Sync Active Directory Groups and Otrs Roles in OTRS 2.4.6
Hi all, I try to sync Active Directory groups and Otrs Roles in OTRS 2.4.6. In found this doc http://lists.otrs.org/pipermail/otrs/2009-November/029206.html from the list. But if have some problem to implement it. Before testing, OTRS works fine with AD sync for Agents. I have created 1 AD group called Inscriptions like this cn=Inscriptions,ou=OTRS,ou=Pro,dc=exploitation,dc=local I put the AD account of 1 agent into it (in AD, adlogin). I modified my Config.pm file like this : $Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'member'; # I have test memberOf, MemberOf, memberUid $Self->{'AuthSyncModule::LDAP::UserAttr'} = 'DN'; # AuthSyncModule::LDAP::UserSyncInitialGroups # (sync following group with rw permission after initial create of first agent login) $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [ 'users', ]; $Self->{'AuthSyncModule::LDAP::UserSyncRolesDefinition'} = { # ldap group 'cn=Inscriptions,ou=OTRS,ou=Pro,dc=exploitation,dc=local' => { # otrs role 'Inscriptions' => 1, } }; In OTRS log if have this: User: adlogin not in GroupDN='cn=Inscriptions,ou=OTRS,ou=Pro,dc=exploitation,dc=local', Filter='(member=CN=My Name,OU=Pro,DC=exploitation,DC=local)'! (REMOTE_ADDR: X.X.X.X). User: 'adlogin' sync ldap groups cn=Inscriptions,ou=OTRS,ou=Pro,dc=exploitation,dc=local to roles! User: 'adlogin' changed password successfully! User: 'adlogin' updated successfully (1)! User: adlogin (CN=My Name,OU=Pro,DC=exploitation,DC=local) authentication ok (REMOTE_ADDR: X.X.X.X). adlogin = my sAMAccountName, member of AD group Inscriptions I think OTRS find the AD group (if I give an unkown name, I have an other error), but can't test if the agent account is member of the group. Anyone have an idea ?? Thanks in advance for your help. OTRS is a great product and I like it ;-) -- Guillaume REHM Centre de Ressources Informatiques Responsable Sécurité du Système d'Information (RSSI) Bibliothèque Nationale et Universitaire de Strasbourg 5 rue du Maréchal Joffre BP 51029 67070 Strasbourg tél: 03 88 25 28 23 fax: 03 88 25 28 03 mail: guillaume.rehm@bnu.fr web: http://www.bnu.fr
I find the solution. But I can't explain why !! I delete my AD groups and recreate them !! Le 01/02/2010 12:27, Guillaume Rehm a écrit :
Hi all,
I try to sync Active Directory groups and Otrs Roles in OTRS 2.4.6.
In found this doc http://lists.otrs.org/pipermail/otrs/2009-November/029206.html from the list.
But if have some problem to implement it.
Before testing, OTRS works fine with AD sync for Agents.
I have created 1 AD group called Inscriptions like this cn=Inscriptions,ou=OTRS,ou=Pro,dc=exploitation,dc=local I put the AD account of 1 agent into it (in AD, adlogin).
I modified my Config.pm file like this :
$Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'member'; # I have test memberOf, MemberOf, memberUid
$Self->{'AuthSyncModule::LDAP::UserAttr'} = 'DN'; # AuthSyncModule::LDAP::UserSyncInitialGroups # (sync following group with rw permission after initial create of first agent login) $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [ 'users', ];
$Self->{'AuthSyncModule::LDAP::UserSyncRolesDefinition'} = { # ldap group 'cn=Inscriptions,ou=OTRS,ou=Pro,dc=exploitation,dc=local' => { # otrs role 'Inscriptions' => 1, }
};
In OTRS log if have this:
User: adlogin not in GroupDN='cn=Inscriptions,ou=OTRS,ou=Pro,dc=exploitation,dc=local', Filter='(member=CN=My Name,OU=Pro,DC=exploitation,DC=local)'! (REMOTE_ADDR: X.X.X.X). User: 'adlogin' sync ldap groups cn=Inscriptions,ou=OTRS,ou=Pro,dc=exploitation,dc=local to roles! User: 'adlogin' changed password successfully! User: 'adlogin' updated successfully (1)! User: adlogin (CN=My Name,OU=Pro,DC=exploitation,DC=local) authentication ok (REMOTE_ADDR: X.X.X.X).
adlogin = my sAMAccountName, member of AD group Inscriptions
I think OTRS find the AD group (if I give an unkown name, I have an other error), but can't test if the agent account is member of the group.
Anyone have an idea ??
Thanks in advance for your help.
OTRS is a great product and I like it ;-) -- Guillaume REHM Centre de Ressources Informatiques Responsable Sécurité du Système d'Information (RSSI)
Bibliothèque Nationale et Universitaire de Strasbourg 5 rue du Maréchal Joffre BP 51029 67070 Strasbourg
tél: 03 88 25 28 23 fax: 03 88 25 28 03 mail:guillaume.rehm@bnu.fr web:http://www.bnu.fr
--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
-- Guillaume REHM Centre de Ressources Informatiques Responsable Sécurité du Système d'Information (RSSI) Bibliothèque Nationale et Universitaire de Strasbourg 5 rue du Maréchal Joffre BP 51029 67070 Strasbourg tél: 03 88 25 28 23 fax: 03 88 25 28 03 mail: guillaume.rehm@bnu.fr web: http://www.bnu.fr
participants (1)
-
Guillaume Rehm