I've installed OTRS V. 3.1.1 and just want to configure LDAP Sync. IIn the latest stable Version the following configuration works fine, but now OTRS just checks the authorisation, but is not syncing usergoups or new users to the OTRS Database. Has something changed for it (I couldn't find notes for this case).
Is there a mistake in my config or coul id be a bug in the new version?
Code: Select all
# Authentifikation ueber LDAP
$Self->{AuthModule} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'ldaphost.de';
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=xxx,dc=de';
$Self->{'AuthModule::LDAP::UID'} = 'uid';
$Self->{'AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
};
# Die if backend can't work, e. g. can't connect to server.
# $Self->{'AuthModule::LDAP::Die'} = 1;
#Check if the user is allowed to auth in a posixGroup (user needs to be in group otrs)
$Self->{'AuthModule::LDAP::GroupDN'} = 'cn=otrs,ou=groups,dc=xxx,dc=de';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'uniqueMember';
# for non ldap posixGroups objectclass (with full user dn)
$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
# for ldap posixGroups objectclass (just uid)
#$Self->{'AuthModule::LDAP::UserAttr'} = 'UID';
#Beim aller ersten login eines (LDAP)Users wird dieser in der OTRS DB angelegt und hat normale "user" Rechte
AuthSyncModule::LDAP::UserSyncInitialGroups
# (sync following group with rw permission after initial create of first agent login)
$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
'users',
];
#Automatische Syncronisation der Benutzerdaten (Name, Vorname, Email) in die OTRS DB
# agent data sync against ldap
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = 'ldap://ldaphost.de/';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = dc=xxx,dc=de';
$Self->{'AuthSyncModule::LDAP::UID'} = 'uid';
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
# DB -> LDAP
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
# Weitere OTRS Gruppenrechte bekommen User bestimmter LDAP Gruppen:
# AuthSyncModule::LDAP::UserSyncGroupsDefinition
# (If "LDAP" was selected for AuthModule and you want to sync LDAP groups to otrs groups, define the following.)
$Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'uniqueMember';
# for non ldap posixGroups objectclass (with full user dn)
$Self->{'AuthSyncModule::LDAP::UserAttr'} = 'DN';
$Self->{'AuthSyncModule::LDAP::UserSyncGroupsDefinition'} = {
'cn=otrs,ou=groups,xxx,dc=de' => {
'users' => {
rw => 1,
ro => 1,
},
},
# user der ldap group 'admins' erhalten generell admin Rechte im OTRS
'cn=admins,xxx,dc=de' => {
# otrs group
'admin' => {
# permission
rw => 1,
ro => 1,
},
'stats' => {
rw => 1,
ro => 1,
},
'users' => {
rw => 1,
ro => 1,
},
}
};
mod_perl.x86_64 2.0.4-10.el6
perl.x86_64 4:5.10.1-119.el6_1.1