Configurazione Customer con LDAP

Post Reply
savari
Znuny newbie
Posts: 1
Joined: 04 Sep 2013, 16:31
Znuny Version: 3.2.10
Real Name: Aristeo Savelli
Company: Exprivia Spa

Configurazione Customer con LDAP

Post by savari »

Salve.
In azienda stiamo sperimentando OTRS ITSM 3.2.10 su Linux Centos 6.0.
Va integrato con l'Active Directory sia lato agent che lato customer.

La configurazione lato agent è stata effettuata con i seguenti settings:

# Enable LDAP lookups for Agent logins. User must be a member of OTRS Agents group.
# N.B.: come OTRS Agents Group abbiamo utilizzato OTRS Agents
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'dcontroller01.mydomain.it';
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=mydomaint,dc=it';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'cn=otrs,cn=Users,dc=mydomain,dc=it';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'xxxxx';
$Self->{'AuthModule::LDAP::AlwaysFilter'} = '(objectclass=user)';
$Self->{'AuthModule::LDAP::GroupDN'} = 'cn=OTRS Agents,cn=Users,dc=mydomain,dc=it';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';

# Enable LDAP lookups of Agent account informations and default roles.
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = 'dcontroller01.mydomain.it';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=mydomain,dc=it';
$Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'cn=otrs,cn=Users,dc=mydomain,dc=it';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'xxxxx';
$Self->{'AuthSyncModule::LDAP::AlwaysFilter'} = '(objectclass=user)';
$Self->{'AuthSyncModule::LDAP::GroupDN'} = 'cn=OTRS Agents,cn=Users,dc=mydomain,dc=it';
$Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthSyncModule::LDAP::UserAttr'} = 'DN';
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};

# AuthSyncModule::LDAP::UserSyncRolesDefinition
# (If "LDAP" was selected for AuthModule and you want to sync LDAP
# groups to otrs roles, define the following.)

$Self->{'AuthSyncModule::LDAP::UserSyncRolesDefinition'} = {
'cn=OTRS Agents,cn=Users,dc=mydomain,dc=it' => {
'Company Agents' => 1,
},
'cn=Domain Admins,cn=Users,dc=mydomain,dc=it' => {
'Tech Support Agents' => 1,
}
};

# AuthSyncModule::LDAP::UserSyncAttributeGroupsDefinition
# (If "LDAP" was selected for AuthModule and you want to sync LDAP
# attributes to otrs groups, define the following.)

# UserTable
$Self->{DatabaseUserTable} = 'users';
$Self->{DatabaseUserTableUserID} = 'id';
$Self->{DatabaseUserTableUserPW} = 'pw';
$Self->{DatabaseUserTableUser} = 'login';

Alla prima login su
https://otrs-devel01.mydomain.it/otrs/index.pl

con una utenza del gruppo otrs agents dell'active directory, viene creata un agent su otrs.
Dunque l'accesso è corretto.

La parte customer è configurata invece come segue:

# --------------------------------------------------- #
# customer authentication settings #
# (enable what you need, auth against otrs db, #
# against a LDAP directory, against HTTP basic #
# authentication and against Radius server) #
# --------------------------------------------------- #

$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'dcontroller01.mydomain.it';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=mydomain,dc=it';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=otrs,cn=Users,dc=mydomain,dc=it';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'xxxxx';
$Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '(objectclass=user)';
$Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'cn=otrs-customers,ou=Groups,dc=mydomain,dc=it';
$Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN';

# CustomerUser
# (customer user ldap backend and settings)

# Enable LDAP lookups for Customer account information.
$Self->{CustomerUser} = {
Name => 'Utenti Azienda',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'dcontroller01.mydomain.it',
BaseDN => 'dc=mydomain,dc=it',
SSCOPE => 'sub',
UserDN => 'cn=otrs,cn=Users,dc=mydomain,dc=it',
UserPw => 'xxxxx',
AlwaysFilter => '(objectclass=user)',
GroupDN => 'cn=otrs-customers,ou=Groups,dc=mydomain,dc=it',
AccessAttr => 'member',
UserAttr => 'DN',
},
CustomerKey => 'sAMAccountName',
CustomerID => 'sAMAccountName',
CustomerUserSearchListLimit => 2000,
CustomerUserListFields => ['sAMAccountName', 'sn', 'givenname', 'company', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'sn', 'givenname', 'company', 'mail'],
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
CustomerUserValidFilter => '(company=*)',
Map => [
[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'sAMAccountName', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};


Le utenze del gruppo otrs-customer accedono tranquillamente ad https://otrs-devel01.mydomain.it/otrs/customer.pl, però non viene creata alcuna utenza su otrs.

Dunque non è possibile assegnare privilegi e grant.

Per gli agent si procede tramite:
# UserTable
$Self->{DatabaseUserTable} = 'users';
$Self->{DatabaseUserTableUserID} = 'id';
$Self->{DatabaseUserTableUserPW} = 'pw';
$Self->{DatabaseUserTableUser} = 'login';
Comi si fa per i customer ?

Grazie del supporto
stevros
Znuny newbie
Posts: 8
Joined: 24 Sep 2014, 10:08
Znuny Version: 3.3.9

Re: Configurazione Customer con LDAP

Post by stevros »

Ciao Savari,
purtroppo non posso aiutarti a risolvere il tuo problema, però vorrei chiederti se puoi spiegarmi esattamente cosa devo fare per configurare l'autenticazione tramite LDAP dei miei Agenti\Clienti, ho letto diverse guide e guardato alcuni video (ufficiali e non) ma non mi è chiarissimo,

Grazie mille in anticipo, spero che tu nel frattempo abbia risolto il tuo problema.

Stevros
Post Reply