Hi all,
Am 07.11.2009 um 21:57 schrieb Adam Bator:
I would also like to see an answer to this one :(
Josh Higgins pisze:
Does anyone have a sample configuration of syncing LDAP groups to
OTRS roles in v2.4?
this changed in 2.4.4.
Here is a example configuration (Defaults.pm line # 414) for having
roles assigned based on ldap group assignment:
# This is an example configuration for an LDAP auth sync. backend.
# (take care that Net::LDAP is installed!)
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = 'ldap.example.com';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=example,dc=com';
$Self->{'AuthSyncModule::LDAP::UID'} = 'uid';
# The following is valid but would only be necessary if the
# anonymous user do NOT have permission to read from the LDAP tree
# $Self->{'AuthSyncModule::LDAP::SearchUserDN'} = '';
# $Self->{'AuthSyncModule::LDAP::SearchUserPw'} = '';
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter
=> '(objectclass=user)'
# $Self->{'AuthSyncModule::LDAP::AlwaysFilter'} = '';
# AuthSyncModule::LDAP::UserSyncMap
# (map if agent should create/synced from LDAP to DB after
successful login)
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
# DB -> LDAP
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
# In case you need to use OTRS in iso-charset, you can define this
# by using this option (converts utf-8 data from LDAP to iso).
# $Self->{'AuthSyncModule::LDAP::Charset'} = 'iso-8859-1';
# Net::LDAP new params (if needed - for more info see perldoc
Net::LDAP)
# $Self->{'AuthSyncModule::LDAP::Params'} = {
# port => 389,
# timeout => 120,
# async => 0,
# version => 3,
# };
# Die if backend can't work, e. g. can't connect to server.
# $Self->{'AuthSyncModule::LDAP::Die'} = 1;
# Attributes needed for group syncs
# (attribute name for group value key)
$Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'memberUid';
# (attribute for type of group content UID/DN for full ldap name)
# $Self->{'AuthSyncModule::LDAP::UserAttr'} = 'UID';
$Self->{'AuthSyncModule::LDAP::UserAttr'} = 'DN';
# AuthSyncModule::LDAP::UserSyncInitialGroups
# (sync following group with rw permission after initial create
of first agent
# login)
# $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
# 'users',
# ];
# AuthSyncModule::LDAP::UserSyncRolesDefinition
# (If "LDAP" was selected for AuthModule and you want to sync LDAP
# groups to otrs roles, define the following.)
$Self->{'AuthSyncModule::LDAP::UserSyncRolesDefinition'} = {
# ldap group
'cn=agent,o=otrs' => {
# otrs role
'role1' => 1,
'role2' => 0,
},
'cn=agent2,o=otrs' => {
'role3' => 1,
}
};
Nils Leideck
--
Nils Leideck
Senior Consultant
[email protected]
LeideX.net
Nils Leideck - ITSM
Greesbergstr. 11
D - 50668 Köln Altstadt-Nord
Mobile : +49 (0) 173 2733 892
Tel. : +49 (0) 221 1689 6910
FAX : +49 (0) 221 2711 285
Geschäftssitz: Köln Altstadt-Nord, Amtsgericht: Köln, HRB 10751
Steuernummer: 215/5102/2272, IdNr: 49 303 782 567
http://webint.cryptonode.de / a Fractal project
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/
