ist es möglich OTRS mit zwei LDAP Informationen zu füttern. Folgendes haben eine Sitz in Stuttgart und in Kassel möchte nun alle Benutzer aus Stuttgart und aus Kassel in einem OTRS anbinden. Es gibt im Internet die ein oder andere Anleitung wie das Ganze funktionieren soll, komme aber leider zu keinem Erfolg. Sehe nach wie vor nur die User aus Stuttgart und nicht aus Kassel folgende Anpassung habe ich in der Config.pm gemacht.
Code: Select all
#--------------------------------------------------------------------------------------------
# Kunden Kassel Authentifizeirung #
#--------------------------------------------------------------------------------------------
# This is an example configuration for an LDAP auth. backend.
# (make sure Net::LDAP is installed!)
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'host.kassel';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=kassel,dc=kassel,dc=de';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group xyz to use otrs)
$Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'cn=otrscustomers,ou=Gruppen,dc=kassel,dc=kassel,dc=de';
$Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
# for ldap posixGroups objectclass (just uid)
$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN';
# for non ldap posixGroups objectclass (full user dn)
#$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN';
# The following is valid but would only be necessary if the
# anonymous user does NOT have permission to read from the LDAP tree
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrs@kassel.de';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = '1234';
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
$Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '';
# in case you want to add a suffix to each customer login name, then
# you can use this option. e. g. user just want to use user but
# in your ldap directory exists user@domain.
#$Self->{'Customer::AuthModule::LDAP::UserSuffix'} = '@domain.com';
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'Customer::AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
inet4 => 1,
};
#--------------------------------------------------------------------------------------------
# Kunden Stuttgart Authentifizeirung #
#--------------------------------------------------------------------------------------------
# This is an example configuration for an LDAP auth. backend.
# (make sure Net::LDAP is installed!)
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'host.stuttgart';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=stuttgart,dc=stuttgart,dc=de';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group xyz to use otrs)
$Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'cn=otrscustomers,ou=Gruppen,dc=stuttgart,dc=stuttgart,dc=de';
$Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
# for ldap posixGroups objectclass (just uid)
$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN';
# for non ldap posixGroups objectclass (full user dn)
#$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN';
# The following is valid but would only be necessary if the
# anonymous user does NOT have permission to read from the LDAP tree
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrs@stuttgart.de';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = '1234';
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
$Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '';
# in case you want to add a suffix to each customer login name, then
# you can use this option. e. g. user just want to use user but
# in your ldap directory exists user@domain.
#$Self->{'Customer::AuthModule::LDAP::UserSuffix'} = '@domain.com';
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'Customer::AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
inet4 => 1,
};
#------------------------------------------------------------------------------------------------------------------------------#
# UserSyncLDAPMap #
#------------------------------------------------------------------------------------------------------------------------------#
$Self->{'UserSyncLDAPMap'} = {
'UserEmail' => 'mail',
'UserFirstname' => 'givenName',
'UserLastname' => 'sn',
'UserLogin' => 'sAMAccountName'
};
$Self->{CustomerUser} = {
Name => 'LDAP Data Source',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'host',
BaseDN => 'DC=kassel,DC=kassel,DC=de',
SSCOPE => 'sub',
UserDN => 'otrs@kassel.de', # wieder DN oder UserPrincipalName
UserPw => '1234',
SourceCharset => 'utf-8',
DestCharset => 'utf-8',
#AlwaysFilter => '(&(objectclass=user)(mail=*.*@Firma.de))',
# falls ihr was ausschliessen wollt:
# AlwaysFilter => '(&(objectclass=user)(mail=*.*@Firma.de)(!((was auch immer)))',
},
CustomerKey => 'sAMAccountName',
CustomerID => 'mail',
CustomerUserListFields => ['cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenName', 'sn'],
CustomerUserExcludePrimaryCustomerID => 0,
AdminSetPreferences => 0,
CustomerUserSearchListLimit => 1000, # die Anzahl der User die in euerer Kundenübersicht maximal angezeit werden.
# die Zeile muss nicht rein, macht aber bei uns hier Sinn.
Map => [
[ 'UserTitle', 'Title', 'title', 1, 0, 'var', '', 0 ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var', '', 0 ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var', '', 0 ],
[ 'UserLogin', 'Username', 'sAMAccountName', 1, 1, 'var', '', 0 ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var', '', 0 ],
[ 'UserCustomerID', 'CustomerID', 'department', 0, 1, 'var', '', 0 ],
[ 'UserCustomerIDs', 'CustomerIDs', 'department', 1, 0, 'var', '', 0 ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var', '', 0 ],
],
};
#------------------------------------------------------------------------------------------------------------------------------#
# UserSyncLDAPMap Stuttgart #
#------------------------------------------------------------------------------------------------------------------------------#
$Self->{'UserSyncLDAPMap'} = {
'UserEmail' => 'mail',
'UserFirstname' => 'givenName',
'UserLastname' => 'sn',
'UserLogin' => 'sAMAccountName'
};
$Self->{CustomerUser} = {
Name => 'LDAP Data Source',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'host stuttgart',
BaseDN => 'DC=stuttgart,DC=stuttgart,DC=de',
SSCOPE => 'sub',
UserDN => 'otrs@stuttgart.de', # wieder DN oder UserPrincipalName
UserPw => '1234',
SourceCharset => 'utf-8',
DestCharset => 'utf-8',
#AlwaysFilter => '(&(objectclass=user)(mail=*.*@Firma.de))',
# falls ihr was ausschliessen wollt:
# AlwaysFilter => '(&(objectclass=user)(mail=*.*@Firma.de)(!((was auch immer)))',
},
CustomerKey => 'sAMAccountName',
CustomerID => 'mail',
CustomerUserListFields => ['cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenName', 'sn'],
CustomerUserExcludePrimaryCustomerID => 0,
AdminSetPreferences => 0,
CustomerUserSearchListLimit => 1000, # die Anzahl der User die in euerer Kundenübersicht maximal angezeit werden.
# die Zeile muss nicht rein, macht aber bei uns hier Sinn.
Map => [
[ 'UserTitle', 'Title', 'title', 1, 0, 'var', '', 0 ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var', '', 0 ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var', '', 0 ],
[ 'UserLogin', 'Username', 'sAMAccountName', 1, 1, 'var', '', 0 ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var', '', 0 ],
[ 'UserCustomerID', 'CustomerID', 'department', 0, 1, 'var', '', 0 ],
[ 'UserCustomerIDs', 'CustomerIDs', 'department', 1, 0, 'var', '', 0 ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var', '', 0 ],
],
};