Multi groups query LDAP

English! place to talk about development, programming and coding
Post Reply
yenda
Znuny newbie
Posts: 1
Joined: 24 Nov 2017, 13:41
Znuny Version: OTRS Free

Multi groups query LDAP

Post by yenda »

I need to filter LDAP records to access otrs like

((cn=branch)and(cn=department)or(cn=admins))

(cn=department) isn't an authentizing condition, it's a filter of otrs groups. It's on the same level of LDAP path as (cn=branch) and (cn=admins):
cn=branchA,ou=groups
cn=admins,ou=groups
cn=departmentD,ou=groups

I've tried to use a filter
$Self->{'AuthModule::LDAP::AlwaysFilter'} = '(|(cn=branchA)(cn=admins))';

that is the result a user logging LDAP filter in log:
(&(cn=usernameX)(|(cn=branchA)(cn=admins)))

It seems to be right but not working, usernameX's access is denied even he is in one or both of the groups.

I've used many variations of syntax including (&(|(objectclass=posixGroup))(|(cn=admins)(cn=branchA))) - this syntax running on our nextcloud file server, but no success in otrs.

Any idea?

otrs 5 on ubuntu 16.04, openldap (ubuntu)
Post Reply