On Tue, Apr 3, 2012 at 2:13 AM, Sune T. Tougaard <[email protected]>wrote:
> How about ”just” adding yet another customer authentication (and data) > backend pointing at the child domain?**** > > ** ** > > http://doc.otrs.org/3.1/en/html/auth-backends.html#customer-auth-backends* > *** > > > http://doc.otrs.org/3.1/en/html/customer-user-backend.html#multiple-customer-backends > **** > > ** ** > > -- > Thanks for the links. After reading those docs I had a better a idea of what I should be searching for and found this: http://faq.otrs.org/otrs/public.pl?Action=PublicFAQZoom;ItemID=219 Now I have users and agents working for parent and child domain. Only issue is that if a username is in both domains it will give me problems. Using userPrincipalName instead of sAMAccount should help with this but it seems it needs the username in the format username@domain so It might confuse users a little. Our emails are different from user@domain and the closest thing they know besides their email is the occasional domain\username. Going to try to set it to log in using the users email address as it will be more "natural" How does the sysconfig page work now that there are a "duplicate" sections ? config section: ------------------------------------------------------------ #LDAP1 START $Self->{'AuthModule1'} = 'Kernel::System::Auth::LDAP'; $Self->{'AuthModule::LDAP::Host1'} = '192.168.0.1'; $Self->{'AuthModule::LDAP::BaseDN1'} = 'dc=parentdomain, dc=com'; $Self->{'AuthModule::LDAP::UID1'} = 'sAMAccountName'; $Self->{'AuthModule::LDAP::SearchUserDN1'} = 'cn=bind user,ou=Users,dc=parentdomain,dc=com'; $Self->{'AuthModule::LDAP::SearchUserPw1'} = 'password'; $Self->{'Customer::AuthModule1'} = 'Kernel::System::CustomerAuth::LDAP'; $Self->{'Customer::AuthModule::LDAP::Host1'} = '192.168.0.1'; $Self->{'Customer::AuthModule::LDAP::BaseDN1'} = 'dc=parentdomain, dc=com'; $Self->{'Customer::AuthModule::LDAP::UID1'} = 'sAMAccountName'; $Self->{'Customer::AuthModule::LDAP::SearchUserDN1'} = 'cn=bind user,ou=Users,dc=parentdomain,dc=com'; $Self->{'Customer::AuthModule::LDAP::SearchUserPw1'} = 'password'; $Self->{CustomerUser1} = { Module => 'Kernel::System::CustomerUser::LDAP', Params => { Host => '192.168.0.1', BaseDN => 'dc=parentdomain, dc=com', SSCOPE => 'sub', UserDN => 'cn=bind user,ou=Users,dc=parentdomain,dc=com', UserPw => 'password', }, CustomerKey => 'sAMAccountName', CustomerID => 'mail', # CustomerID => 'o', CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'], CustomerUserPostMasterSearchFields => ['mail'], CustomerUserNameFields => ['givenname', 'sn'], Map => [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown, required, storage-type # [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ], [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ], [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ], [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ], # [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ], # [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ], # [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ], ], }; # Check if the user is allowed to auth in a posixGroup # (e. g. user needs to be in a group OTRS_Agents to use otrs) $Self->{'AuthModule::LDAP::GroupDN1'} = 'cn=helpdesk_agents,ou=Security Groups,ou=Groups,dc=parentdomain,dc=com'; $Self->{'AuthModule::LDAP::AccessAttr1'} = 'member'; $Self->{'AuthModule::LDAP::UserAttr1'} = 'DN'; # Now sync data with OTRS DB $Self->{'AuthSyncModule1'} = 'Kernel::System::Auth::Sync::LDAP'; $Self->{'AuthSyncModule::LDAP::Host1'} = '192.168.0.1'; $Self->{'AuthSyncModule::LDAP::BaseDN1'} = 'dc=parentdomain, dc=com'; $Self->{'AuthSyncModule::LDAP::UID1'} = 'sAMAccountName'; $Self->{'AuthSyncModule::LDAP::SearchUserDN1'} = 'cn=bind user,ou=Users,dc=parentdomain,dc=com'; $Self->{'AuthSyncModule::LDAP::SearchUserPw1'} = 'password'; $Self->{'AuthSyncModule::LDAP::UserSyncMap1'} = { # DB -> LDAP UserFirstname => 'givenName', UserLastname => 'sn', UserEmail => 'mail', }; # AuthSyncModule::LDAP::UserSyncInitialGroups # (sync following group with rw permission after initial create of first agent # login) $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups1'} = [ 'users', ]; #LDAP1 END #LDAP2 START $Self->{'AuthModule2'} = 'Kernel::System::Auth::LDAP'; $Self->{'AuthModule::LDAP::Host2'} = '192.168.0.2'; $Self->{'AuthModule::LDAP::BaseDN2'} = 'dc=childdomain,dc=parentdomain, dc=com'; $Self->{'AuthModule::LDAP::UID2'} = 'sAMAccountName'; $Self->{'AuthModule::LDAP::SearchUserDN2'} = 'cn=bind user,ou=Users,dc=childdomain,dc=parentdomain,dc=com'; $Self->{'AuthModule::LDAP::SearchUserPw2'} = 'password'; $Self->{'Customer::AuthModule2'} = 'Kernel::System::CustomerAuth::LDAP'; $Self->{'Customer::AuthModule::LDAP::Host2'} = '192.168.0.2'; $Self->{'Customer::AuthModule::LDAP::BaseDN2'} = 'dc=childdomain,dc=parentdomain, dc=com'; $Self->{'Customer::AuthModule::LDAP::UID2'} = 'sAMAccountName'; $Self->{'Customer::AuthModule::LDAP::SearchUserDN2'} = 'cn=bind user,ou=Users,dc=childdomain,dc=parentdomain,dc=com'; $Self->{'Customer::AuthModule::LDAP::SearchUserPw2'} = 'password'; $Self->{CustomerUser2} = { Module => 'Kernel::System::CustomerUser::LDAP', Params => { Host => '192.168.0.2', Port => '3268', BaseDN => 'dc=childdomain,dc=parentdomain, dc=com', SSCOPE => 'sub', UserDN => 'cn=bind user,ou=Users,dc=childdomain,dc=parentdomain,dc=com', UserPw => 'password', }, CustomerKey => 'sAMAccountName', CustomerID => 'mail', # CustomerID => 'o', CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'], CustomerUserPostMasterSearchFields => ['mail'], CustomerUserNameFields => ['givenname', 'sn'], Map => [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown, required, storage-type # [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ], [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ], [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ], [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ], # [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ], # [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ], # [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ], ], }; # Check if the user is allowed to auth in a posixGroup # (e. g. user needs to be in a group OTRS_Agents to use otrs) #$Self->{'AuthModule::LDAP::GroupDN2'} = 'cn=helpdesk_agents,ou=Security Groups,ou=FP_Groups,dc=parentdomain,dc=com'; $Self->{'AuthModule::LDAP::GroupDN2'} = 'cn=helpdesk_agents,ou=FP_Groups,dc=childdomain,dc=parentdomain,dc=com'; $Self->{'AuthModule::LDAP::AccessAttr2'} = 'member'; $Self->{'AuthModule::LDAP::UserAttr2'} = 'DN'; # Now sync data with OTRS DB $Self->{'AuthSyncModule2'} = 'Kernel::System::Auth::Sync::LDAP'; $Self->{'AuthSyncModule::LDAP::Host2'} = '192.168.0.2'; $Self->{'AuthSyncModule::LDAP::BaseDN2'} = 'dc=childdomain,dc=parentdomain, dc=com'; $Self->{'AuthSyncModule::LDAP::UID2'} = 'sAMAccountName'; $Self->{'AuthSyncModule::LDAP::SearchUserDN2'} = 'cn=bind user,ou=Users,dc=childdomain,dc=parentdomain,dc=com'; $Self->{'AuthSyncModule::LDAP::SearchUserPw2'} = 'password'; $Self->{'AuthSyncModule::LDAP::UserSyncMap2'} = { # DB -> LDAP UserFirstname => 'givenName', UserLastname => 'sn', UserEmail => 'mail', }; # AuthSyncModule::LDAP::UserSyncInitialGroups # (sync following group with rw permission after initial create of first agent # login) $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups2'} = [ 'users', ]; #LDAP2 END # 3rd backend, internal OTRS DB $Self->{'AuthModule3'} = 'Kernel::System::Auth::DB'; $Self->{'AuthModule::DB::CryptType3'} = 'crypt'; ------------------------------------------------------------
--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
