Multi groups query LDAP

English! place to talk about OTRS development, programming and coding

Moderator: tto

Post Reply
yenda
OTRS newbie
Posts: 1
Joined: 24 Nov 2017, 13:41
OTRS Version?: OTRS Free

Multi groups query LDAP

Post by yenda » 27 Nov 2017, 16:05

I need to filter LDAP records to access otrs like

((cn=branch)and(cn=department)or(cn=admins))

(cn=department) isn't an authentizing condition, it's a filter of otrs groups. It's on the same level of LDAP path as (cn=branch) and (cn=admins):
cn=branchA,ou=groups
cn=admins,ou=groups
cn=departmentD,ou=groups

I've tried to use a filter
$Self->{'AuthModule::LDAP::AlwaysFilter'} = '(|(cn=branchA)(cn=admins))';

that is the result a user logging LDAP filter in log:
(&(cn=usernameX)(|(cn=branchA)(cn=admins)))

It seems to be right but not working, usernameX's access is denied even he is in one or both of the groups.

I've used many variations of syntax including (&(|(objectclass=posixGroup))(|(cn=admins)(cn=branchA))) - this syntax running on our nextcloud file server, but no success in otrs.

Any idea?

otrs 5 on ubuntu 16.04, openldap (ubuntu)
Top
Post Reply

Return to “OTRS Developers”