I have set up OTRS with LDAP authentication, and got it to work with users I define in OTRS. Is it possible to not define the users in OTRS at all, and let it use the LDAP for all other user information? - I checked, and no. To do that would mean that instead of querying the OTRS database for information about the user, OTRS would have to query LDAP. (once it got the user info, including UserNumber, it could save the user data in the local table). I cannot understand why do I need to define users that are already defined in LDAP. This is a common theme with most applications that have the concept of users. Dan
Hi Dan,
First of all, let me make clear that OTRS has two kinds of users:
Customer users, or customers, who can log in to the customer front
end, and agents, or the people who have to 'do the actual work'.
For customer users you can define a data source in LDAP and there's no
need to add them to the database.
Agents, on the other hand, need to be stored in the OTRS database. But
the good news is that you can let OTRS create an account in the
database on login time. For this you would need to define a so-called
AuthSyncModule. It's described here:
http://doc.otrs.org/2.4/en/html/x1867.html#configuration-agent-auth-backend-...
You can define initial groups, which will be valid for all LDAP users,
and you can even define group or role membership in OTRS based on LDAP
groups, so all of your user management can be done inside OTRS. Look
at Kernel/Config/Defaults.pm for examples, and copy the relevant
sections to Kernel/Config.pm.
# AuthSyncModule::LDAP::UserSyncGroupsDefinition
# (If "LDAP" was selected for AuthModule and you want to sync LDAP
# groups to otrs groups, define the following.)
# $Self->{'AuthSyncModule::LDAP::UserSyncGroupsDefinition'} = {
# # ldap group
# 'cn=agent,o=otrs' => {
# # otrs group
# 'admin' => {
# # permission
# rw => 1,
# ro => 1,
# },
# 'faq' => {
# rw => 0,
# ro => 1,
# },
# },
# 'cn=agent2,o=otrs' => {
# 'users' => {
# rw => 1,
# ro => 1,
# },
# }
# };
# AuthSyncModule::LDAP::UserSyncRolesDefinition
# (If "LDAP" was selected for AuthModule and you want to sync LDAP
# groups to otrs roles, define the following.)
# $Self->{'AuthSyncModule::LDAP::UserSyncRolesDefinition'} = {
# # ldap group
# 'cn=agent,o=otrs' => {
# # otrs role
# 'role1' => 1,
# 'role2' => 0,
# },
# 'cn=agent2,o=otrs' => {
# 'role3' => 1,
# }
# };
Hope this helps,
--
Michiel Beijen
R&D
OTRS AG
Norsk-Data-Str 1.
61352 Bad Homburg
Germany
T: +31 (0) 6457 42418
F: +49 (0) 9421 56818-18
I: http://www.otrs.com/
Business location: Bad Homburg, Country Court: Bad Homburg, HRB 10751,
VAT ID: DE256610065
Chairman: Burchard Steinbild, Managing Board: André Mindermann
CU@ CeBIT 2010 in Hannover (Germany) and get to know more about OTRS
at booth no. C37, in hall 2 from March 2-6, 2010! http://bit.ly/4qLvqm
On Mon, Dec 21, 2009 at 4:31 PM, Dan Bar Dov
I have set up OTRS with LDAP authentication, and got it to work with users I define in OTRS.
Is it possible to not define the users in OTRS at all, and let it use the LDAP for all other user information? - I checked, and no.
To do that would mean that instead of querying the OTRS database for information about the user, OTRS would have to query LDAP. (once it got the user info, including UserNumber, it could save the user data in the local table).
I cannot understand why do I need to define users that are already defined in LDAP. This is a common theme with most applications that have the concept of users.
Dan
--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
participants (2)
-
Dan Bar Dov -
Michiel Beijen