Re: [otrs] LDAP Groups

Thu, 19 Feb 2004 12:17:20 -0800 

On Thu, Feb 19, 2004 at 01:30:02PM -0600, Jason Joines wrote:
> >>  Then, jo, don, and sam along with everyone else were no longer able 
> >>to log in.  The error in the log is:
> >>
> >>User: jo login failed, no LDAP group entry 
> >>foundGroupDN='cn=otrs,dc=mydomain,dc=org', 
> >>Filter='(memberUid=uid=jo,dc=mydomain,dc=org)'! (REMOTE_ADDR: 
> >>172.16.9.159).
> >>
> >>  What setting should I use to require membership in my group?
> >
> >[Kernle/Config.pm]
> >
> >   # for ldap posixGroups objectclass (just uid)
> >   $Self->{'AuthModule::LDAP::UserAttr'} = 'UID';
> >
> >[...]
> >
> >See Kernel/Config/Defaults.pm.
> 
>    I did look at that and it's how I got User LDAP Authentication 
> working.  I don't think I understand what I'm seeing.  In:
> $Self->{'AuthModule::LDAP::UserAttr'} = 'UID';
> how do I specify what group?
> 
>    My settings to make sure User LDAP Authentication was working were:
> 
> $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
> $Self->{'AuthModule::LDAP::Host'} = 'ldap.mydomain.org';
> $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=mydomain,dc=org';
> $Self->{'AuthModule::LDAP::UID'} = 'uid';
> 
>    That allowed LDAP users to authenticate.  However, it allowed all my 
> LDAP users to authenticate.  I need to restrict it to a particular 
> subset of users based on posixGroup.  So, I added:
> 
> $Self->{'AuthModule::LDAP::GroupDN'} = 'cn=otrs,dc=mydomain,dc=org';
> $Self->{'AuthModule::LDAP::AccessAttr'} = 'memberUid';

Add 

$Self->{'AuthModule::LDAP::UserAttr'} = 'UID';

To Kernel/Config.pm like I wrote. It tells the ldap auth module that the 
cn=otrs,dc=mydomain,dc=org group is an posixGroup group (and not a normal
LDAP group).

> Jason
> ===========

  Martin Edenhofer

--
((otrs.de)) :: OTRS GmbH :: Norsk-Data-Str. 1 :: 61352 Bad Homburg
        http://www.otrs.de/ :: Manage your communication! 

_______________________________________________
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support oder Consulting f�r Ihr OTRS System?
=> http://www.otrs.de/

Reply via email to