I have an AD server where I created two groups:
- HelpdeskAgents
- HelpdeskCustomers
I am having two problems after configuring LDAP authentication
- My user does not appear in the agents list
- In the users' list I see users who are not members of HelpdeskCustomers (it is reading everything under OU=MYIUser,DC=domain,DC=lan')
Code: Select all
# ---------------------------------------------------- #
# LDAP Auth #
# ---------------------------------------------------- #
$Self->{'AuthModule1'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host1'} = 'DomainController';
$Self->{'AuthModule::LDAP::BaseDN1'} = 'dc=domain,dc=lan';
$Self->{'AuthModule::LDAP::UID1'} = 'samaccountname';
$Self->{'AuthModule::LDAP::GroupDN1'} = 'CN=HelpdeskAgents,OU=HelpdeskSystem,OU=Groups,DC=domain,DC=lan';
$Self->{'AuthModule::LDAP::AccessAttr1'} = 'member';
$Self->{'AuthModule::LDAP::UserAttr1'} = 'DN';
$Self->{'AuthModule::LDAP::SearchUserDN1'} = 'CN=ldapbind,OU=US,OU=MYIUser,DC=domain,DC=lan';
$Self->{'AuthModule::LDAP::SearchUserPw1'} = '**********';
$Self->{'UserSyncLDAPMap1'} = {
'UserEmail' => 'mail',
'UserFirstname' => 'givenName',
'UserLastname' => 'sn',
'UserLogin' => 'sAMAccountName'
};
#-----------------------------------------------------------#
# Customer #
#-----------------------------------------------------------#
$Self->{'Customer::AuthModule1'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host1'} = 'DomainController';
$Self->{'Customer::AuthModule::LDAP::BaseDN1'} ='OU=MYIUser,DC=domain,DC=lan';
$Self->{'Customer::AuthModule::LDAP::UID1'} = 'sAMAccountName';
$Self->{'Customer::AuthModule::LDAP::GroupDN1'} = 'CN=HelpdeskCustomers,OU=HelpdeskSystem,OU=Groups,DC=domain,DC=lan';
$Self->{'Customer::AuthModule::LDAP::AccessAttr1'} = 'member';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN1'} = 'CN=ldapbind,OU=US,OU=MYIUser,DC=domain,DC=lan';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw1'} = '**********';
$Self->{'Customer::AuthModule::LDAP::Params1'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
#-----------------------------------------------------------#
# LDAP System Users #
#-----------------------------------------------------------#
$Self->{'AuthModule1'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host1'} = 'DomainController';
$Self->{'AuthModule::LDAP::BaseDN1'} = 'DC=domain,DC=lan';
$Self->{'AuthModule::LDAP::UID1'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::SearchUserDN1'} = 'CN=ldapbind,OU=US,OU=MYIUser,DC=domain,DC=lan';
$Self->{'AuthModule::LDAP::SearchUserPw1'} = '**********';
$Self->{'AuthModule::LDAP::Params1'} = {
'async' => '0',
'timeout' => '120',
'version' => '3',
'port' => '389'
};
$Self->{'AuthModule::LDAP::Die1'} = 1;
#-----------------------------------------------------------#
# UserSyncLDAPMap #
#-----------------------------------------------------------#
$Self->{'UserSyncLDAPMap1'} = {
'UserEmail' => 'mail',
'UserFirstname' => 'givenName',
'UserLastname' => 'sn',
'UserLogin' => 'sAMAccountName'
};
$Self->{CustomerUser1} = {
Name => 'LDAP Backend',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'DomainController',
BaseDN => 'DC=domain,DC=lan',
SSCOPE => 'sub',
UserDN => 'CN=ldapbind,OU=US,OU=MYIUser,DC=domain,DC=lan',
UserPw => '**********',
AlwaysFilter => '(&(objectclass=user)(mail=*.*@domain.com))',
},
CustomerKey => 'sAMAccountName',
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
CustomerUserSearchListLimit => 1000,
Map => [
[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
],
};
# ---------------------------------------------------- #
# End LDAP Auth #
# ---------------------------------------------------- #