We're using OTRS for over 6 months in our department.
We login with domain credentials thanks to LDAP.
The other departments need to login as well, but we don't want manually login each user so we can assign them to the usergroups.
Is there a way to use LDAP to login each user once, so the domain user is known in OTRS?
Autmatic create users with LDAP
Moderator: crythias
-
- Znuny newbie
- Posts: 2
- Joined: 12 Jul 2017, 15:25
- Znuny Version: 5.0.12
-
- Administrator
- Posts: 3965
- Joined: 18 Dec 2007, 12:23
- Znuny Version: Znuny and Znuny LTS
- Real Name: Roy Kaldung
- Company: Znuny
- Contact:
Re: Autmatic create users with LDAP
Check the examples in Defaults.pm regarding AuthSyncModule - and don't modify this file, copy relevante parts into Config.pm
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
-
- Znuny newbie
- Posts: 2
- Joined: 12 Jul 2017, 15:25
- Znuny Version: 5.0.12
Re: Autmatic create users with LDAP
The configuration we are currently using is show below.
But it's still not working, can you point out what needs to be corrected?
But it's still not working, can you point out what needs to be corrected?
Code: Select all
############################################################
# LDAP Authentication edit by EM #
############################################################
# This is an example configuration for an LDAP auth. backend.
# (Make sure Net::LDAP is installed!)
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'server.domain.local';
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=domain,dc=local';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
# Check if the user is allowed to auth in a posixGroup
$Self->{'AuthModule::LDAP::GroupDN'} = 'CN=Agents,OU=Groups,DC=domain,DC=local';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
# for ldap posixGroups objectclass (just uid)
$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
# The following is valid but would only be necessary if the
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'cn=ldap, cn=users, dc=domain, dc=local';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'password';
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
$Self->{'AuthModule::LDAP::AlwaysFilter'} = '(objectclass=user)';
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,};
# defines AuthSyncBackend (AuthSyncModule) for AuthModule
# if this key exists and is empty, there won't be a sync.
# example values: AuthSyncBackend, AuthSyncBackend2
$Self->{'AuthModule::UseSyncBackend'} = 'AuthSyncBackend';
# agent data sync against ldap
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = 'server.domain.local';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=domain, dc=local';
$Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'cn=ldap, cn=users, dc=domain, dc=local';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'password';
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
# DB -> LDAP
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',};
# [...]
# AuthSyncModule::LDAP::UserSyncInitialGroups
# (sync following group with rw permission after initial create of first agent login)
$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = ['OTRS_Agents',];
-
- Znuny guru
- Posts: 5018
- Joined: 13 Mar 2011, 09:54
- Znuny Version: 6.0.x
- Real Name: Renée Bäcker
- Company: Perl-Services.de
- Contact:
Re: Autmatic create users with LDAP
Did you see this in Defaults.pm? https://github.com/OTRS/otrs/blob/rel-5 ... ts.pm#L576
Perl / Znuny development: http://perl-services.de
Free Znuny add ons from the community: http://opar.perl-services.de
Commercial add ons: http://feature-addons.de
Free Znuny add ons from the community: http://opar.perl-services.de
Commercial add ons: http://feature-addons.de