LDAP customer login

[zhakal]

I've set up a link to ActiveDirectory to give one group access. How to set up several groups?
Is it as simple as just adding another GroupDN line? Or are there more changes needed?

$Self->{'AuthModule::LDAP::GroupDN'} =''CN=otrs_ldap_allow_A,OU=Groups,OU=BaseOU,DC=example,DC=com';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';

Another followup question to LDAP is, when adding the BaseOU does it the travers every OU under it?

OTRS 3.0.9 RHEL 5, Windows 2008/SQL08

[zhakal]

If i add 1 after the LDAP::UserAttr1 it works, but how to add another? Simply add 2?

[ferrosti]

OTRS should follow the OU tree, at least it does here

Adding digits to the variables is made to have more than one connection/source. In this case you´d set up one block with all parameters with the same digit for the same source.
$Self->{'AuthModule::LDAP::UserAttr1'} = 'DN';
should NOT work on the same source as
$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
If it does it is a severe bug.

[zhakal]

I want it to traverse two different OU's in a domain. Where it's domain\OU1 and domain\OU2

Should i then do the following.
$Self->{'AuthModule::LDAP::BaseDN'} =''OU=BaseOU1,DC=example,DC=com';
$Self->{'AuthModule::LDAP::BaseDN1'} =''OU=BaseOU2,DC=example,DC=com';

Or should i do it in one go somehow and traverse every OU inside the domain?

And is there any command i need to run to get it to start working except: service httpd restart?

[crythias]

BaseDN is common. You want LDAP search to filter.
http://www.petri.co.il/ldap_search_samp ... change.htm

[zhakal]

Sorry didn't understand what you ment crythias.

I've set up the following

$Self->{'AuthModule::LDAP::Host'} = 'DC FQDN';
$Self->{'AuthModule::LDAP::BaseDN'} = 'OU=GROUP1,dc=domain,dc=com';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountname';
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=OTRS,OU=GROUP1,dc=domain,dc=com';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'XXXX';
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} =
{
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};

# All new users should be assigned a default group, in this case, 'users'
$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} =
[
'users',
];

This works for the OU named Group1 but i want to add the same search for OU named Group2 aswell.

[crythias]

BaseDN is common: It means this is the grouping that applies to everyone. It probably doesn't need an OU, or if it does, it'd be something that is universally applicable.

Objective: First select everyone that could possibly fit, then filter. Don't try to filter first.

If you want to filter, use, for an example:

$Self->{'AuthModule::LDAP::AlwaysFilter'} = '(|(OU=group1*) (OU=group2*))';