I have a trouble with automatiaс group's distribution.

[Alegator2222]

I have a trouble with automatiaс group's distribution. How to make me for the agent who consist in difinite LDAP's group OTRS group was assigned. I use the module of AuthSyncModule::LDAP::UserSyncGroupsDefinition my config bellow. Advice me smth.

Code: Select all

    #########################################
    # Enable LDAP Authentication Sync for Agent1 #
    #########################################

    $Self->{'AuthModule1'} = 'Kernel::System::Auth::LDAP';
    $Self->{'AuthModule::LDAP::Host1'} = 'DOMEN.N-NOVGOROD.corp.local';
    $Self->{'AuthModule::LDAP::BaseDN1'} = 'DC=N-NOVGOROD,DC=corp,DC=local';
    $Self->{'AuthModule::LDAP::UID1'} = 'sAMAccountName';
	
   ###########################################################
   ###########################################################
 
    $Self->{'AuthModule::LDAP::AccessAttr1'} = 'member';
    $Self->{'AuthModule::LDAP::SearchUserDN1'} = 'CN=LDAPUser,CN=Users,DC=N-NOVGOROD,DC=corp,DC=local';
    $Self->{'AuthModule::LDAP::SearchUserPw1'} = 'PASS';

   ###########################################
   #   Enable Agent Mapping from LDAP to DB1 #
   ###########################################

    $Self->{'AuthSyncModule1'} = 'Kernel::System::Auth::Sync::LDAP';
    $Self->{'AuthSyncModule::LDAP::Host1'} = 'N-NOVGOROD.corp.local';
    $Self->{'AuthSyncModule::LDAP::BaseDN1'} = 'DC=N-NOVGOROD,DC=corp,DC=local';
    $Self->{'AuthSyncModule::LDAP::UID1'} = 'sAMAccountName';
    $Self->{'AuthSyncModule::LDAP::SearchUserDN1'} = 'CN=LDAPUser,CN=Users,DC=N-NOVGOROD,DC=corp,DC=local';
    $Self->{'AuthSyncModule::LDAP::SearchUserPw1'} = 'PASS';

    $Self->{'AuthSyncModule::LDAP::UserSyncMap1'} = {
    UserFirstname => 'givenName',
    UserLastname => 'sn',
    UserEmail => 'mail',
    };
 #   $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups1'} = [
 #      'users',
 #  ];
	
	#########################################################################################################
	
# User this to sync ldap groups to otrs groups
        
	$Self->{'AuthSyncModule::LDAP::AccessAttr1'} = 'member';
    # (attribute for type of group content UID/DN for full ldap name)
    $Self->{'AuthSyncModule::LDAP::UserAttr1'} = 'uid';
    #$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
    #    'users',
    #]; 	
    $Self->{'AuthSyncModule::LDAP::UserSyncGroupsDefinition1'} = {
        # ldap group
        'CN=LDAP_CO_Users,OU=Доступ к Active Directory (LDAP_CO),OU=.GROUP,OU=NN,DC=N-NOVGOROD,DC=corp,DC=local' => {
            # otrs group
            'admin' => {
                # permission
                rw => 1,
        move_into => 1,
        create => 1,
        note => 1,
        owner => 1,
        priority => 1,
                ro => 1,
            },
        },
    };
    

[root]

Is the user a direct member in the group or do you use nested groups?

[Alegator2222]

Yes, I use direct. I use AD Explorer soft.I took attribote - memberOf

[root]

The AuthSyncModule::LDAP::UserAttr is the DN for an Active Directory

[Alegator2222]

Ok. I'll try.

[Alegator2222]

http://hostingkartinok.com/show-image.p ... ba5a92fe72

[Alegator2222]

Did not help. Why is it not working?

[root]

When I look at your screenshot this your LDAP group is named different. The highlighted row is the group's DN and there are 114 member. For example 'test4 test4' and 'test3 test3'. Is this right? Then the following config should work, otherwise consult your logs

Code: Select all

$Self->{'AuthSyncModule::LDAP::AccessAttr1'} = 'member';
    $Self->{'AuthSyncModule::LDAP::UserAttr1'} = 'DN';
    $Self->{'AuthSyncModule::LDAP::UserSyncGroupsDefinition1'} = {
        # ldap group
        'DISTINGUISHED NAME FOR THE GROUP (blue line in Screenshot)' => {
            # otrs group
            'admin' => {
                # permission
                rw => 1,
        move_into => 1,
        create => 1,
        note => 1,
        owner => 1,
        priority => 1,
                ro => 1,
            },
        },
    };

[Alegator2222]

Yes. For the test I used a different group.

[Alegator2222]

My log

Code: Select all

[Wed Apr 27 13:20:30 2016] Config.pm: Subroutine Load redefined at /opt/otrs/Kernel/Config.pm line 24.
ERROR: OTRS-CGI-10 Perl: 5.18.2 OS: linux Time: Wed Apr 27 13:20:30 2016

 Message: No UserID found for 'test2'!

 RemoteAddress: 10.0.20.169
 RequestURI: /otrs/index.pl

 Traceback (48360):
   Module: Kernel::System::User::UserLookup Line: 922
   Module: Kernel::System::Auth::Auth Line: 161
   Module: Kernel::System::Web::InterfaceAgent::Run Line: 226
   Module: ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_index_2epl::handler Line: 40
   Module: (eval) (v1.99) Line: 206
   Module: ModPerl::RegistryCooker::run (v1.99) Line: 206
   Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 172
   Module: ModPerl::Registry::handler (v1.99) Line: 31

ERROR: OTRS-CGI-10 Perl: 5.18.2 OS: linux Time: Wed Apr 27 13:20:30 2016

 Message: No UserID found for 'test2'!

 RemoteAddress: 10.0.20.169
 RequestURI: /otrs/index.pl

 Traceback (48360):
   Module: Kernel::System::User::UserLookup Line: 922
   Module: Kernel::System::Auth::Sync::LDAP::Sync Line: 201
   Module: Kernel::System::Auth::Auth Line: 219
   Module: Kernel::System::Web::InterfaceAgent::Run Line: 226
   Module: ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_index_2epl::handler Line: 40
   Module: (eval) (v1.99) Line: 206
   Module: ModPerl::RegistryCooker::run (v1.99) Line: 206
   Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 172
   Module: ModPerl::Registry::handler (v1.99) Line: 31

[root]

Is the user proper synced? Did you find the agent test2 in the administration area?

[Alegator2222]

Maybe my error here?
http://prntscr.com/axghrh
http://prntscr.com/axgihq
http://prntscr.com/axgjt6