Agent and Customer Auth using Active Directory

Moderator: crythias

Post Reply
jvhowell
OTRS newbie
Posts: 16
Joined: 12 Oct 2012, 01:54
OTRS Version?: 3.1.6
Real Name: Van Howell
Company: Lubbock Christian University

Agent and Customer Auth using Active Directory

Post by jvhowell » 12 Jul 2018, 23:27

Been working on this problem for weeks now. I've been through multiple different HowTo's and am currently using the sample from the OTRS site.
I can authenticate Agents, with the user manually entered into ORTS but I cannot authenticate Customers. I do not want to have to enter each customer into the OTRS DB. I would like to be able to authenticate Customers using only AD.

Would it be worth while just dumping this config and using the System Configuration feature in OTRS 6?

This is the LDAP part of my config.

# This is an example configuration for using an MS AD backend
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = LEVDC.xxxxx.xxx';
$Self->{'AuthModule::LDAP::BaseDN'} = 'DC=xxxxx,DC=xxx';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';

# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group OTRS_Agents to use otrs)
$Self->{'AuthModule::LDAP::GroupDN'} = 'CN=HelpdeskAgents,OU=Departments,OU=Distribution Lists,OU=Groups,OU=SPC,DC=xxxxx,DC=xxx;
$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';

# Bind credentials to log into AD
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'OTRS-LDAP@xxxxx.xxx';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'xxxxxx';

# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
$Self->{'AuthModule::LDAP::AlwaysFilter'} = '';

# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};

# Now sync data with OTRS DB
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = 'LEVDC.xxxxx.xxx';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'DC=xxxxx,DC=xxx';
$Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'OTRS-LDAP@xxxxx.xxx';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'xxxxxxx';
$Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthSyncModule::LDAP::UserAttr'} = 'DN';

$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
# DB -> LDAP
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};

# AuthSyncModule::LDAP::UserSyncInitialGroups
# (sync following group with rw permission after initial create of first agent
# login)
$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
'users',
];
# AuthSyncModule::LDAP::UserSyncGroupsDefinition
# (If "LDAP" was selected for AuthModule and you want to sync LDAP
# groups to otrs groups, define the following.)
$Self->{'AuthSyncModule::LDAP::UserSyncGroupsDefinition'} = {
# ldap group
'CN=HelpdeskAdmins,OU=Departments,OU=Distribution Lists,OU=Groups,OU=SPC,DC=xxxxx,DC=xxx' => {
# otrs group
'admin' => {
# permission
rw => 1,
ro => 1,
},
},
'CN=HelpdeskAgents,OU=Departments,OU=Distribution Lists,OU=Groups,OU=SPC,DC=xxxxx,DC=xxx' => {
'users' => {
move_into => 1,
},
}
};

# ---------------------------------------------------- #
# ---------------------------------------------------- #
# #
# LDAP binding for Customer #
# #
# ---------------------------------------------------- #
# ---------------------------------------------------- #


$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'LEVDC.xxxxx.xxx';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'DC=xxxxx,DC=xxx';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
# The following is valid but would only be necessary if the
# anonymous user do NOT have permission to read from the LDAP tree
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'CN=OTRS-LDAP,OU=Service Accounts,OU=SPC,DC=xxxxx,DC=xxx';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'xxxxxxx';
#
# LDAP/AD Backend
#
$Self->{CustomerUser1} = {
Name => ‘Active Directory or LDAP',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'LEVDC.southplainscollege.edu',
BaseDN => 'OU=SPC,DC=xxxxx,DC=xxx',
SSCOPE => 'sub',
UserDN =>'CN=OTRS-LDAP,OU=Service Accounts,OU=SPC,DC=xxxxx,DC=xxx',
UserPw => 'xxxxxxx',
},
# customer unique id
CustomerKey => 'sAMAccountName',
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
#[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
#[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
#[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};

# ---------------------------------------------------- #
# ---------------------------------------------------- #
# #
# Ende LDAP binding #
# #
# ---------------------------------------------------- #
# ---------------------------------------------------- #

wurzel
OTRS guru
Posts: 2440
Joined: 08 Jul 2010, 22:25
OTRS Version?: 6.0.x

Re: Agent and Customer Auth using Active Directory

Post by wurzel » 13 Jul 2018, 07:22

Hi,

config looks fine. Without having a look in your logs, there is not much to help.

Flo
    ((OTRS)) Community Edition 6.0.x, LAMP LIVE auf Debian 9
    OTRS 6 Managed Silver

    -- Ich beantworte keine Forums-Fragen PN - No PN please

    I won't answer to unfriendly users any more. A greeting and regards are just polite.

    root
    Moderator
    Posts: 1212
    Joined: 18 Dec 2007, 12:23
    OTRS Version?: 4/5/6
    Real Name: Roy Kaldung
    Company: Znuny Inc.
    Contact:

    Re: Agent and Customer Auth using Active Directory

    Post by root » 13 Jul 2018, 09:57

    Hi Van,

    There should be any related entry in the log like wurzel wrote. So far your Config looks good.

    - Roy
    OTRS 4/5/6 CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO

    You need professional services? Check out https://www.znuny.com/

    jvhowell
    OTRS newbie
    Posts: 16
    Joined: 12 Oct 2012, 01:54
    OTRS Version?: 3.1.6
    Real Name: Van Howell
    Company: Lubbock Christian University

    Re: Agent and Customer Auth using Active Directory

    Post by jvhowell » 13 Jul 2018, 15:14

    When I try a customer logon this is the error I get in /var/log/messages

    Jul 13 08:08:36 otrs OTRS-CGI-95[32931]: [Error][Kernel::System::User::UserLookup][Line:968]: No UserID found for 'ttesthowell2734'!

    And these messages in /var/log/httpd/error_log

    [Fri Jul 13 08:08:36.622806 2018] [cgi:error] [pid 64968] [client 10.1.131.8:52153] AH01215: , referer: http://otrs.southplainscollege.edu/otrs ... 2gz5lCHUoT;
    [Fri Jul 13 08:08:36.622840 2018] [cgi:error] [pid 64968] [client 10.1.131.8:52153] AH01215: RemoteAddress: 10.1.131.8, referer: http://otrs.southplainscollege.edu/otrs ... 2gz5lCHUoT;
    [Fri Jul 13 08:08:36.622866 2018] [cgi:error] [pid 64968] [client 10.1.131.8:52153] AH01215: RequestURI: /otrs/index.pl, referer: http://otrs.southplainscollege.edu/otrs ... 2gz5lCHUoT;
    [Fri Jul 13 08:08:36.622870 2018] [cgi:error] [pid 64968] [client 10.1.131.8:52153] AH01215: , referer: http://otrs.southplainscollege.edu/otrs ... 2gz5lCHUoT;
    [Fri Jul 13 08:08:36.622890 2018] [cgi:error] [pid 64968] [client 10.1.131.8:52153] AH01215: Traceback (32931): , referer: http://otrs.southplainscollege.edu/otrs ... 2gz5lCHUoT;
    [Fri Jul 13 08:08:36.622935 2018] [cgi:error] [pid 64968] [client 10.1.131.8:52153] AH01215: Module: Kernel::System::User::UserLookup Line: 968, referer: http://otrs.southplainscollege.edu/otrs ... 2gz5lCHUoT;
    [Fri Jul 13 08:08:36.622976 2018] [cgi:error] [pid 64968] [client 10.1.131.8:52153] AH01215: Module: Kernel::System::Auth::Auth Line: 245, referer: http://otrs.southplainscollege.edu/otrs ... 2gz5lCHUoT;
    [Fri Jul 13 08:08:36.623028 2018] [cgi:error] [pid 64968] [client 10.1.131.8:52153] AH01215: Module: Kernel::System::Web::InterfaceAgent::Run Line: 248, referer: http://otrs.southplainscollege.edu/otrs ... 2gz5lCHUoT;
    [Fri Jul 13 08:08:36.623072 2018] [cgi:error] [pid 64968] [client 10.1.131.8:52153] AH01215: Module: /opt/otrs/bin/cgi-bin/index.pl Line: 40, referer: http://otrs.southplainscollege.edu/otrs ... 2gz5lCHUoT;
    [Fri Jul 13 08:08:36.623077 2018] [cgi:error] [pid 64968] [client 10.1.131.8:52153] AH01215: , referer: http://otrs.southplainscollege.edu/otrs ... 2gz5lCHUoT;

    root
    Moderator
    Posts: 1212
    Joined: 18 Dec 2007, 12:23
    OTRS Version?: 4/5/6
    Real Name: Roy Kaldung
    Company: Znuny Inc.
    Contact:

    Re: Agent and Customer Auth using Active Directory

    Post by root » 13 Jul 2018, 15:28

    Hi Van,

    That's the webserver log. OTRS is logging via Syslog or in a custom file (see SysConfig LogModule, LogModule::LogFile) or check the System Log in the admin area.

    - Roy
    OTRS 4/5/6 CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO

    You need professional services? Check out https://www.znuny.com/

    jvhowell
    OTRS newbie
    Posts: 16
    Joined: 12 Oct 2012, 01:54
    OTRS Version?: 3.1.6
    Real Name: Van Howell
    Company: Lubbock Christian University

    Re: Agent and Customer Auth using Active Directory

    Post by jvhowell » 13 Jul 2018, 16:58

    This is the message from System Log

    Fri Jul 13 08:08:36 2018 error OTRS-CGI-95 No UserID found for 'ttesthowell2734'!

    root
    Moderator
    Posts: 1212
    Joined: 18 Dec 2007, 12:23
    OTRS Version?: 4/5/6
    Real Name: Roy Kaldung
    Company: Znuny Inc.
    Contact:

    Re: Agent and Customer Auth using Active Directory

    Post by root » 13 Jul 2018, 17:04

    jvhowell wrote:
    13 Jul 2018, 16:58
    This is the message from System Log

    Fri Jul 13 08:08:36 2018 error OTRS-CGI-95 No UserID found for 'ttesthowell2734'!
    Hi Van,

    This message is related to an agent login. The message for CustomerUser woud be like "No such user.."

    There must be another message in the OTRS log after an customer tries to login via /otrs/customer.pl

    - Roy
    OTRS 4/5/6 CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO

    You need professional services? Check out https://www.znuny.com/

    jvhowell
    OTRS newbie
    Posts: 16
    Joined: 12 Oct 2012, 01:54
    OTRS Version?: 3.1.6
    Real Name: Van Howell
    Company: Lubbock Christian University

    Re: Agent and Customer Auth using Active Directory

    Post by jvhowell » 13 Jul 2018, 17:13

    Thats the only message related to the logon.
    If I were to add a GroupDN for customers would that help?
    Also, can I add more than one GroupDN. My customers will be in one of two groups. "Faculty and Staff" or "Students Security"

    jvhowell
    OTRS newbie
    Posts: 16
    Joined: 12 Oct 2012, 01:54
    OTRS Version?: 3.1.6
    Real Name: Van Howell
    Company: Lubbock Christian University

    Re: Agent and Customer Auth using Active Directory

    Post by jvhowell » 13 Jul 2018, 17:14

    Also, what if I use only the Customer LDAP Authentication and eliminate the Agent. Since I have to put the Agent into OTRS anyway it seems pointless to use AD. I have a small number of agents to work with.

    root
    Moderator
    Posts: 1212
    Joined: 18 Dec 2007, 12:23
    OTRS Version?: 4/5/6
    Real Name: Roy Kaldung
    Company: Znuny Inc.
    Contact:

    Re: Agent and Customer Auth using Active Directory

    Post by root » 13 Jul 2018, 17:15

    I woud start without any group restrictions first. Do you really use customer.pl to check the customer login?

    - Roy
    OTRS 4/5/6 CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO

    You need professional services? Check out https://www.znuny.com/

    root
    Moderator
    Posts: 1212
    Joined: 18 Dec 2007, 12:23
    OTRS Version?: 4/5/6
    Real Name: Roy Kaldung
    Company: Znuny Inc.
    Contact:

    Re: Agent and Customer Auth using Active Directory

    Post by root » 13 Jul 2018, 18:29

    jvhowell wrote:
    13 Jul 2018, 17:14
    Also, what if I use only the Customer LDAP Authentication and eliminate the Agent. Since I have to put the Agent into OTRS anyway it seems pointless to use AD. I have a small number of agents to work with.
    Hi,

    You can do both or the one or other. I prefer alway both to keep it simple for everyone to use the same password (and authentication backend). They don't interfere each other.

    - Roy
    OTRS 4/5/6 CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO

    You need professional services? Check out https://www.znuny.com/

    jvhowell
    OTRS newbie
    Posts: 16
    Joined: 12 Oct 2012, 01:54
    OTRS Version?: 3.1.6
    Real Name: Van Howell
    Company: Lubbock Christian University

    Re: Agent and Customer Auth using Active Directory

    Post by jvhowell » 13 Jul 2018, 18:32

    OK, I commented out the GroupDN and the rights assignment in the Sync section.
    I can now logon with the customer account but I think it is connected as an agent. (not sure, new to this software)

    Why would this happen?

    The AD account I am using is not a member of the HelpDeskAgent group so I would think it would skip that section and attempt to connect using the Customer Auth section.

    jvhowell
    OTRS newbie
    Posts: 16
    Joined: 12 Oct 2012, 01:54
    OTRS Version?: 3.1.6
    Real Name: Van Howell
    Company: Lubbock Christian University

    Re: Agent and Customer Auth using Active Directory

    Post by jvhowell » 13 Jul 2018, 18:42

    When I look at Admin, Agents I see the ttesthowell2734 user listed there. I also have 250+ Customer Users listed. How were these created?

    root
    Moderator
    Posts: 1212
    Joined: 18 Dec 2007, 12:23
    OTRS Version?: 4/5/6
    Real Name: Roy Kaldung
    Company: Znuny Inc.
    Contact:

    Re: Agent and Customer Auth using Active Directory

    Post by root » 13 Jul 2018, 18:45

    jvhowell wrote:
    13 Jul 2018, 18:42
    When I look at Admin, Agents I see the ttesthowell2734 user listed there. I also have 250+ Customer Users listed. How were these created?
    CustomerUsers from LDAP/Active Directory were not created, just referenced.

    - Roy
    OTRS 4/5/6 CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO

    You need professional services? Check out https://www.znuny.com/

    jvhowell
    OTRS newbie
    Posts: 16
    Joined: 12 Oct 2012, 01:54
    OTRS Version?: 3.1.6
    Real Name: Van Howell
    Company: Lubbock Christian University

    Re: Agent and Customer Auth using Active Directory

    Post by jvhowell » 13 Jul 2018, 21:32

    I pasted the config from a notes file I was working on. I noticed that there is one change I have made in the production Config.pm file.
    I have added the 1 after the modules for Agent Auth but I do not have a number with the Customer Auth. Will this make a difference?

    Below is a copy of the section from the Production Config.pm

    # This is an example configuration for using an MS AD backend
    $Self->{'AuthModule1'} = 'Kernel::System::Auth::LDAP';
    $Self->{'AuthModule::LDAP::Host1'} = 'LEVDC.southplainscollege.edu';
    $Self->{'AuthModule::LDAP::BaseDN1'} = 'DC=southplainscollege,DC=edu';
    $Self->{'AuthModule::LDAP::UID1'} = 'sAMAccountName';

    # Check if the user is allowed to auth in a posixGroup
    # (e. g. user needs to be in a group OTRS_Agents to use otrs)
    # $Self->{'AuthModule::LDAP::GroupDN1'} = 'CN=HelpdeskAgents,OU=Departments,OU=Distribution Lists,OU=Groups,OU=SPC,DC=southplainscollege,DC=edu';
    # $Self->{'AuthModule::LDAP::AccessAttr1'} = 'member';
    # $Self->{'AuthModule::LDAP::UserAttr1'} = 'DN';

    # Bind credentials to log into AD
    $Self->{'AuthModule::LDAP::SearchUserDN1'} = 'CN=OTRS-LDAP,OU=Service Accounts,OU=SPC,DC=southplainscollege,DC=edu';
    $Self->{'AuthModule::LDAP::SearchUserPw1'} = 'xxxx';

    # in case you want to add always one filter to each ldap query, use
    # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
    $Self->{'AuthModule::LDAP::AlwaysFilter1'} = '(objectclass=user)';

    # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
    $Self->{'AuthModule::LDAP::Params1'} = {
    port => 389,
    timeout => 120,
    async => 0,
    version => 3,
    };

    # Now sync data with OTRS DB
    $Self->{'AuthSyncModule1'} = 'Kernel::System::Auth::Sync::LDAP';
    $Self->{'AuthSyncModule::LDAP::Host1'} = 'LEVDC.southplainscollege.edu';
    $Self->{'AuthSyncModule::LDAP::BaseDN1'} = 'DC=southplainscollege,DC=edu';
    $Self->{'AuthSyncModule::LDAP::UID1'} = 'sAMAccountName';
    $Self->{'AuthSyncModule::LDAP::SearchUserDN1'} = 'CN=OTRS-LDAP,OU=Service Accounts,OU=SPC,DC=southplainscollege,DC=edu';
    $Self->{'AuthSyncModule::LDAP::SearchUserPw1'} = 'xxxxxxx';
    $Self->{'AuthSyncModule::LDAP::AccessAttr1'} = 'member';
    $Self->{'AuthSyncModule::LDAP::UserAttr1'} = 'DN';

    $Self->{'AuthSyncModule::LDAP::UserSyncMap1'} = {
    # DB -> LDAP
    UserFirstname => 'givenName',
    UserLastname => 'sn',
    UserEmail => 'mail',
    };

    # AuthSyncModule::LDAP::UserSyncInitialGroups
    # (sync following group with rw permission after initial create of first agent
    # login)
    $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups1'} = [
    'users',
    ];
    # AuthSyncModule::LDAP::UserSyncGroupsDefinition
    # (If "LDAP" was selected for AuthModule and you want to sync LDAP
    # groups to otrs groups, define the following.)
    $Self->{'AuthSyncModule::LDAP::UserSyncGroupsDefinition1'} = {
    # ldap group
    'CN=HelpdeskAdmins,OU=Departments,OU=Distribution Lists,OU=Groups,OU=SPC,DC=southplainscollege,DC=edu' => {
    # otrs group
    'admin' => {
    # permission
    rw => 1,
    ro => 1,
    },
    },
    'CN=HelpdeskAgents,OU=Departments,OU=Distribution Lists,OU=Groups,OU=SPC,DC=southplainscollege,DC=edu' => {
    'users' => {
    move_into => 1,
    },
    }
    };

    # ---------------------------------------------------- #
    # ---------------------------------------------------- #
    # #
    # LDAP binding for Customer #
    # #
    # ---------------------------------------------------- #
    # ---------------------------------------------------- #


    $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
    $Self->{'Customer::AuthModule::LDAP::Host'} = 'LEVDC.southplainscollege.edu';
    $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'DC=southplainscollege,DC=edu';
    $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';

    # The following is valid but would only be necessary if the
    # anonymous user do NOT have permission to read from the LDAP tree
    $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'CN=OTRS-LDAP,OU=Service Accounts,OU=SPC,DC=southplainscollege,DC=edu';
    $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'xxxxx';
    #
    # LDAP/AD Backend
    #
    $Self->{CustomerUser1} = {
    Name => 'Active Directory or LDAP',
    Module => 'Kernel::System::CustomerUser::LDAP',
    Params => {
    Host => 'LEVDC.southplainscollege.edu',
    BaseDN => 'DC=southplainscollege,DC=edu',
    SSCOPE => 'sub',
    UserDN =>'CN=OTRS-LDAP,OU=Service Accounts,OU=SPC,DC=southplainscollege,DC=edu',
    UserPw => 'xxxxxxx',
    },

    # customer unique id
    CustomerKey => 'sAMAccountName',
    CustomerID => 'mail',
    CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserSearchPrefix => '',
    CustomerUserSearchSuffix => '@southplainscollege.edu',
    CustomerUserSearchListLimit => 25000,
    CustomerUserPostMasterSearchFields => ['mail'],
    CustomerUserNameFields => ['givenname', 'sn'],
    Map => [
    # note: Login, Email and CustomerID needed!
    # var, frontend, storage, shown, required, storage-type
    #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
    [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
    [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
    [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
    [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
    [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
    [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
    #[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
    #[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
    ],
    };

    # ---------------------------------------------------- #
    # ---------------------------------------------------- #
    # #
    # Ende LDAP binding #
    # #
    # ---------------------------------------------------- #
    # ---------------------------------------------------- #

    root
    Moderator
    Posts: 1212
    Joined: 18 Dec 2007, 12:23
    OTRS Version?: 4/5/6
    Real Name: Roy Kaldung
    Company: Znuny Inc.
    Contact:

    Re: Agent and Customer Auth using Active Directory

    Post by root » 19 Jul 2018, 11:27

    Hi Van,

    The 1 after the Agent Authentication just says it's the second mechanism which is tried when an agent logins in. The default is the built in database (without any number), after that the configuration with the appendix 1, then with 2 (up to 1o) if they exist.

    - Roy
    OTRS 4/5/6 CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO

    You need professional services? Check out https://www.znuny.com/

    Post Reply