Settings Customer Group Permissions via LDAP.

newer
I am installing a server to use...

John Stafford

16 Dec 2009 16 Dec '09

11:01 p.m.

I would like customers to only be able to see certain queues based on their permission settings via groups in AD. I already have this working for agents (Agent 1 can see queue A, and Agent 2 can see queue B, but not vice versa). I need this for customers as well, as I don't to overwhelm customers with too many queues to choose from (and I have too many thousands of customers to do this manually). Has anyone else solved this? Thanks, --John

Attachments:

attachment.html (text/html — 2.4 KB)

Show replies by date

Leonardo Certuche

16 Dec 16 Dec

11:38 p.m.

Hi John, I don't know if it fits your environment but what we did was to give customers permissions to a single queue which is managed by a group of first level agents who route tickets to the other queues. About your 'Agent 1 can see queue A, and Agent 2 can see queue B, but not vice versa' configuration, I'd love if you share it with us, I tried that but never worked for me, probably knowing your working configuration will help (not only me) to accomplish it :) regards, Leonardo Certuche On Wed, Dec 16, 2009 at 6:01 PM, John Stafford wrote:

...

I would like customers to only be able to see certain queues based on their permission settings via groups in AD. I already have this working for agents (Agent 1 can see queue A, and Agent 2 can see queue B, but not vice versa). I need this for customers as well, as I don’t to overwhelm customers with too many queues to choose from (and I have too many thousands of customers to do this manually).

Has anyone else solved this?

Thanks,

*--John*

--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/

John Stafford

11:57 p.m.

My main reasoning for OTRS is to automate as much as possible, I'd prefer not to have first level agents triaging every single issue. Below is an example of hour I sorted the groups based on AD (any queue name company specific has been removed, incase you were wondering why the logic didn't make a whole lot of sense). Hope that helps. $Self->{'AuthSyncModule::LDAP::UserSyncGroupsDefinition'} = { # ldap group 'CN=Group_A,OU=xxx,OU=Groups,DC=ld,DC=corp,DC=local' => { # otrs group 'faq' => { rw => 1, ro => 1, }, 'faq_admin' => { rw => 1, ro => 1, }, 'stats' => { rw => 1, ro => 1, }, 'users' => { rw => 1, ro => 1, }, }, 'CN=Group_B,OU=xxx,OU=Groups,DC=ld,DC=corp,DC=local' => { 'faq' => { rw => 1, ro => 1, }, 'faq_admin' => { rw => 0, ro => 0, }, 'stats' => { rw => 0, ro => 0, }, }, 'CN=Group_C,OU=xxx,OU=Groups,DC=ld,DC=corp,DC=local' => { 'faq' => { rw => 0, ro => 0, }, 'faq_admin' => { rw => 0, ro => 0, }, 'stats' => { rw => 0, ro => 0, }, 'users' => { rw => 0, ro => 0, }, }, 'CN=Group_C,OU=xxx,OU=Groups,DC=ld,DC=corp,DC=local' => { 'Random Group' => { rw => 1, ro => 1, }, }, 'CN=Group_D,OU=xxx,OU=Groups,DC=ld,DC=corp,DC=local' => { 'admin' => { rw => 1, ro => 1, }, } }; --John ________________________________ From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On Behalf Of Leonardo Certuche Sent: Wednesday, December 16, 2009 3:39 PM To: User questions and discussions about OTRS. Subject: Re: [otrs] Settings Customer Group Permissions via LDAP. Hi John, I don't know if it fits your environment but what we did was to give customers permissions to a single queue which is managed by a group of first level agents who route tickets to the other queues. About your 'Agent 1 can see queue A, and Agent 2 can see queue B, but not vice versa' configuration, I'd love if you share it with us, I tried that but never worked for me, probably knowing your working configuration will help (not only me) to accomplish it :) regards, Leonardo Certuche On Wed, Dec 16, 2009 at 6:01 PM, John Stafford wrote: I would like customers to only be able to see certain queues based on their permission settings via groups in AD. I already have this working for agents (Agent 1 can see queue A, and Agent 2 can see queue B, but not vice versa). I need this for customers as well, as I don't to overwhelm customers with too many queues to choose from (and I have too many thousands of customers to do this manually). Has anyone else solved this? Thanks, --John --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/

Leonardo Certuche

17 Dec 17 Dec

12:22 a.m.

Thanks Jon! I'll give it a try. Hopefully someone else has accomplised what you expect, best of luck with that Leonardo Certuche On Wed, Dec 16, 2009 at 6:57 PM, John Stafford wrote:

...

My main reasoning for OTRS is to automate as much as possible, I’d prefer not to have first level agents triaging every single issue.

Below is an example of hour I sorted the groups based on AD (any queue name company specific has been removed, incase you were wondering why the logic didn’t make a whole lot of sense).

Hope that helps.

$Self->{'AuthSyncModule::LDAP::UserSyncGroupsDefinition'} = {

# ldap group

'CN=Group_A,OU=xxx,OU=Groups,DC=ld,DC=corp,DC=local' => {

# otrs group

'faq' => {

rw => 1,

ro => 1,

},

'faq_admin' => {

rw => 1,

ro => 1,

},

'stats' => {

rw => 1,

ro => 1,

},

'users' => {

rw => 1,

ro => 1,

},

},

'CN=Group_B,OU=xxx,OU=Groups,DC=ld,DC=corp,DC=local' => {

'faq' => {

rw => 1,

ro => 1,

},

'faq_admin' => {

rw => 0,

ro => 0,

},

'stats' => {

rw => 0,

ro => 0,

},

},

'CN=Group_C,OU=xxx,OU=Groups,DC=ld,DC=corp,DC=local' => {

'faq' => {

rw => 0,

ro => 0,

},

'faq_admin' => {

rw => 0,

ro => 0,

},

'stats' => {

rw => 0,

ro => 0,

},

'users' => {

rw => 0,

ro => 0,

},

},

'CN=Group_C,OU=xxx,OU=Groups,DC=ld,DC=corp,DC=local' => {

'Random Group' => {

rw => 1,

ro => 1,

},

},

'CN=Group_D,OU=xxx,OU=Groups,DC=ld,DC=corp,DC=local' => {

'admin' => {

rw => 1,

ro => 1,

},

}

};

*--John*** ------------------------------

*From:* otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] *On Behalf Of *Leonardo Certuche *Sent:* Wednesday, December 16, 2009 3:39 PM *To:* User questions and discussions about OTRS. *Subject:* Re: [otrs] Settings Customer Group Permissions via LDAP.

Hi John,

I don't know if it fits your environment but what we did was to give customers permissions to a single queue which is managed by a group of first level agents who route tickets to the other queues.

About your 'Agent 1 can see queue A, and Agent 2 can see queue B, but not vice versa' configuration, I'd love if you share it with us, I tried that but never worked for me, probably knowing your working configuration will help (not only me) to accomplish it :)

regards,

Leonardo Certuche

On Wed, Dec 16, 2009 at 6:01 PM, John Stafford wrote:

I would like customers to only be able to see certain queues based on their permission settings via groups in AD. I already have this working for agents (Agent 1 can see queue A, and Agent 2 can see queue B, but not vice versa). I need this for customers as well, as I don’t to overwhelm customers with too many queues to choose from (and I have too many thousands of customers to do this manually).

Has anyone else solved this?

Thanks,

*--John*

--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/

--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/

5692

Age (days ago)

5693

Last active (days ago)

List overview

Download

3 comments

2 participants

participants (2)

John Stafford
Leonardo Certuche