Hi all,
Currently I'm trying to solve quite complicated case. We have OTRS 5 implemented
with LDAP sync (to your Active Directory). We have specified few automatically assigned roles and groups via AD groups in Config.pm and everything works fine.
We are now solving case, when someone leave one of AD group, or leave company. Then we have still "active" user assigned in groups/roles, which he should not be assigned in. After successfull login of user OTRS checks AD groups and remove user from unwanted groups. But till the login other users can set "unwanted user" as responsible, etc.
Is there any possibility to run automaticaly some "AD sync" script? Then there is thing, that user can be disabled, so he cannot login - so there would be best to have some procedure, which runs with some "AD admin credentials" and checks all OTRS users and their AD groups.
Do you know about some done workaround? Or should I dive into OTRS pearl sources and try to write this script by myself?
Thank you very much!
LDAP/AD group automatic sync
Moderator: crythias
-
- Znuny newbie
- Posts: 75
- Joined: 27 Aug 2018, 13:50
- Znuny Version: Community
- Real Name: Christian Clavet
- Company: Tact Group
Re: LDAP/AD group automatic sync
Hi, The user would probably be still there, but OTRS will check with the LDAP server each time at login. If it's not in the LDAP it will not permit a login to occur (still some data will stay in the OTRS side)
Have you tested login to OTRS from an inactive|removed user in the LDAP server?
Have you tested login to OTRS from an inactive|removed user in the LDAP server?
----------------------------------------------
OTRS Community 6.0.11
Debian 9.0
MariaDB
OTRS Community 6.0.11
Debian 9.0
MariaDB