Hi,
es ist schon mehrfach in der Liste aufgetaucht, ich konnte mein
Problem aber dennoch nicht loesen.
1. Man kann sowohl agenten als auch Kunden ueber ldap authentifizieren
und ggf. automatisch den kunden/agenten in der DB anlegen ?
Entsprechend der Dokumentation und Hinweisen aus der Liste sieht die
Config.pm in Auszuegen wie folgt aus (ip und hostnamen sind veraendert
angegeben).
sub Load {
my $Self = shift;
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# #
# Start of your own config options!!! #
# #
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# database settings #
# ---------------------------------------------------- #
# DatabaseHost
# (The database host.)
$Self->{'DatabaseHost'} = 'localhost';
# Database
# (The database name.)
$Self->{'Database'} = 'otrs';
# DatabaseUser
# (The database user.)
$Self->{'DatabaseUser'} = 'otrs';
# DatabasePw
# (The password of database user. You also can use bin/CryptPassword.pl
# for crypted passwords.)
$Self->{'DatabasePw'} = 'pw';
# DatabaseDSN
# (The database DSN for MySQL ==> more: "man DBD::mysql")
$Self->{DatabaseDSN} =
"DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost};";
# (The database DSN for PostgrSQL ==> more: "man DBD::Pg")
# if you want to use a local socket connection
# $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};";
# if you want to use a tcpip connection
# $Self->{DatabaseDSN} =
"DBI:Pg:dbname=$Self->{Database};host=$Self->{DatabaseHost};";
# ---------------------------------------------------- #
# fs root directory
# ---------------------------------------------------- #
$Self->{Home} = '/usr/share/otrs';
# **************************************************** #
# insert your own config settings "here" #
# config settings taken from Kernel/Config/Defaults.pm #
# **************************************************** #
# $Self->{SessionUseCookie} = 0;
# $Self->{'CheckMXRecord'} = 1;
# **************************************************** #
# ---------------------------------------------------- #
# data inserted by installer #
# ---------------------------------------------------- #
# $DIBI$
$Self->{'SystemID'} = 10;
$Self->{'SecureMode'} = 1;
$Self->{'Organization'} = 'Org';
$Self->{'LogModule::LogFile'} = '/tmp/otrs.log';
$Self->{'LogModule'} = 'Kernel::System::Log::SysLog';
$Self->{'FQDN'} = 'localhost';
$Self->{'DefaultLanguage'} = 'de';
$Self->{'DefaultCharset'} = 'iso-8859-1';
$Self->{'AdminEmail'} = '[EMAIL PROTECTED]';
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# #
# End of your own config options!!! #
# #
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# CustomerUser
# (customer user ldap backend and settings)
$Self->{CustomerUser} = {
Name => 'LDAP Datenquelle',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
# ldap host
Host => '10.x.x.x',
# ldap base dn
BaseDN => 'o=ROOT',
# search scope (one|sub)
SSCOPE => 'sub',
# # The following is valid but would only be necessary if the
# # anonymous user does NOT have permission to read from the
LDAP tree
UserDN => '',
UserPw => '',
# in case you want to add always one filter to each ldap
query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or
AlwaysFilter => '(objectclass=user)'
AlwaysFilter => '',
# if your frontend is e. g. iso-8859-1 and the charset of your
# ldap server is utf-8, use this options (if not, ignore it)
# SourceCharset => 'utf-8',
# DestCharset => 'iso-8859-1',
# Net::LDAP new params (if needed - for more info see
perldoc Net::LDAP)
Params => {
port => 389,
timeout => 120,
async => 0,
version => 3,
},
},
# customer uniq id
CustomerKey => 'uid',
# customer #
CustomerID => 'mail',
CustomerUserListFields => ['cn', 'mail'],
CustomerUserSearchFields => ['uid', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
# show now own tickets in customer panel, CompanyTickets
CustomerUserExcludePrimaryCustomerID => 0,
# add a ldap filter for valid users (expert setting)
# CustomerUserValidFilter => '(!(description=gesperrt))',
# admin can't change customer preferences
AdminSetPreferences => 0,
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown (1=always,2=lite), required,
storage-type, http-link, readonly
[ 'UserSalutation', 'Title', 'title', 1, 0,
'var', '', 0 ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1,
'var', '', 0 ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1,
'var', '', 0 ],
[ 'UserLogin', 'Username', 'uid', 1, 1,
'var', '', 0 ],
[ 'UserEmail', 'Email', 'mail', 1, 1,
'var', '', 0 ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1,
'var', '', 0 ],
# [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids',
1, 0, 'var', '', 0 ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0,
'var', '', 0 ],
[ 'UserAddress', 'Address', 'postaladdress', 1, 0,
'var', '', 0 ],
[ 'UserComment', 'Comment', 'description', 1, 0,
'var', '', 0 ],
],
};
# Custom user authentication via LDAP
# This is an example configuration for an LDAP auth. backend.
# (take care that Net::LDAP is installed!)
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'ldaps://hostname.local';
$Self->{'AuthModule::LDAP::BaseDN'} = 'o=ROOT';
$Self->{'AuthModule::LDAP::UID'} = 'uid';
# for ldap posixGroups objectclass (just uid)
$Self->{'AuthModule::LDAP::UserAttr'} = 'uid';
# The following is valid but would only be necessary if the
# anonymous user do NOT have permission to read from the LDAP tree
$Self->{'AuthModule::LDAP::SearchUserDN'} = '';
$Self->{'AuthModule::LDAP::SearchUserPw'} = '';
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter =>
'(objectclass=user)'
$Self->{'AuthModule::LDAP::AlwaysFilter'} = '(objectClass=Person)';
# sets the scope to use for LDAP->search
# basiert auf ergaenzung des ldap auth modules
$Self->{'AuthModule::LDAP::SScope'} = 'sub';
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'AuthModule::LDAP::Params'} = {
port => 636,
timeout => 120,
async => 0,
version => 3,
capath => '/etc/ldap/certs/',
version => 3 # ldaps only works with LDAPv3
};
$Self->{UserSyncLDAPMap} = {
# DB -> LDAP
salutation => 'generationQualifier',
Firstname => 'givenName',
Lastname => 'sn',
Email => 'mail',
};
# UserSyncLDAPGroups
# (If "LDAP" was selected for AuthModule, you can specify
# initial user groups for first login.)
#$Self->{UserSyncLDAPGroups} = [
# 'users',
#];
# UserTable
#$Self->{DatabaseUserTable} = 'system_user';
#$Self->{DatabaseUserTableUserID} = 'id';
#$Self->{DatabaseUserTableUserPW} = 'pw';
#$Self->{DatabaseUserTableUser} = 'login';
}
Sowohl kunden als auch agenten login scheitern damit.
Der agentenlogin scheitert damit, dass keine daten fuer den user
gefunden werden. Das uebliche Panic! No user data oder so aehnlich
erscheint nach vielen minuten.
Wo wird eigendlich zwischen agenten und kundenauth unterschieden ?
Ich moechte zwischen kunden und agenten im ldap ueber
gruppezugehoerigkeiten unterscheiden. Ist so etwas moegich ?
Gruss
begin:vcard
fn:Arvid Walter
n:Walter;Arvid
email;internet:[EMAIL PROTECTED]
tel;home:+49 (0)30 417 266 31
tel;cell:+49 (0)162 7709 459
version:2.1
end:vcard
_______________________________________________
OTRS Mailingliste: otrs-de - Webpage: http://otrs.org/
Archiv: http://lists.otrs.org/pipermail/otrs-de/
Listenabo verwalten: http://lists.otrs.org/cgi-bin/listinfo/otrs-de/
Support oder Consulting fuer Ihr OTRS System?
=> http://www.otrs.de/
