Hello all,
In the wake of our PCI DSS audit, we have to provide a monthly generated userlisting from all OTRS User, vaild or invaild and there roles. Does anybody have an idea on how to do this using a simple bash shell script?
Thank You for your help.
Ralf Wiegand
OTRS and PCI DSS
Moderator: crythias
-
- Znuny guru
- Posts: 2210
- Joined: 13 Mar 2014, 09:16
- Znuny Version: 6.0.14
- Real Name: Rolf Straub
Re: OTRS and PCI DSS
Try running this perl script as otrs-user:
(you might want to redirect the output to a .csv file)
(you might want to redirect the output to a .csv file)
Code: Select all
#!/usr/bin/perl
use strict;
use warnings;
use utf8;
use lib '/opt/otrs/';
use lib '/opt/otrs/Kernel/cpan-lib';
use lib '/opt/otrs/Custom';
use Kernel::System::ObjectManager;
use Data::Dumper;
local $Kernel::OM = Kernel::System::ObjectManager->new(
'Kernel::System::Log' => {
LogPrefix => 'ListUsers',
},
);
my $UserObject = $Kernel::OM->Get('Kernel::System::User');
my $GroupObject = $Kernel::OM->Get('Kernel::System::Group');
my %UserList = $UserObject->UserList(
Type => 'Long',
Valid => 0,
);
printf "Name;Login;ValidID;Roles";
foreach my $UserID ( keys %UserList ) {
my %RoleList = $GroupObject->PermissionUserRoleGet(
UserID => $UserID,
);
my %User = $UserObject->GetUserData(
UserID => $UserID,
);
printf "$User{UserFullname};$User{UserLogin};$User{ValidID};" . qq{@{ [ values %RoleList ] }} . "\n";
}
Currently using: OTRS 6.0.14 -- MariaDB -- Ubuntu 16 LTS
-
- Znuny newbie
- Posts: 32
- Joined: 23 Jun 2016, 08:55
- Znuny Version: OTRS5
- Real Name: Ralf Wiegand
- Company: TML Technologies
Re: OTRS and PCI DSS
This works great under OTRS 5.x, I also have two OTRS ticket systems using OTRS 3.x and I am getting the following messages: (where getusers.pl is the script name I am using...)
Can't locate Kernel/System/ObjectManager.pm in @INC (@INC contains: /opt/otrs/Custom /opt/otrs/Kernel/cpan-lib /opt/otrs/ /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at getusers.pl line 11.
BEGIN failed--compilation aborted at getusers.pl line 11.
Thank You for your great help.
Ralf Wiegand
Can't locate Kernel/System/ObjectManager.pm in @INC (@INC contains: /opt/otrs/Custom /opt/otrs/Kernel/cpan-lib /opt/otrs/ /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at getusers.pl line 11.
BEGIN failed--compilation aborted at getusers.pl line 11.
Thank You for your great help.
Ralf Wiegand
-
- Znuny guru
- Posts: 2210
- Joined: 13 Mar 2014, 09:16
- Znuny Version: 6.0.14
- Real Name: Rolf Straub
Re: OTRS and PCI DSS
Mmh, according to the API in 3.x there was no Object Manager yet. So the single line:
would have to be replaced with:
The same goes for the GroupObject. You then should delete the 4-5 lines:
The whole API can be seen here:
http://doc.otrs.com/doc/api/otrs/3.3/Pe ... up.pm.html
Code: Select all
my $UserObject = $Kernel::OM->Get('Kernel::System::User');
Code: Select all
use Kernel::Config;
use Kernel::System::Encode;
use Kernel::System::Log;
use Kernel::System::Main;
use Kernel::System::Time;
use Kernel::System::DB;
use Kernel::System::User;
my $ConfigObject = Kernel::Config->new();
my $EncodeObject = Kernel::System::Encode->new(
ConfigObject => $ConfigObject,
);
my $LogObject = Kernel::System::Log->new(
ConfigObject => $ConfigObject,
EncodeObject => $EncodeObject,
);
my $MainObject = Kernel::System::Main->new(
ConfigObject => $ConfigObject,
EncodeObject => $EncodeObject,
LogObject => $LogObject,
);
my $TimeObject = Kernel::System::Time->new(
ConfigObject => $ConfigObject,
LogObject => $LogObject,
);
my $DBObject = Kernel::System::DB->new(
ConfigObject => $ConfigObject,
EncodeObject => $EncodeObject,
LogObject => $LogObject,
MainObject => $MainObject,
);
my $UserObject = Kernel::System::User->new(
ConfigObject => $ConfigObject,
LogObject => $LogObject,
MainObject => $MainObject,
TimeObject => $TimeObject,
DBObject => $DBObject,
EncodeObject => $EncodeObject,
);
Code: Select all
local $Kernel::OM = Kernel::System::ObjectManager->new(
'Kernel::System::Log' => {
LogPrefix => 'ListUsers',
},
);
http://doc.otrs.com/doc/api/otrs/3.3/Pe ... up.pm.html
Currently using: OTRS 6.0.14 -- MariaDB -- Ubuntu 16 LTS
-
- Znuny newbie
- Posts: 32
- Joined: 23 Jun 2016, 08:55
- Znuny Version: OTRS5
- Real Name: Ralf Wiegand
- Company: TML Technologies
Re: OTRS and PCI DSS
Not sure if I am getting this correct...getting
Can't locate object method "PermissionUserRoleGet" via package "Kernel::System::Group" at getusers.pl line 72.
#!/usr/bin/perl
use strict;
use warnings;
use utf8;
use lib '/opt/otrs/';
use lib '/opt/otrs/Kernel/cpan-lib';
use lib '/opt/otrs/Custom';
use Data::Dumper;
use Kernel::Config;
use Kernel::System::Encode;
use Kernel::System::Log;
use Kernel::System::Main;
use Kernel::System::Time;
use Kernel::System::DB;
use Kernel::System::Group;
use Kernel::System::User;
my $ConfigObject = Kernel::Config->new();
my $EncodeObject = Kernel::System::Encode->new(
ConfigObject => $ConfigObject,
);
my $LogObject = Kernel::System::Log->new(
ConfigObject => $ConfigObject,
EncodeObject => $EncodeObject,
);
my $MainObject = Kernel::System::Main->new(
ConfigObject => $ConfigObject,
EncodeObject => $EncodeObject,
LogObject => $LogObject,
);
my $TimeObject = Kernel::System::Time->new(
ConfigObject => $ConfigObject,
LogObject => $LogObject,
);
my $DBObject = Kernel::System::DB->new(
ConfigObject => $ConfigObject,
EncodeObject => $EncodeObject,
LogObject => $LogObject,
MainObject => $MainObject,
);
my $GroupObject = Kernel::System::Group->new(
ConfigObject => $ConfigObject,
LogObject => $LogObject,
MainObject => $MainObject,
TimeObject => $TimeObject,
DBObject => $DBObject,
EncodeObject => $EncodeObject,
);
my $UserObject = Kernel::System::User->new(
ConfigObject => $ConfigObject,
LogObject => $LogObject,
MainObject => $MainObject,
TimeObject => $TimeObject,
DBObject => $DBObject,
EncodeObject => $EncodeObject,
GroupObject => $GroupObject,
);
my %UserList = $UserObject->UserList(
Type => 'Long',
Valid => 0,
);
printf "Name;Login;ValidID;Roles";
foreach my $UserID ( keys %UserList ) {
my %RoleList = $GroupObject->PermissionUserRoleGet(
UserID => $UserID,
);
my %User = $UserObject->GetUserData(
UserID => $UserID,
);
printf "$User{UserFullname};$User{UserLogin};$User{ValidID};" . qq{@{ [ values %RoleList ] }} . "\n";
I have no clue if I am doing this right??
Can't locate object method "PermissionUserRoleGet" via package "Kernel::System::Group" at getusers.pl line 72.
#!/usr/bin/perl
use strict;
use warnings;
use utf8;
use lib '/opt/otrs/';
use lib '/opt/otrs/Kernel/cpan-lib';
use lib '/opt/otrs/Custom';
use Data::Dumper;
use Kernel::Config;
use Kernel::System::Encode;
use Kernel::System::Log;
use Kernel::System::Main;
use Kernel::System::Time;
use Kernel::System::DB;
use Kernel::System::Group;
use Kernel::System::User;
my $ConfigObject = Kernel::Config->new();
my $EncodeObject = Kernel::System::Encode->new(
ConfigObject => $ConfigObject,
);
my $LogObject = Kernel::System::Log->new(
ConfigObject => $ConfigObject,
EncodeObject => $EncodeObject,
);
my $MainObject = Kernel::System::Main->new(
ConfigObject => $ConfigObject,
EncodeObject => $EncodeObject,
LogObject => $LogObject,
);
my $TimeObject = Kernel::System::Time->new(
ConfigObject => $ConfigObject,
LogObject => $LogObject,
);
my $DBObject = Kernel::System::DB->new(
ConfigObject => $ConfigObject,
EncodeObject => $EncodeObject,
LogObject => $LogObject,
MainObject => $MainObject,
);
my $GroupObject = Kernel::System::Group->new(
ConfigObject => $ConfigObject,
LogObject => $LogObject,
MainObject => $MainObject,
TimeObject => $TimeObject,
DBObject => $DBObject,
EncodeObject => $EncodeObject,
);
my $UserObject = Kernel::System::User->new(
ConfigObject => $ConfigObject,
LogObject => $LogObject,
MainObject => $MainObject,
TimeObject => $TimeObject,
DBObject => $DBObject,
EncodeObject => $EncodeObject,
GroupObject => $GroupObject,
);
my %UserList = $UserObject->UserList(
Type => 'Long',
Valid => 0,
);
printf "Name;Login;ValidID;Roles";
foreach my $UserID ( keys %UserList ) {
my %RoleList = $GroupObject->PermissionUserRoleGet(
UserID => $UserID,
);
my %User = $UserObject->GetUserData(
UserID => $UserID,
);
printf "$User{UserFullname};$User{UserLogin};$User{ValidID};" . qq{@{ [ values %RoleList ] }} . "\n";
I have no clue if I am doing this right??
-
- Znuny guru
- Posts: 2210
- Joined: 13 Mar 2014, 09:16
- Znuny Version: 6.0.14
- Real Name: Rolf Straub
Re: OTRS and PCI DSS
Oh that function didn't exist back in 3.x either.
It seems the closest would be:
But I cannot test it, as I don't have a 3.x. Try to follow the API and see where you get with that.
It seems the closest would be:
Code: Select all
my %RoleList = $GroupObject->GroupUserRoleMemberList(
UserID => $ID,
Result => 'HASH',
);
Currently using: OTRS 6.0.14 -- MariaDB -- Ubuntu 16 LTS