Autmatic create users with LDAP

christianS · Post by **christianS** » 12 Jul 2017, 16:16

We're using OTRS for over 6 months in our department.
We login with domain credentials thanks to LDAP.
The other departments need to login as well, but we don't want manually login each user so we can assign them to the usergroups.

Is there a way to use LDAP to login each user once, so the domain user is known in OTRS?

Post by **root** » 12 Jul 2017, 18:00

Check the examples in Defaults.pm regarding AuthSyncModule - and don't modify this file, copy relevante parts into Config.pm

christianS · Post by **christianS** » 27 Jul 2017, 16:06

The configuration we are currently using is show below.
But it's still not working, can you point out what needs to be corrected?

Code: Select all

    ############################################################
    # LDAP Authentication                           edit by EM #
    ############################################################

    # This is an example configuration for an LDAP auth. backend.
    # (Make sure Net::LDAP is installed!)
    $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
    $Self->{'AuthModule::LDAP::Host'} = 'server.domain.local';
    $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=domain,dc=local';
    $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';

    # Check if the user is allowed to auth in a posixGroup
    $Self->{'AuthModule::LDAP::GroupDN'} = 'CN=Agents,OU=Groups,DC=domain,DC=local';
    $Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
    # for ldap posixGroups objectclass (just uid)
    $Self->{'AuthModule::LDAP::UserAttr'} = 'DN';

    # The following is valid but would only be necessary if the
    $Self->{'AuthModule::LDAP::SearchUserDN'} = 'cn=ldap, cn=users, dc=domain, dc=local';
    $Self->{'AuthModule::LDAP::SearchUserPw'} = 'password';

    # in case you want to add always one filter to each ldap query, use
    # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
    $Self->{'AuthModule::LDAP::AlwaysFilter'} = '(objectclass=user)';

    # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
    $Self->{'AuthModule::LDAP::Params'} = {
        port => 389,
        timeout => 120,
        async => 0,
        version => 3,};

    # defines AuthSyncBackend (AuthSyncModule) for AuthModule
    # if this key exists and is empty, there won't be a sync.
    # example values: AuthSyncBackend, AuthSyncBackend2
    $Self->{'AuthModule::UseSyncBackend'} = 'AuthSyncBackend';

    # agent data sync against ldap
    $Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
    $Self->{'AuthSyncModule::LDAP::Host'} = 'server.domain.local';
    $Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=domain, dc=local';
    $Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
    $Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'cn=ldap, cn=users, dc=domain, dc=local';
    $Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'password';
    $Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
        # DB -> LDAP
        UserFirstname => 'givenName',
        UserLastname  => 'sn',
        UserEmail     => 'mail',};
    #                 [...]
    # AuthSyncModule::LDAP::UserSyncInitialGroups
    # (sync following group with rw permission after initial create of first agent login)
    $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = ['OTRS_Agents',];

reneeb · Post by **reneeb** » 14 Aug 2017, 09:31

Did you see this in Defaults.pm? https://github.com/OTRS/otrs/blob/rel-5 ... ts.pm#L576

Znuny and ((OTRS)) Community Edition

Autmatic create users with LDAP

Autmatic create users with LDAP

Re: Autmatic create users with LDAP

Re: Autmatic create users with LDAP

Re: Autmatic create users with LDAP