------------------------------------------- # # ---------------------------------------------------- # # # # End of your own config options!!! # # # # ---------------------------------------------------- # # ---------------------------------------------------- # -----Original Message----- From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On Behalf Of "Pussy da Silva Green" Sent: Monday, June 25, 2007 10:26 AM To: User questions and discussions about OTRS.org Subject: Re: [otrs] ldap customer auth Hello, I'm having some troubles to configure my OTRS no authenticate the users via LDAP. Can you send me some URLs that guided you and, perhaps, you config files? Cheers, On 6/23/07, craig@aronet.com wrote: Hello, I've ldap authentification set up and working perfectly (thanks to all those whose tutorials were available by Google). Now I'd like (but perhaps this is simply not possible ?) to let customers login from another LDAP server (AD actually), I can see them from an admin login but when they try to login it just looks in the first LDAP server (I must point out that these ADs are completely autonomous and unrelated). It would be great if it is possible but even without OTRS is fantastic ! Thanks in advance, Adam _______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support or consulting for your OTRS system? => http://www.otrs.com/ _______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support or consulting for your OTRS system? => http://www.otrs.com/