I'm trying to sync LDAP Agents (Adctive Directory in Windows 2012) with OTRS but no success. My Config.pm file:
Code: Select all
# This is an example configuration for an LDAP auth. backend.
# (take care that Net::LDAP is installed!)
$Self->{AuthModule} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'ldap.example.com';
$Self->{'AuthModule::LDAP::BaseDN'} = 'ou=users,dc=ldap,dc=example,dc=com';
$Self->{'AuthModule::LDAP::UID'} = 'mail';
# Check if the user is allowed to auth in a posixGroup
$Self->{'AuthModule::LDAP::GroupDN'} = 'cn=otrs_agents,ou=OTRS,ou=Groups,dc=ldap,dc=example,dc=com';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'memberUid';
# The following is valid but would only be necessary if the
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'otrsbinduser';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'otrsbindpass';
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
$Self->{'AuthModule::LDAP::AlwaysFilter'} = '(&(objectClass=user)( !(userAccountControl:1.2.840.113556.1.4.803:=2)))';
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
# --------------------------------------------------- #
# (enable agent data sync. after succsessful #
# authentication) #
# --------------------------------------------------- #
# This is an example configuration for an LDAP auth sync. backend.
$Self->{AuthSyncModule} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = 'ldap.example.com';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'ou=users,dc=ldap,dc=example,dc=com';
$Self->{'AuthSyncModule::LDAP::UID'} = 'mail';
# The following is valid but would only be necessary if the
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'otrbinduser';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'otrsbindpass';
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
$Self->{'AuthSyncModule::LDAP::AlwaysFilter'} = '';
# AuthSyncModule::LDAP::UserSyncMap
# (map if agent should create/synced from LDAP to DB after successful login)
# you may specify LDAP-Fields as either
# * list, which will check each field. first existing will be picked ( ["givenName","cn","_empty"] )
# * name of an LDAP-Field (may return empty strings) ("givenName")
# * fixed strings, prefixed with an underscore: "_test", which will always return this fixed string
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
# DB -> LDAP
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'AuthSyncModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
# AuthSyncModule::LDAP::UserSyncInitialGroups
# (sync following group with rw permission after initial create of first agent
# login)
$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
'users',
];
Code: Select all
No UserID found for 'user@example.com'!
User: user@example.com authentication failed, no LDAP entry found!BaseDN='ou=users,dc=ldap,dc=com', Filter='(mail=user@example.com)
I appreciate your help.