My first post here! First, keep up the good work. OTRS seems to be an excellent tool!
I am testing OTRS to be deployed in our production environment. I am running into a problem. The active directory sync to OTRS roles feature is not working properly.
Here is my situation:
OTRS 3.0.11 on Ubuntu Linux and MySQL Database
Active directory [LDAP] authentication for Agents has been successfully configured and working properly.
Relevant code from config.pm file:
Code: Select all
$Self->{'AuthSyncModule::LDAP::UserSyncRolesDefinition'} = {
# specify ldap group DN to be ...
'CN=OPA OTRS Admin,CN=Users,DC=opadev,DC=dol,DC=local' => {
# ... mapped to otrs role
'OTRS Admins' => 1,
},
'CN=OPA OTRS Agents,CN=Users,DC=opadev,DC=dol,DC=local' => {
# otrs role
'OTRS Agents' => 1,
}
};
In AD I have two groups:
1. OPA OTRS Admin
2. OPA OTRS Agents
I want any members inside these AD groups to be automatically granted these roles in OTRS [consecutively]:
1. OTRS Admins
2. OTRS Agents
Here are the logs:
When a user “admin-rm” who belongs to the AD group “OPA OTRS Admin” logs on to OTRS:
Code: Select all
Wed Oct 26 15:53:50 2011 notice OTRS-CGI-69 User: admin-rm not in GroupDN='CN=OPA OTRS Agents,CN=Users,DC=opadev,DC=dol,DC=local', Filter='(memberUid=CN=Rajiv Mehra \(Admin\),OU=Windows 7 Users,OU=FPB Users,OU=OPA Users,DC=opadev,DC=dol,DC=local)'! (REMOTE_ADDR: 10.187.64.103).
Wed Oct 26 15:53:50 2011 notice OTRS-CGI-69 User: 'admin-rm' sync ldap groups CN=OPA OTRS Agents,CN=Users,DC=opadev,DC=dol,DC=local to roles!
Wed Oct 26 15:53:50 2011 notice OTRS-CGI-69 User: admin-rm not in GroupDN='CN=OPA OTRS Admin,CN=Users,DC=opadev,DC=dol,DC=local', Filter='(memberUid=CN=Rajiv Mehra \(Admin\),OU=Windows 7 Users,OU=FPB Users,OU=OPA Users,DC=opadev,DC=dol,DC=local)'! (REMOTE_ADDR: 10.187.64.103).
Wed Oct 26 15:53:50 2011 notice OTRS-CGI-69 User: 'admin-rm' sync ldap groups CN=OPA OTRS Admin,CN=Users,DC=opadev,DC=dol,DC=local to roles!
Wed Oct 26 15:53:50 2011 notice OTRS-CGI-69 User: 'admin-rm' changed password successfully!
Wed Oct 26 15:53:50 2011 notice OTRS-CGI-69 User: 'admin-rm' updated successfully (1)!
Wed Oct 26 15:53:50 2011 notice OTRS-CGI-69 User: admin-rm (CN=Rajiv Mehra (Admin),OU=Windows 7 Users,OU=FPB Users,OU=OPA Users,DC=opadev,DC=dol,DC=local) authentication ok (REMOTE_ADDR: 10.187.64.103).
What am I doing wrong?
Please help!