Dear All,
I have otrs 2.4.9 installed on Ubuntu 10.04.
I'd like to authenticate my customers using Active Directory installed
on Windows 2003.
I read a couple of templates as well as the admin manual but I failed
so far.
Any help will be much appreciated.
--My config.pm
package Kernel::Config;
sub Load {
my $Self = shift;
# ---------------------------------------------------- #
# database settings #
# ---------------------------------------------------- #
$Self->{'Database'} = 'otrs';
$Self->{'DatabaseUser'} = 'otrs';
$Self->{'DatabasePw'} = 'xxxxxxxxxxx';
$Self->{DatabaseDSN} =
"DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost};";
$Self->{Home} = '/opt/otrs';
# --------------------------------------------------- #
# customer authentication settings #
# (enable what you need, auth against otrs db, #
# against a LDAP directory, against HTTP basic #
# authentication and against Radius server) #
# --------------------------------------------------- #
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = '172.18.20.2';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=mydomain,dc=local';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group xyz to use otrs)
$Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'cn=Domain Users,ou=Old
Groups,ou=Somkhele,dc=mydomain,dc=local';
$Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
# for non ldap posixGroups objectclass (full user dn)
$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN';
# The following is valid but would only be necessary if the
# anonymous user do NOT have permission to read from the LDAP tree
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} =
'cn=helpdesk,ou=Service_accounts,ou=global,dc=mydomain,dc=local';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'xxxxxxxxxxxxx';
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter =>
'(objectclass=user)'
$Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '';
# in case you want to add a suffix to each customer login name, then
# you can use this option. e. g. user just want to use user but
# in your ldap directory exists u...@domain.
# $Self->{'Customer::AuthModule::LDAP::UserSuffix'} = '@domain.com';
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'Customer::AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
# CustomerUser
# (customer user ldap backend and settings)
$Self->{CustomerUser} = {
Name => 'LDAP Backend',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
# ldap host
Host => '172.18.20.2',
# ldap base dn
BaseDN => 'ou=,o=csuh',
# search scope (one|sub)
SSCOPE => 'sub',
# The following is valid but would only be necessary if the
# anonymous user does NOT have permission to read from the LDAP tree
UserDN =>
'cn=help_desk,ou=Service_accounts,ou=global,dc=mydomain,dc=local',
UserPw => 'xxxxxxxxxx',
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter =>
'(objectclass=user)'
AlwaysFilter => '',
# if your frontend is e. g. iso-8859-1 and the charset of your
# ldap server is utf-8, use this options (if not, ignore it)
# # die if backend can't work, e. g. can't connect to server
# Die => 1,
# Net::LDAP new params (if needed - for more info see perldoc
Net::LDAP)
Params => {
port => 389,
timeout => 120,
async => 0,
version => 3,
},
},
# customer uniq id
CustomerKey => 'sAMAccountName',
# customer #
CustomerID => 'sAMAccountName',
CustomerUserListFields => ['cn', 'sAMAccountName'],
CustomerUserSearchFields => ['uid', 'cn', 'sAMAccountName'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['sAMAccountName'],
CustomerUserNameFields => ['givenname', 'sn'],
# show not own tickets in customer panel, CompanyTickets
CustomerUserExcludePrimaryCustomerID => 0,
# add a ldap filter for valid users (expert setting)
# CustomerUserValidFilter => '(!(description=gesperrt))',
# admin can't change customer preferences
AdminSetPreferences => 0,
# cache time to life in sec. - cache any ldap queris
CacheTTL => 0,
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown (1=always,2=lite), required,
storage-type, http-link, readonly
[ 'UserSalutation', 'Title', 'title', 1, 0, 'var',
'', 0 ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var',
'', 0 ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var',
'', 0 ],
[ 'UserLogin', 'Username', 'uid', 1, 1, 'var',
'', 0 ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var',
'', 0 ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var',
'', 0 ],
# [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1, 0,
'var', '', 0 ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var',
'', 0 ],
[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var',
'', 0 ],
[ 'UserComment', 'Comment', 'description', 1, 0, 'var',
'', 0 ],
],
};
# ---------------------------------------------------- #
# data inserted by installer #
# ---------------------------------------------------- #
# $DIBI$
$Self->{'SystemID'} = 10;
$Self->{'SecureMode'} = 1;
$Self->{'Organization'} = '';
$Self->{'LogModule::LogFile'} = '/tmp/otrs.log';
$Self->{'LogModule'} = 'Kernel::System::Log::SysLog';
$Self->{'FQDN'} = 'acs-help01.mydomain.local';
$Self->{'DefaultLanguage'} = 'en';
$Self->{'AdminEmail'} = '[email protected]';
$Self->{'DefaultCharset'} = 'utf-8';
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# #
# End of your own config options!!! #
# #
# ---------------------------------------------------- #
# ---------------------------------------------------- #
}
# ---------------------------------------------------- #
# needed system stuff (don't edit this) #
# ---------------------------------------------------- #
use strict;
use warnings;
use vars qw(@ISA $VERSION);
use Kernel::Config::Defaults;
push (@ISA, 'Kernel::Config::Defaults');
use vars qw(@ISA $VERSION);
$VERSION = qw($Revision: 1.21 $)[1];
# -----------------------------------------------------#
1;
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
