Code: Select all
# CustomerUser
# (customer user ldap backend and settings)
$Self->{CustomerUser} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => '172.xx.x.xx',
BaseDN => 'DC=domain,DC=local',
SSCOPE => 'sub',
UserDN =>'otrs_ldap@domain.local',
UserPw => 'password',
},
# customer unique id
CustomerKey => 'sAMAccountName',
# customer #
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
#[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
#[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
#[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'otrs_ldap@domain.local';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'password';
# >>Customer Auth
#Enable LDAP authentication for Customers / Users
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = '172.xx.x.xx';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=domain,dc=local';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
# >>Agent Auth
# This is an example configuration for an LDAP auth. backend.
# (take care that Net::LDAP is installed!)
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = '172.xx.x.xx';
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=domain,dc=local';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group OTRS_Agents to use otrs)
$Self->{'AuthModule::LDAP::GroupDN'} = 'CN=otrs_allow_C,CN=Users,DC=domain,DC=local';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'memberOf';
$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
# The following is valid but would only be necessary if the
# anonymous user do NOT have permission to read from the LDAP tree
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrs_ldap@domain.local';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'password';
# Now sync data with OTRS DB
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = '172.xx.x.xx';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=domain, dc=local';
$Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'otrs_ldap@domain.local';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'password';
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
# DB -> LDAP
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
# Attributes needed for group syncs
# (attribute name for group value key)
$Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'memberOf';
# (attribute for type of group content UID/DN for full ldap name)
$Self->{'AuthSyncModule::LDAP::UserAttr'} = 'sAMAccountName';
# AuthSyncModule::LDAP::UserSyncInitialGroups
# (sync following group with rw permission after initial create of first agent
# login)
#$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
# 'users',
#];
# AuthSyncModule::LDAP::UserSyncGroupsDefinition
# (If "LDAP" was selected for AuthModule and you want to sync LDAP
# groups to otrs groups, define the following.)
$Self->{'AuthSyncModule::LDAP::UserSyncGroupsDefinition'} = {
# ldap group
'CN=otrs_allow_A,CN=Users,DC=domain,DC=local' => {
# otrs group
'admin' => {
# permission
rw => 1,
move_into => 1,
create => 1,
note => 1,
owner => 1,
priority => 1,
ro => 1,
},
},
'CN=otrs_allow_C,CN=Users,DC=domain,DC=local' => {
'users' => {
rw => 1,
move_into => 1,
create => 1,
note => 1,
owner => 1,
priority => 1,
ro => 1,
},
}
};
Code: Select all
OTRSUbuntu OTRS-CGI-67[1401]: [Notice][Kernel::System::Auth::LDAP::Au th] User: frbcr1 authentication failed, no LDAP group entry foundGroupDN='CN=otrs_allow_C,CN=Users,DC=domain,DC=local', Filter='(memberOf=CN=FRB Conference Room 1,CN=Managed Service Accounts,CN=Users,DC=domain,DC=local)'! (REMOTE_ADDR: 172.xx.x.xxx).