|
This is what we use for authenticating/etc against AD:
In Kernel/Config.pm: $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self->{'Customer::AuthModule::LDAP::Host'} = 'IP-Addr'; $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=SOMEPLACE,dc=TLD'; $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'DOMAIN\user'; $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'Password'; $Self->{'Customer::AuthModule::LDAP::Params'} = { port => 3268, timeout => 120, async => 0, version => 3, }; and to synchronize customer info against AD: $Self->{CustomerUser} = { Name => 'Active Directory', Module => 'Kernel::System::CustomerUser::LDAP', Params => { Host => 'IP-Addr', BaseDN => 'DC=SOMEPLACE,DC=TLD', SSCOPE => 'sub', AlwaysFilter => '(primaryGroupID=513)', UserDN => 'DOMAIN\user', UserPw => 'Password', SourceCharset => 'utf-8', DestCharset => 'iso-8859-1', Params => { port => 3268, timeout => 120, async => 0, version => 3, }, }, CustomerKey => 'sAMAccountName', CustomerID => 'userPrincipalName', CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchFields => ['cn', 'mail', 'displayName', 'sAMAccountName','sn','givenName'], CustomerUserSearchPrefix => '', CustomerUserSearchSuffix => '', CustomerUserSearchListLimit => 1000, CustomerUserPostMasterSearchFields => ['mail'], CustomerUserNameFields => ['givenName', 'sn'], Map => [ [ 'UserSalutation', 'Title', 'title', 1, 0, 'var', '', 0 ], [ 'UserFirstname', 'Firstname', 'givenName', 1, 1, 'var', '', 0 ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var', '', 0 ], [ 'UserLogin', 'Username', 'sAMAccountName', 1, 1, 'var', '', 0 ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var', '', 0 ], [ 'UserCustomerID', 'CustomerID', 'userPrincipalName', 0, 1, 'var', '', 0 ], [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1, 0, 'var', '', 0 ], [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var', '', 0 ], [ 'UserAddress', 'Site', 'physicalDeliveryOfficeName', 1, 0, 'var', '', 0 ], [ 'UserComment', 'Comment', 'description', 1, 0, 'var', '', 0 ], ], }; The AlwaysFilter => '(primaryGroupID=513)', entry is primarily usefull to keep it from pulling seemingly every object in AD when viewing the Customer Users <=> Groups control pannel in the admin area. The reason for the odd port numbers is that a while back i read that some people have more reliable plain LDAP access to AD on those ports, and using them has never failed me. good luck Mike John d'Alelio wrote:
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient (s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
|
_______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support or consulting for your OTRS system? => http://www.otrs.com/
