On 01/12/2010 04:44 PM, Nils Leideck - ITSM wrote:
Hi Dant,
On 12.01.2010, at 23:35, Dan Trainor wrote:
My question is, however, can I use AuthModule::LDAP::GroupDN more than
once? If you're still following me, I'd like to use
AuthModule::LDAP::GroupDN once for each AD group present, so I don't
need to maintain a separate list of groups in AD, to signify which
users can have access to what, outside of the
one-AD-group-per-OTRS-queue system that I'm shooting for.
Am I going about this the right way? In theory, this all looks great :)
AuthModule::LDAP::GroupDN is for limiting the login to certain people
based on the AD configuration.
If you want to control the permissioning within OTRS based on AD Groups
please have a look at Defaults.pm starting at line 421 (if you use OTRS
2.4.5) or search for "AuthSyncModule".
There you can copy the example configuration, copy that to Config.pm and
configure the the connection to your needs.
A few lines below that there is a configuration starting with
"AuthSyncModule::LDAP::UserSyncRolesDefinition", this is used to define
which Role shall be assigned to an authenticated Agent based on the AD
Group DN and based on the Agents memberships.
I hope that helps .....
((enjoy))
Nils Leideck
Good afternoon, Nils -
I sincerely appreciate your reply, and it did help, thanks.
I think I was confused on the subsequent AuthModule::LDAP::AccessAttr,
which did not seem to work as I had expected it to. I eventually got it
working, but I think that it led me in the wrong direction when dealing
with AuthModule::LDAP::GroupDN
Thanks
-dant
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/
