I tried many ways to make me able to sync with permission a groups from LDAP to an admin and user group .
The sync of one group had been done successfully in a matter of Login , example: the user from a Group 1 in LDAP Can Login successfuly as an agent and those who r not from group 1 will not be able to login ,
but the problem is :
1. The Login Agent had a normal user access , and i need him to be able to access with admin permission so he will have an access to dashboard ,tickets ,stats and Admin taps .
2. How I can Sync 2 groups from LDAP to 2 groups from otrs (Admin,Users) .
My config.pm file is :
Code: Select all
package Kernel::Config;
sub Load {
my $Self = shift;
$Self->{'DatabaseHost'} = 'localhost';
$Self->{'Database'} = 'otrs';
$Self->{'DatabaseUser'} = 'otrs';
$Self->{'DatabasePw'} = 'hot';
$Self->{DatabaseDSN} = "DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost};";
$Self->{Home} = 'C:/PROGRA~2/OTRS/OTRS';
$Self->{LogModule} = 'Kernel::System::Log::File';
$Self->{LogModule::LogFile} = 'C:/PROGRA~2/OTRS/OTRS/var/log/otrs.log';
$Self->{'DefaultCharset'} = 'utf-8';
$Self->{'AuthModule'} = 'Kernel::System::Auth::DB';
#-- Customer :
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::DB';
$Self->{'Customer::AuthModule::DB::Table'} = 'customer_user';
$Self->{'Customer::AuthModule::DB::CustomerKey'} = 'login';
$Self->{'Customer::AuthModule::DB::CustomerPassword'} = 'pw';
$Self->{CustomerUser} = {
Name => 'Database Backend',
Module => 'Kernel::System::CustomerUser::DB',
Params => {
Table => 'customer_user',
CaseSensitive => 0,
},
CustomerKey => 'login',
CustomerID => 'customer_id',
CustomerValid => 'valid_id',
CustomerUserListFields => [ 'first_name', 'last_name', 'email' ],
CustomerUserSearchFields => [ 'login', 'first_name', 'last_name', 'customer_id' ],
CustomerUserSearchPrefix => '*',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 1, ## control the number of customer that will be displayed in Agent interface
CustomerUserPostMasterSearchFields => ['email'],
CustomerUserNameFields => [ 'title', 'first_name', 'last_name' ],
CustomerUserEmailUniqCheck => 1,
# generate auto logins
AutoLoginCreation => 1,
# # generate auto login prefix
AutoLoginCreationPrefix => 'auto',
Map => [
[ 'UserTitle', 'Title', 'title', 1, 0, 'var', '', 0 ],
[ 'UserFirstname', 'Firstname', 'first_name', 1, 1, 'var', '', 0 ],
[ 'UserLastname', 'Lastname', 'last_name', 1, 1, 'var', '', 0 ],
[ 'UserLogin', 'Username', 'login', 1, 1, 'var', '', 0 ],
[ 'UserPassword', 'Password', 'pw', 0, 0, 'var', '', 0 ],
[ 'UserEmail', 'Email', 'email', 1, 1, 'var', '', 0 ],
[ 'UserCustomerID', 'CustomerID', 'customer_id', 0, 1, 'var', '', 0 ],
[ 'UserPhone', 'Phone', 'phone', 1, 0, 'var', '', 0 ],
[ 'UserFax', 'Fax', 'fax', 1, 0, 'var', '', 0 ],
[ 'UserMobile', 'Mobile', 'mobile', 1, 0, 'var', '', 0 ],
[ 'UserStreet', 'Street', 'street', 1, 0, 'var', '', 0 ],
[ 'UserZip', 'Zip', 'zip', 1, 0, 'var', '', 0 ],
[ 'UserCity', 'City', 'city', 1, 0, 'var', '', 0 ],
[ 'UserCountry', 'Country', 'country', 1, 0, 'var', '', 0 ],
[ 'UserComment', 'Comment', 'comments', 1, 0, 'var', '', 0 ],
[ 'ValidID', 'Valid', 'valid_id', 0, 1, 'int', '', 0 ],
],
};
#---------- Auth. Agents+customer Againest LDAP ( Active Directory ) ---------#
$Self->{'AuthModule1'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host1'} = 'test.com';
$Self->{'AuthModule::LDAP::BaseDN1'} ='DC=test,DC=com';
$Self->{'AuthModule::LDAP::UID1'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::SearchUserDN1'} ='Admin,OU=SP,DC=test,DC=com';
$Self->{'AuthModule::LDAP::SearchUserPw1'} = 'Pa##w0rd';
$Self->{'AuthModule::LDAP::AlwaysFilter1'} = '(objectclass=user)';
$Self->{'AuthModule::LDAP::Params1'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
$Self->{'AuthSyncModule1'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host1'} = 'test.com';
$Self->{'AuthSyncModule::LDAP::BaseDN1'} = 'DC=test,DC=com';#
$Self->{'AuthSyncModule::LDAP::UID1'} = 'sAMAccountName';
$Self->{'AuthSyncModule::LDAP::SearchUserDN1'} = 'CN=Admin,OU=SP,DC=test,DC=com';
$Self->{'AuthSyncModule::LDAP::SearchUserPw1'} = 'Pa##w0rd';
$Self->{'AuthSyncModule::LDAP::AlwaysFilter1'} = '(objectclass=user)';
$Self->{'AuthSyncModule::LDAP::UserSyncMap1'} = {
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
$Self->{'Customer::AuthModule1'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host1'} = 'test.com';
$Self->{'Customer::AuthModule::LDAP::BaseDN1'} = 'DC=test,DC=com';#
$Self->{'Customer::AuthModule::LDAP::UID1'} = 'sAMAccountName';
$Self->{'Customer::AuthModule::SearchUserDN1'} = 'CN=Admin,OU=SP,DC=test,DC=com';
$Self->{'Customer::AuthModule::SearchUserPw1'} = 'Pa##w0rd';
$Self->{'Customer::AuthModule::LDAP::AlwaysFilter1'} = '(objectclass=user)';
$Self->{'Customer::AuthModule::LDAP::Params1'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
$Self->{CustomerUser1} = {
Name => 'LDAP Source',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'test.com',
BaseDN => 'DC=test,DC=com',
SSCOPE => 'sub',
UserDN =>'CN=Admin,OU=SP,DC=test,DC=com',
UserPw => 'Pa##w0rd',
AlwaysFilter => '(objectclass=user)',#
},
CustomerKey => 'sAMAccountName',
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 1,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1,'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName',1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var','', 0 ],
[ 'UserCustomerID', 'CustomerID', 'mail',0, 1, 'var' ], #
[ 'UserPhone', 'Phone', 'telephonenumber',1, 0, 'var' ],
[ 'UserAddress','Address','postaladdress',1, 0, 'var'],
[ 'UserComment','Comment','description',1, 0, 'var'],
[ 'UserFax','Fax','facsimileTelephoneNumber', 1, 0, 'var'],#
[ 'UserMobile','Mobile','mobile',1, 0, 'var'],#
[ 'UserStreet','Street','streetAddress', 1, 0, 'var' ],#
[ 'UserZip','Zip','postalCode',1, 0, 'var'],#
[ 'UserCity','City','l',1, 0, 'var'],#
],
},
$Self->{DatabaseUserTable} = 'users';
$Self->{DatabaseUserTableUserID} = 'id';
$Self->{DatabaseUserTableUserPW} = 'pw';
$Self->{DatabaseUserTableUser} = 'login';
####################################
$Self->{'AuthModule::LDAP::GroupDN1'} ='CN=sp_group,OU=sp,DC=test,DC=com';
$Self->{'AuthModule::LDAP::AccessAttr1'} = 'member';
$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups1'} = [
'admin',
];
# $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups1'} = [
# 'users',
# ];
# $Self->{'AuthSyncModule::LDAP::UserSyncGroupsDefinition1'} = {
# # ldap group
# 'CN=sp_group,OU=sp,DC=test,DC=com' => {
# # otrs group
# 'admin' => {
# # permission
# rw => 1,
# ro => 1,
# move_into=>1,
# create=>1,
# note=>1,
# owner=>1,
# priority=>1,
# },
# 'users' => {
# rw => 1,
# ro => 1,
# move_into=>1,
# create=>1,
# note=>1,
# owner=>1,
# priority=>1,
# },
# 'stats'=>{
# rw => 1,
# ro => 1,
# move_into=>1,
# create=>1,
# note=>1,
# owner=>1,
# priority=>1,
# },
# # },
# # 'CN=sp_group1,OU=SP,DC=test,DC=com' => {
# # 'users' => {
# # rw => 1,
# # ro => 1,
# # },
# }
# };
#########################################
};
# ---------------------------------------------------- #
# needed system stuff (don't edit this) #
# ---------------------------------------------------- #
use strict;
use warnings;
use vars qw(@ISA $VERSION);
$VERSION = qw($Revision: 1.23 $)[1];
use Kernel::Config::Defaults;
push (@ISA, 'Kernel::Config::Defaults');
# -----------------------------------------------------#
1;
Thanks in advance