I am trying to get OTRS to pull the customers from our AD through LDAP but can’t seem to get it working. I have dug through old posts and found various suggestions (such as the #UserSyncLDAPMap section at the bottom of my config) but none have seemed to work. My current config is:

 

 

#----config from C:\ProgramFiles\OTRS\Kernel\config.pm----

 

#Enable LDAP authentication for Customers / Users

  $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';

  $Self->{'Customer::AuthModule::LDAP::Host'} = 'DC.Domain.ORG';

  $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=users,dc=domain,dc=org';

  $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';

 

#The following is valid but would only be necessary if the

#anonymous user do NOT have permission to read from the LDAP tree

  $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'Otrsuser';

  $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'password';

 

#CustomerUser

#(customer user database backend and settings)

    $Self->{CustomerUser} = {

      Module => 'Kernel::System::CustomerUser::LDAP',

      Params => {

      Host => 'DC.Domain.ORG',

      BaseDN => 'OU=staff,DC=domain,DC=org',

      SSCOPE => 'sub',

      UserDN =>'domain\Otrsuser',

      UserPw => 'password',

    },

# customer unique id

    CustomerKey => 'sAMAccountName',

    CustomerID => 'mail',

    CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],

    CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],

    CustomerUserSearchPrefix => '',

    CustomerUserSearchSuffix => '*',

    CustomerUserSearchListLimit => 250,

    CustomerUserPostMasterSearchFields => ['mail'],

    CustomerUserNameFields => ['givenname', 'sn'],

    Map => [

      [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],

      [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],

      [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],

      [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],

      [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],

      [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],

    ],

  };

 

   # UserSyncLDAPMap

     # (map if agent should create/synced from LDAP to DB after login)

   $Self->{UserSyncLDAPMap} = {

        # DB -> LDAP

         Firstname => 'givenName',

         Lastname => 'sn',

         Email => 'mail',

     };

 

     # UserSyncLDAPGroups

     # (If "LDAP" was selected for AuthModule, you can specify initial

     # user groups for first login.)

     $Self->{UserSyncLDAPGroups} = [

         'users',

     ];

 

 

 

Thanks for your help,

 

Ryan

 


______________________________________________________________________

This email has been scanned by the Rebekah Children's Services Email Security System.

**** Confidentiality Notice *****

The information contained in this e-mail, and any attachment, is private and confidential and is the property of Rebekah Children's Services. The information is intended only for the use of the intended recipient. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or taking of any action in reliance on the contents of the information is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and destroy all copies of the original message.

All reasonable precautions have been taken to ensure no viruses are present in this e-mail. We do not accept responsibility for any loss or damage arising from the use of this e-mail or attachments. We recommend that you subject these to your virus checking procedures prior to use.
______________________________________________________________________