I am testing the last available version of OTRS 3.0.4
I am checking the MS ActiveDirectory backend configuration/authentication for Customers.
Everything seems to work fine but I'm not able to load only the customers that are members of a specific group into the system.
In my AD the designed group is "OTRS_Customers" and it is comprised under the OU "Liste e Gruppi".
What I obtain is that several AD entries appear as Cusomers in the OTRS GUI and not only those comprised in OTRS_Customers group
I added the following section to my Config.pm file:
Code: Select all
#
# CUSTOMERS BACKENDS CONFIGURATION
#------------------------------------------
# MS ActiveDirectory BACKEND CUSTOMER AUTH
$Self->{'Customer::AuthModule1'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host1'} = 'x-dc1.iks.local';
$Self->{'Customer::AuthModule::LDAP::BaseDN1'} = 'DC=iks,DC=local';
$Self->{'Customer::AuthModule::LDAP::UID1'} = 'uid';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN1'} = 'CN=x-ldap,OU=Utenze di Servizio,DC=iks,DC=local';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw1'} = '******';
# If all customer users are located under a "People" container,
# specify that as the base_dn for Customer Auth, ie.
# "ou=People, dc=example, dc=com". If you have users in multiple containers,
# you may want to add multiple LDAP sources. Feel free to use $Self->{CustomerUser1}
# throughout $Self->{CustomerUser10}.
$Self->{'Customer::AuthModule::LDAP::GroupDN1'} = 'CN=OTRS_Customers,OU=Liste e Gruppi,DC=iks,DC=local';
$Self->{'Customer::AuthModule::LDAP::AccessAttr1'} = 'memberUid';
$Self->{'Customer::AuthModule::LDAP::UserAttr1'} = 'UID';
# N.B CustomerUser is the default backend (used by OTRS DB)
# unless you would like to substitute the default backend with the LDAP
# it is necessary to set a different module: CustomerUser1
$Self->{CustomerUser1} = {
Name => 'LDAP Data Source',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'x-dc1.iks.local',
BaseDN => 'DC=iks,DC=local',
SSCOPE => 'sub',
UserDN => 'CN=x-ldap,OU=Utenze di Servizio,DC=iks,DC=local',
UserPw => '*******',
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
AlwaysFilter => '(objectclass=user)',
# if both your frontend and your LDAP are unicode, use this:
SourceCharset => 'utf-8',
DestCharset => 'utf-8',
Params => {
port => 389,
timeout => 120,
async => 0,
version => 3,
},
},
# just a read only source
ReadOnly => 1,
CustomerKey => 'sAMAccountName',
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
# show not own tickets in customer panel, CompanyTickets
CustomerUserExcludePrimaryCustomerID => 0,
# add an ldap filter for valid users (expert setting)
# CustomerUserValidFilter => '(!(description=locked))',
# administrator can't change customer preferences
AdminSetPreferences => 0,
# cache time to live in sec. - cache any database queries
CacheTTL => 120,
Map => [
# note: Login, Email and CustomerID are mandatory!
# var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly
[ 'UserTitle', 'Title', 'title', 1, 0, 'var', '', 0 ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var', '', 0 ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var', '', 0 ],
[ 'UserLogin', 'Username', 'sAMAccountName', 1, 1, 'var', '', 0 ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var', '', 0 ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var', '', 0 ],
[ 'UserCustomerIDs', 'CustomerIDs', 'company', 1, 0, 'var', '', 0 ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var', '', 0 ],
[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var', '', 0 ],
[ 'UserComment', 'Comment', 'description', 1, 0, 'var', '', 0 ],
],
};
# DEFAULT CUSTOMER AUTHENTICATION, internal OTRS DB backend
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::DB';
$Self->{'Customer::AuthModule::DB::Table'} = 'customer_user';
$Self->{'Customer::AuthModule::DB::CustomerKey'} = 'login';
$Self->{'Customer::AuthModule::DB::CustomerPassword'} = 'pw';
#$Self->{'Customer::AuthModule::DB::DSN'} = "DBI:mysql:database=customerdb;host=customerdbhost";
#$Self->{'Customer::AuthModule::DB::User'} = "some_user";
#$Self->{'Customer::AuthModule::DB::Password'} = "some_password";
$Self->{CustomerUser} = {
Name => 'DB Data Source',
Module => 'Kernel::System::CustomerUser::DB',
Params => {
# if you want to use an external database, add the
# required settings
# DSN => 'DBI:odbc:yourdsn',
# DSN => 'DBI:mysql:database=customerdb;host=customerdbhost',
# User => '',
# Password => '',
Table => 'customer_user',
},
# customer unique id
CustomerKey => 'login',
# customer #
CustomerID => 'customer_id',
CustomerValid => 'valid_id',
CustomerUserListFields => ['first_name', 'last_name', 'email'],
CustomerUserSearchFields => ['login', 'last_name', 'customer_id'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['email'],
CustomerUserNameFields => ['salutation','first_name','last_name'],
CustomerUserEmailUniqCheck => 1,
# # show not own tickets in customer panel, CompanyTickets
# CustomerUserExcludePrimaryCustomerID => 0,
# # generate auto logins
# AutoLoginCreation => 0,
# AutoLoginCreationPrefix => 'auto',
# # admin can change customer preferences
# AdminSetPreferences => 1,
# # cache time to live in sec. - cache any database queries
# CacheTTL => 0,
# # just a read only source
# ReadOnly => 1,
Map => [
# note: Login, Email and CustomerID are mandatory!
# var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly, http-link-target
[ 'UserTitle', 'Title', 'title', 1, 0, 'var', '', 0 ],
[ 'UserFirstname', 'Firstname', 'first_name', 1, 1, 'var', '', 0 ],
[ 'UserLastname', 'Lastname', 'last_name', 1, 1, 'var', '', 0 ],
[ 'UserLogin', 'Username', 'login', 1, 1, 'var', '', 0 ],
[ 'UserPassword', 'Password', 'pw', 0, 0, 'var', '', 0 ],
[ 'UserEmail', 'Email', 'email', 1, 1, 'var', '', 0 ],
[ 'UserCustomerID', 'CustomerID', 'customer_id', 0, 1, 'var', '', 0 ],
[ 'UserCustomerIDs', 'CustomerIDs', 'customer_ids', 1, 0, 'var', '', 0 ],
[ 'UserPhone', 'Phone', 'phone', 1, 0, 'var', '', 0 ],
[ 'UserFax', 'Fax', 'fax', 1, 0, 'var', '', 0 ],
[ 'UserMobile', 'Mobile', 'mobile', 1, 0, 'var', '', 0 ],
[ 'UserStreet', 'Street', 'street', 1, 0, 'var', '', 0 ],
[ 'UserZip', 'Zip', 'zip', 1, 0, 'var', '', 0 ],
[ 'UserCity', 'City', 'city', 1, 0, 'var', '', 0 ],
[ 'UserCountry', 'Country', 'country', 1, 0, 'var', '', 0 ],
[ 'UserComment', 'Comment', 'comments', 1, 0, 'var', '', 0 ],
[ 'ValidID', 'Valid', 'valid_id', 0, 1, 'int', '', 0 ],
],
# default selections
Selections => {
UserTitle => {
'Mr.' => 'Mr.',
'Mrs.' => 'Mrs.',
},
},
};
thank you
Giulio