Confusion: admin users, LDAP user database support
Hi all, Having just installed a new instance of OTRS, I installed and configured it against a Postgres database, and after install I was able to log in using the default root@localhost user. I then tried to add the "CustomerUser' variable to the config file to authenticate against LDAP. I am now unable to log in at all. There are a number of points I could not find stated anywhere obvious in the manual: - There seem to be "admins", "agents" and "customers". Can you authenticate all three against LDAP? Only customers against LDAP? The manual imples only customers can be authenticated against LDAP, but then when I turned on customer authentication, agent authentication stopped working. - If agent auth is supported against LDAP, how does the initial admin user get set up (if any)? Must I create a user in my LDAP directory called root@localhost? How do I create additional admins? - If basic authentication is switched on, which parts of the /otrs/ directory needs to be protected with basic authentication? The entire directory? Only customer.pl? I am using OTRS v2.0.4. Regards, Graham --
2006/3/25, Graham Leggett
Hi all,
Having just installed a new instance of OTRS, I installed and configured it against a Postgres database, and after install I was able to log in using the default root@localhost user.
I then tried to add the "CustomerUser' variable to the config file to authenticate against LDAP. I am now unable to log in at all.
There are a number of points I could not find stated anywhere obvious in the manual:
- There seem to be "admins", "agents" and "customers". Can you authenticate all three against LDAP? Only customers against LDAP?
In fact there are only agents and customers. Admins are just agents that have admin rights. For agents or customers you can choose the authentification backend (DB, LDAP or whathever) For instance : - DB for agents and DB for customers - DB for agents and LDAP for customers - LDAP for agents and DB for customers - LDAP for agents and LDAP for customers The manual imples only customers can be authenticated against LDAP, but
then when I turned on customer authentication, agent authentication stopped working.
It should works. Agent backend and customer backend are separated. Are you sure you use the agent web frontend (and not the customer one)? - If agent auth is supported against LDAP, how does the initial admin
user get set up (if any)? Must I create a user in my LDAP directory called root@localhost? How do I create additional admins?
Before switching to LDAP you can create an agent account (which is yet in the LDAP backend) in the DB backend with the admin rights (add it in the admin group for instance). After switching use this account for OTRS administration. - If basic authentication is switched on, which parts of the /otrs/
directory needs to be protected with basic authentication? The entire directory? Only customer.pl?
I am using OTRS v2.0.4.
Regards, Graham --
_______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? => http://www.otrs.de/
Sébastien Prud'homme wrote:
In fact there are only agents and customers. Admins are just agents that have admin rights.
Ok, this makes sense.
For agents or customers you can choose the authentification backend (DB, LDAP or whathever)
For instance :
- DB for agents and DB for customers - DB for agents and LDAP for customers - LDAP for agents and DB for customers - LDAP for agents and LDAP for customers
The manual only describes how to set up LDAP for customers, it makes no mention how to set LDAP up for agents. :( Is setting up LDAP for agents the same as setting up for customers but with a different variable for $Self->{CustomerUser}? How does this work?
Before switching to LDAP you can create an agent account (which is yet in the LDAP backend) in the DB backend with the admin rights (add it in the admin group for instance). After switching use this account for OTRS administration.
Am I correct in understanding that for agents, you need to create the admin in the database, and then use LDAP just for authentication only? Is it possible to create more admin users after switching LDAP on for agents? Regards, Graham --
2006/3/25, Graham Leggett
Sébastien Prud'homme wrote:
In fact there are only agents and customers. Admins are just agents that have admin rights.
Ok, this makes sense.
For agents or customers you can choose the authentification backend (DB, LDAP or whathever)
For instance :
- DB for agents and DB for customers - DB for agents and LDAP for customers - LDAP for agents and DB for customers - LDAP for agents and LDAP for customers
The manual only describes how to set up LDAP for customers, it makes no mention how to set LDAP up for agents. :(
Is setting up LDAP for agents the same as setting up for customers but with a different variable for $Self->{CustomerUser}? How does this work?
Just read the Config/Default.pm to see how you can use LDAP for agent authentification. The first interesting line is : $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
Before switching to LDAP you can create an agent account (which is yet
in the LDAP backend) in the DB backend with the admin rights (add it in the admin group for instance). After switching use this account for OTRS administration.
Am I correct in understanding that for agents, you need to create the admin in the database, and then use LDAP just for authentication only?
For agents, LDAP is just for authentification. Agents groups, roles and rights (ACL) are in the OTRS database (independant from the authentification backend) For customers, you can use LDAP either for authentication or for getting customer informations (phone, address, ...), or both. Is it possible to create more admin users after switching LDAP on for
agents?
No problem Regards,
Graham --
_______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? => http://www.otrs.de/
participants (2)
-
Graham Leggett -
Sébastien Prud'homme