Sync LDAP Agent Roles in OTRS v2.4
Does anyone have a sample configuration of syncing LDAP groups to OTRS roles in v2.4? I'm not able to sync LDAP (active directory) user groups to OTRS roles in v2.4.4. This worked in v 2.3.4 with this configuration in Config.pm: $Self->{'UserSyncLDAPRolesDefinition'} = { # LDAP group 'CN=OtrsAdminRole,CN=Users,DC=domainname,DC=local' => { # OTRS role 'OTRS Admins' => 1, }, }; It appears the name of the module has changed, but changing the name of the module in my code doesn't seem to help any. I enabled debug and I'm not getting any helpful feedback regarding LDAP. Here's the current code in Config.pm on my test system running OTRS 2.4.4: $Self->{'AuthSyncModule::LDAP::UserSyncRolesDefinition'} = { 'CN=OtrsAdminRole,CN=Users,DC=domainname,DC=local' => { # OTRS role 'OTRS Admins' => 1, }, }; $Self->{Debug} = 3 Any suggestions? Thanks, Josh Higgins
I would also like to see an answer to this one :( Josh Higgins pisze:
Does anyone have a sample configuration of syncing LDAP groups to OTRS roles in v2.4?
I’m not able to sync LDAP (active directory) user groups to OTRS roles in v2.4.4. This worked in v 2.3.4 with this configuration in Config.pm:
$Self->{'UserSyncLDAPRolesDefinition'} = {
# LDAP group
'CN=OtrsAdminRole,CN=Users,DC=domainname,DC=local' => {
# OTRS role
'OTRS Admins' => 1,
},
};
It appears the name of the module has changed, but changing the name of the module in my code doesn’t seem to help any. I enabled debug and I’m not getting any helpful feedback regarding LDAP. Here’s the current code in Config.pm on my test system running OTRS 2.4.4:
$Self->{'AuthSyncModule::LDAP::UserSyncRolesDefinition'} = {
'CN=OtrsAdminRole,CN=Users,DC=domainname,DC=local' => {
# OTRS role
'OTRS Admins' => 1,
},
};
$Self->{Debug} = 3
Any suggestions?
Thanks,
Josh Higgins
------------------------------------------------------------------------
--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
Hi all, Am 07.11.2009 um 21:57 schrieb Adam Bator:
I would also like to see an answer to this one :(
Josh Higgins pisze:
Does anyone have a sample configuration of syncing LDAP groups to OTRS roles in v2.4?
this changed in 2.4.4. Here is a example configuration (Defaults.pm line # 414) for having roles assigned based on ldap group assignment: # This is an example configuration for an LDAP auth sync. backend. # (take care that Net::LDAP is installed!) $Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP'; $Self->{'AuthSyncModule::LDAP::Host'} = 'ldap.example.com'; $Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=example,dc=com'; $Self->{'AuthSyncModule::LDAP::UID'} = 'uid'; # The following is valid but would only be necessary if the # anonymous user do NOT have permission to read from the LDAP tree # $Self->{'AuthSyncModule::LDAP::SearchUserDN'} = ''; # $Self->{'AuthSyncModule::LDAP::SearchUserPw'} = ''; # in case you want to add always one filter to each ldap query, use # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)' # $Self->{'AuthSyncModule::LDAP::AlwaysFilter'} = ''; # AuthSyncModule::LDAP::UserSyncMap # (map if agent should create/synced from LDAP to DB after successful login) $Self->{'AuthSyncModule::LDAP::UserSyncMap'} = { # DB -> LDAP UserFirstname => 'givenName', UserLastname => 'sn', UserEmail => 'mail', }; # In case you need to use OTRS in iso-charset, you can define this # by using this option (converts utf-8 data from LDAP to iso). # $Self->{'AuthSyncModule::LDAP::Charset'} = 'iso-8859-1'; # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP) # $Self->{'AuthSyncModule::LDAP::Params'} = { # port => 389, # timeout => 120, # async => 0, # version => 3, # }; # Die if backend can't work, e. g. can't connect to server. # $Self->{'AuthSyncModule::LDAP::Die'} = 1; # Attributes needed for group syncs # (attribute name for group value key) $Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'memberUid'; # (attribute for type of group content UID/DN for full ldap name) # $Self->{'AuthSyncModule::LDAP::UserAttr'} = 'UID'; $Self->{'AuthSyncModule::LDAP::UserAttr'} = 'DN'; # AuthSyncModule::LDAP::UserSyncInitialGroups # (sync following group with rw permission after initial create of first agent # login) # $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [ # 'users', # ]; # AuthSyncModule::LDAP::UserSyncRolesDefinition # (If "LDAP" was selected for AuthModule and you want to sync LDAP # groups to otrs roles, define the following.) $Self->{'AuthSyncModule::LDAP::UserSyncRolesDefinition'} = { # ldap group 'cn=agent,o=otrs' => { # otrs role 'role1' => 1, 'role2' => 0, }, 'cn=agent2,o=otrs' => { 'role3' => 1, } }; Nils Leideck -- Nils Leideck Senior Consultant nils.leideck@leidex.net LeideX.net Nils Leideck - ITSM Greesbergstr. 11 D - 50668 Köln Altstadt-Nord Mobile : +49 (0) 173 2733 892 Tel. : +49 (0) 221 1689 6910 FAX : +49 (0) 221 2711 285 Geschäftssitz: Köln Altstadt-Nord, Amtsgericht: Köln, HRB 10751 Steuernummer: 215/5102/2272, IdNr: 49 303 782 567 http://webint.cryptonode.de / a Fractal project
participants (3)
-
Adam Bator -
Josh Higgins -
Nils Leideck - ITSM