[otrs] LDAP customer information
610 views
Skip to first unread message
Simon Allison
May 13, 2013, 5:32:30 AM5/13/13
to ot...@otrs.org
Hi All,
I have setup LDAP and all works fine, but the customer information is not working .
The link below is where I get page cannot be displayed.
http://server/otrs/index.pl?Action=AdminCustomerUser;Nav=Agent
Also when we create tickets the LDAP customer information is not populated when creating a ticket.
Anything we can check?
Simon Allison
IT Services
South Downs College
**********************************************************************
This message may contain privileged and confidential information.
It is intended solely for the person to whom it is addressed.
If you are not the intended recipient, please notify the sender and delete the message immediately.
The text in this e-mail and any attachments should not be altered or tampered with in any way.
Any views expressed in this message are those of the individual sender and do not necessarily
reflect the views of South Downs College.
**********************************************************************
Gerald Young
May 13, 2013, 8:12:24 AM5/13/13
to User questions and discussions about OTRS.
It's working exactly the way you configured it.
You have multiple issues to resolve, and they may or may not be related, but I'd hazard a guess that you'd also have some diagnostic information in logs that represents the issues you're experiencing.
Also, I'd recommend creating a forum post with a redacted version of your Config.pm because you will be able to edit it vs permanency of mailing list.
To answer your question: Yes. Check logs and Config.pm. To answer the next question: "What should we be looking for?": Bad entries. "Exactly what?" Don't really know. You didn't provide enough information.
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Simon Allison
May 14, 2013, 6:16:24 AM5/14/13
to ot...@otrs.org
Hi Gerald,
Sorry I forgot to send this yesterday, here is a copy of the config.pm (obvious bits removed)
Simon
# --
# Kernel/Config.pm - Config file for OTRS kernel
# Copyright (C) 2001-2012 OTRS AG, http://otrs.org/
# --
# $Id: Config.pm.dist,v 1.27 2012/11/20 14:26:12 mh Exp $
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (AGPL). If you
# did not receive this file, see http://www.gnu.org/licenses/agpl.txt.
# --
# Note:
#
# -->> OTRS does have a lot of config settings. For more settings
# (Notifications, Ticket::ViewAccelerator, Ticket::NumberGenerator,
# LDAP, PostMaster, Session, Preferences, ...) see
# Kernel/Config/Defaults.pm and copy your wanted lines into "this"
# config file. This file will not be changed on update!
#
# --
package Kernel::Config;
use utf8;
sub Load {
my $Self = shift;
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# #
# Start of your own config options!!! #
# #
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# database settings #
# ---------------------------------------------------- #
# DatabaseHost
# (The database host.)
$Self->{'DatabaseHost'} = 'localhost';
# Database
# (The database name.)
$Self->{'Database'} = 'otrs';
# DatabaseUser
# (The database user.)
$Self->{'DatabaseUser'} = 'otrs';
# DatabasePw
# (The password of database user. You also can use bin/otrs.CryptPassword.pl
# for crypted passwords.)
$Self->{'DatabasePw'} = '';
# DatabaseDSN
# (The database DSN for MySQL ==> more: "man DBD::mysql")
$Self->{DatabaseDSN} = "DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost};";
# (The database DSN for PostgreSQL ==> more: "man DBD::Pg")
# if you want to use a local socket connection
# $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};";
# if you want to use a tcpip connection
# $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};host=$Self->{DatabaseHost};";
# if you have PostgresSQL 8.1 or earlier, activate the legacy driver with this line:
# $Self->{DatabasePostgresqlBefore82} = 1;
# ---------------------------------------------------- #
# fs root directory
# ---------------------------------------------------- #
$Self->{Home} = 'C:/PROGRA~1/OTRS/OTRS';
# ---------------------------------------------------- #
# insert your own config settings "here" #
# config settings taken from Kernel/Config/Defaults.pm #
# ---------------------------------------------------- #
# $Self->{SessionUseCookie} = 0;
# $Self->{CheckMXRecord} = 0;
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# data inserted by installer #
# ---------------------------------------------------- #
$Self->{LogModule} = 'Kernel::System::Log::File';
$Self->{LogModule::LogFile} = 'C:/PROGRA~1/OTRS/OTRS/var/log/otrs.log';
# ---------------------------------------------------- #
# LDAP Integration for .INTERNAL #
# ---------------------------------------------------- #
# Enable LDAP lookups for Agent logins. User must be a member of OTRS Agents group.
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = '';
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=,dc=internal';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'cn=otrs,cn=Users,dc=,dc=internal';
$Self->{'AuthModule::LDAP::SearchUserPw'} = '';
$Self->{'AuthModule::LDAP::AlwaysFilter'} = '(objectclass=user)';
$Self->{'AuthModule::LDAP::GroupDN'} = 'cn=OTRSAllow,ou=Admin Groups,dc=,dc=internal';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
# Enable LDAP lookups of Agent account informations and default roles.
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = '';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=,dc=internal';
$Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'cn=otrs,cn=Users,dc=,dc=internal';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = '';
$Self->{'AuthSyncModule::LDAP::AlwaysFilter'} = '(objectclass=user)';
$Self->{'AuthSyncModule::LDAP::GroupDN'} = 'cn=OTRSAllow,ou=Admin Groups,dc=,dc=internal';
$Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthSyncModule::LDAP::UserAttr'} = 'DN';
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
$Self->{'AuthSyncModule::LDAP::UserSyncRolesDefinition'} = {
'cn=OTRSAllow,cn=Admin Groups,dc=,dc=internal' => {
'Company Agents' => 1,
},
'cn=Domain Admins,cn=Users,dc=,dc=internal' => {
'Tech Support Agents' => 1,
}
};
# defines AuthSyncBackend (AuthSyncModule) for AuthModule
# if this key exists and is empty, there won't be a sync.
# example values: AuthSyncBackend, AuthSyncBackend2
$Self->{'AuthModule::UseSyncBackend'} = 'AuthSyncBackend';
# agent data sync against ldap
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = '';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=, dc=internal';
$Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'cn=otrs, cn=users, dc=, dc=internal';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = '';
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
# DB -> LDAP
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
# AuthSyncModule::LDAP::UserSyncInitialGroups
# (sync following group with rw permission after initial create of first agent
# login)
$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
'users',
];
# This is customer LDAP configuration for an LDAP auth. backend.
# (make sure Net::LDAP is installed!)
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = '';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=,dc=internal';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group xyz to use otrs)
$Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'OU=SDC,OU=Establishments,DC=,DC=INTERNAL';
$Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
# for ldap posixGroups objectclass (just uid)
#$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID';
# for non ldap posixGroups objectclass (full user dn)
$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN';
# The following is valid but would only be necessary if the
# anonymous user does NOT have permission to read from the LDAP tree
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=otrs,cn=Users,dc=,dc=internal';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = '';
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
$Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '(mail=*)';
# in case you want to add a suffix to each customer login name, then
# you can use this option. e. g. user just want to use user but
# in your ldap directory exists user@domain.
#$Self->{'Customer::AuthModule::LDAP::UserSuffix'} = '@.internal';
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'Customer::AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
# Enable LDAP lookups for Customer account information.
$Self->{CustomerUser} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => '',
BaseDN => 'dc=,dc=internal',
SSCOPE => 'sub',
UserDN => 'cn=otrs,cn=Users,dc=,dc=internal',
UserPw => '',
AlwaysFilter => '(objectclass=user)',
GroupDN => 'ou=SDC,ou=establishments,dc=,dc=internal',
# GroupDN => 'cn=OTRS Customers,cn=Users,dc=,dc=internal',
AccessAttr => 'member',
UserAttr => 'DN',
},
# customer uniq id
CustomerKey => 'sAMAccountName',
# customer #
CustomerID => 'mail',
CustomerUserListFields => ['givenname', 'sn', 'mail'],
CustomerUserSearchFields =>
['displayName','sAMAccountName','givenname', 'sn',
'mail','description'],
CustomerUserPostMasterSearchFields =>
['displayName','sAMAccountName','givenname','sn','mail','description'],
CustomerUserNameFields => ['givenname', 'sn'],
# show not own tickets in customer panel, CompanyTickets
CustomerUserExcludePrimaryCustomerID => 0,
# add an ldap filter for valid users (expert setting)
# CustomerUserValidFilter => '(!(description=locked))',
# administrator can't change customer preferences
AdminSetPreferences => 0,
# # cache time to live in sec. - cache any database queries
#CacheTTL => 0,
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
#[ 'UserCustomerIDs', 'CustomerIDs', 'wWWHomePage', 1, 0, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
# CustomerKey => 'sAMAccountName',
# CustomerID => 'mail',
# CustomerUserListFields => ['sAMAccountName', 'sn', 'givenname', 'company', 'mail'],
# CustomerUserSearchFields => ['sAMAccountName', 'sn', 'givenname', 'company', 'mail'],
# CustomerUserPostMasterSearchFields => ['displayName','mail'],
# CustomerUserNameFields => ['givenname', 'sn'],
# Map => [
# [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
# [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
# [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
# [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
# [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
# [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
# [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
# [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
# [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
# ],
# };
# Customer single sign on
#$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::HTTPBasicAuth';
# This is an example configuration for an apache ($ENV{REMOTE_USER})
# auth. backend. Use it if you want to have a single login through
# apache http-basic-auth
#$Self->{'AuthModule'} = 'Kernel::System::Auth::HTTPBasicAuth';
#$Self->{'AuthModule::HTTPBasicAuth::Replace'} = '\\';
# Note:
#
# If you use this module, you should use as fallback
# the following configuration settings if the user is not authorized
# apache ($ENV{REMOTE_USER})
#$Self->{LoginURL} = 'http:///otrs/not-authorised-for-otrs.html';
#$Self->{LogoutURL} = 'http:///otrs/thanks-for-using-otrs.html';
# $DIBI$
# --------------------------------------------------- #
# #
# Start of config options!!! #
# CustomerUser stuff #
# #
# --------------------------------------------------- #
# CustomerUser
# (customer user database backend and settings)
# $Self->{CustomerUser} = {
# Name => 'Database Backend',
# Module => 'Kernel::System::CustomerUser::DB',
# Params => {
# if you want to use an external database, add the
# required settings
# DSN => 'DBI:odbc:yourdsn',
# DSN => 'DBI:mysql:database=customerdb;host=customerdbhost',
# User => '',
# Password => '',
# Table => 'customer_user',
# if your frontend is unicode and the charset of your
# customer database server is iso-8859-1, use these options.
# SourceCharset => 'iso-8859-1',
# DestCharset => 'utf-8',
# CaseSensitive will control if the SQL statements need LOWER()
# function calls to work case insensitively. Setting this to
# 1 will improve performance dramatically on large databases.
# CaseSensitive => 0,
# },
# customer unique id
# CustomerKey => 'login',
# customer #
# CustomerID => 'customer_id',
# CustomerValid => 'valid_id',
# CustomerUserListFields => [ 'first_name', 'last_name', 'email' ],
# CustomerUserListFields => ['login', 'first_name', 'last_name', 'customer_id', 'email'],
# CustomerUserSearchFields => [ 'login', 'first_name', 'last_name', 'customer_id' ],
# CustomerUserSearchPrefix => '*',
# CustomerUserSearchSuffix => '*',
# CustomerUserSearchListLimit => 250,
# CustomerUserPostMasterSearchFields => ['email'],
# CustomerUserNameFields => [ 'title', 'first_name', 'last_name' ],
# CustomerUserEmailUniqCheck => 1,
# # show now own tickets in customer panel, CompanyTickets
# CustomerUserExcludePrimaryCustomerID => 0,
# # generate auto logins
# AutoLoginCreation => 0,
# # generate auto login prefix
# AutoLoginCreationPrefix => 'auto',
# # admin can change customer preferences
# AdminSetPreferences => 1,
# # use customer company support (reference to company, See CustomerCompany settings)
# CustomerCompanySupport => 1,
# cache time to live in sec. - cache any database queries
# CacheTTL => 60 * 60 * 24,
# # just a read only source
# ReadOnly => 1,
#Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly, http-link-target, link class(es)
# [ 'UserTitle', 'Title', 'title', 1, 0, 'var', '', 0 ],
# [ 'UserFirstname', 'Firstname', 'first_name', 1, 1, 'var', '', 0 ],
# [ 'UserLastname', 'Lastname', 'last_name', 1, 1, 'var', '', 0 ],
# [ 'UserLogin', 'Username', 'login', 1, 1, 'var', '', 0 ],
# [ 'UserPassword', 'Password', 'pw', 0, 0, 'var', '', 0 ],
# [ 'UserEmail', 'Email', 'email', 1, 1, 'var', '', 0 ],
# [ 'UserEmail', 'Email', 'email', 1, 1, 'var', '$Env{"CGIHandle"}?Action=AgentTicketCompose;ResponseID=1;TicketID=$Data{"TicketID"};ArticleID=$Data{"ArticleID"}', 0, '', 'AsPopup OTRSPopup_TicketAction' ],
# [ 'UserCustomerID', 'CustomerID', 'customer_id', 0, 1, 'var', '', 0 ],
# [ 'UserCustomerIDs', 'CustomerIDs', 'customer_ids', 1, 0, 'var', '', 0 ],
# [ 'UserPhone', 'Phone', 'phone', 1, 0, 'var', '', 0 ],
# [ 'UserFax', 'Fax', 'fax', 1, 0, 'var', '', 0 ],
# [ 'UserMobile', 'Mobile', 'mobile', 1, 0, 'var', '', 0 ],
#[ 'UserRoom', 'Room', 'room', 1, 0, 'var', '', 0 ],
#[ 'UserExtNo', 'ExtNo', 'ExtNo', 1, 0, 'var', '', 0 ],
# [ 'UserStreet', 'Street', 'street', 1, 0, 'var', '', 0 ],
# [ 'UserZip', 'Zip', 'zip', 1, 0, 'var', '', 0 ],
#[ 'UserCity', 'City', 'city', 1, 0, 'var', '', 0 ],
#[ 'UserCountry', 'Country', 'country', 1, 0, 'var', '', 0 ],
#[ 'UserComment', 'Comment', 'comments', 1, 0, 'var', '', 0 ],
#[ 'ValidID', 'Valid', 'valid_id', 0, 1, 'int', '', 0 ],
# ],
# default selections
#Selections => {
# UserTitle => {
# 'Mr.' => 'Mr.',
# 'Mrs.' => 'Mrs.',
# },
#},
# };
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# #
# End of your own config options!!! #
# #
# ---------------------------------------------------- #
# ---------------------------------------------------- #
}
# ---------------------------------------------------- #
# needed system stuff (don't edit this) #
# ---------------------------------------------------- #
use strict;
use warnings;
use vars qw(@ISA $VERSION);
$VERSION = qw($Revision: 1.27 $)[1];
use Kernel::Config::Defaults;
push (@ISA, 'Kernel::Config::Defaults');
# -----------------------------------------------------#
1;
Sorry I forgot to send this yesterday, here is a copy of the config.pm (obvious bits removed)
Simon
# --
# Kernel/Config.pm - Config file for OTRS kernel
# Copyright (C) 2001-2012 OTRS AG, http://otrs.org/
# --
# $Id: Config.pm.dist,v 1.27 2012/11/20 14:26:12 mh Exp $
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (AGPL). If you
# did not receive this file, see http://www.gnu.org/licenses/agpl.txt.
# --
# Note:
#
# -->> OTRS does have a lot of config settings. For more settings
# (Notifications, Ticket::ViewAccelerator, Ticket::NumberGenerator,
# LDAP, PostMaster, Session, Preferences, ...) see
# Kernel/Config/Defaults.pm and copy your wanted lines into "this"
# config file. This file will not be changed on update!
#
# --
package Kernel::Config;
use utf8;
sub Load {
my $Self = shift;
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# #
# Start of your own config options!!! #
# #
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# database settings #
# ---------------------------------------------------- #
# DatabaseHost
# (The database host.)
$Self->{'DatabaseHost'} = 'localhost';
# Database
# (The database name.)
$Self->{'Database'} = 'otrs';
# DatabaseUser
# (The database user.)
$Self->{'DatabaseUser'} = 'otrs';
# DatabasePw
# (The password of database user. You also can use bin/otrs.CryptPassword.pl
# for crypted passwords.)
$Self->{'DatabasePw'} = '';
# DatabaseDSN
# (The database DSN for MySQL ==> more: "man DBD::mysql")
$Self->{DatabaseDSN} = "DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost};";
# (The database DSN for PostgreSQL ==> more: "man DBD::Pg")
# if you want to use a local socket connection
# $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};";
# if you want to use a tcpip connection
# $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};host=$Self->{DatabaseHost};";
# if you have PostgresSQL 8.1 or earlier, activate the legacy driver with this line:
# $Self->{DatabasePostgresqlBefore82} = 1;
# ---------------------------------------------------- #
# fs root directory
# ---------------------------------------------------- #
$Self->{Home} = 'C:/PROGRA~1/OTRS/OTRS';
# ---------------------------------------------------- #
# insert your own config settings "here" #
# config settings taken from Kernel/Config/Defaults.pm #
# ---------------------------------------------------- #
# $Self->{SessionUseCookie} = 0;
# $Self->{CheckMXRecord} = 0;
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# data inserted by installer #
# ---------------------------------------------------- #
$Self->{LogModule} = 'Kernel::System::Log::File';
$Self->{LogModule::LogFile} = 'C:/PROGRA~1/OTRS/OTRS/var/log/otrs.log';
# ---------------------------------------------------- #
# LDAP Integration for .INTERNAL #
# ---------------------------------------------------- #
# Enable LDAP lookups for Agent logins. User must be a member of OTRS Agents group.
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = '';
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=,dc=internal';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'cn=otrs,cn=Users,dc=,dc=internal';
$Self->{'AuthModule::LDAP::SearchUserPw'} = '';
$Self->{'AuthModule::LDAP::AlwaysFilter'} = '(objectclass=user)';
$Self->{'AuthModule::LDAP::GroupDN'} = 'cn=OTRSAllow,ou=Admin Groups,dc=,dc=internal';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
# Enable LDAP lookups of Agent account informations and default roles.
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = '';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=,dc=internal';
$Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'cn=otrs,cn=Users,dc=,dc=internal';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = '';
$Self->{'AuthSyncModule::LDAP::AlwaysFilter'} = '(objectclass=user)';
$Self->{'AuthSyncModule::LDAP::GroupDN'} = 'cn=OTRSAllow,ou=Admin Groups,dc=,dc=internal';
$Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthSyncModule::LDAP::UserAttr'} = 'DN';
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
$Self->{'AuthSyncModule::LDAP::UserSyncRolesDefinition'} = {
'cn=OTRSAllow,cn=Admin Groups,dc=,dc=internal' => {
'Company Agents' => 1,
},
'cn=Domain Admins,cn=Users,dc=,dc=internal' => {
'Tech Support Agents' => 1,
}
};
# defines AuthSyncBackend (AuthSyncModule) for AuthModule
# if this key exists and is empty, there won't be a sync.
# example values: AuthSyncBackend, AuthSyncBackend2
$Self->{'AuthModule::UseSyncBackend'} = 'AuthSyncBackend';
# agent data sync against ldap
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = '';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=, dc=internal';
$Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'cn=otrs, cn=users, dc=, dc=internal';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = '';
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
# DB -> LDAP
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
# AuthSyncModule::LDAP::UserSyncInitialGroups
# (sync following group with rw permission after initial create of first agent
# login)
$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
'users',
];
# This is customer LDAP configuration for an LDAP auth. backend.
# (make sure Net::LDAP is installed!)
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = '';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=,dc=internal';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group xyz to use otrs)
$Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'OU=SDC,OU=Establishments,DC=,DC=INTERNAL';
$Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
# for ldap posixGroups objectclass (just uid)
#$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID';
# for non ldap posixGroups objectclass (full user dn)
$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN';
# The following is valid but would only be necessary if the
# anonymous user does NOT have permission to read from the LDAP tree
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=otrs,cn=Users,dc=,dc=internal';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = '';
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
$Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '(mail=*)';
# in case you want to add a suffix to each customer login name, then
# you can use this option. e. g. user just want to use user but
# in your ldap directory exists user@domain.
#$Self->{'Customer::AuthModule::LDAP::UserSuffix'} = '@.internal';
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'Customer::AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
# Enable LDAP lookups for Customer account information.
$Self->{CustomerUser} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => '',
BaseDN => 'dc=,dc=internal',
SSCOPE => 'sub',
UserDN => 'cn=otrs,cn=Users,dc=,dc=internal',
UserPw => '',
AlwaysFilter => '(objectclass=user)',
GroupDN => 'ou=SDC,ou=establishments,dc=,dc=internal',
# GroupDN => 'cn=OTRS Customers,cn=Users,dc=,dc=internal',
AccessAttr => 'member',
UserAttr => 'DN',
},
# customer uniq id
CustomerKey => 'sAMAccountName',
# customer #
CustomerID => 'mail',
CustomerUserListFields => ['givenname', 'sn', 'mail'],
CustomerUserSearchFields =>
['displayName','sAMAccountName','givenname', 'sn',
'mail','description'],
CustomerUserPostMasterSearchFields =>
['displayName','sAMAccountName','givenname','sn','mail','description'],
CustomerUserNameFields => ['givenname', 'sn'],
# show not own tickets in customer panel, CompanyTickets
CustomerUserExcludePrimaryCustomerID => 0,
# add an ldap filter for valid users (expert setting)
# CustomerUserValidFilter => '(!(description=locked))',
# administrator can't change customer preferences
AdminSetPreferences => 0,
# # cache time to live in sec. - cache any database queries
#CacheTTL => 0,
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
#[ 'UserCustomerIDs', 'CustomerIDs', 'wWWHomePage', 1, 0, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
# CustomerKey => 'sAMAccountName',
# CustomerID => 'mail',
# CustomerUserListFields => ['sAMAccountName', 'sn', 'givenname', 'company', 'mail'],
# CustomerUserSearchFields => ['sAMAccountName', 'sn', 'givenname', 'company', 'mail'],
# CustomerUserPostMasterSearchFields => ['displayName','mail'],
# CustomerUserNameFields => ['givenname', 'sn'],
# Map => [
# [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
# [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
# [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
# [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
# [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
# [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
# [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
# [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
# [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
# ],
# };
# Customer single sign on
#$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::HTTPBasicAuth';
# This is an example configuration for an apache ($ENV{REMOTE_USER})
# auth. backend. Use it if you want to have a single login through
# apache http-basic-auth
#$Self->{'AuthModule'} = 'Kernel::System::Auth::HTTPBasicAuth';
#$Self->{'AuthModule::HTTPBasicAuth::Replace'} = '\\';
# Note:
#
# If you use this module, you should use as fallback
# the following configuration settings if the user is not authorized
# apache ($ENV{REMOTE_USER})
#$Self->{LoginURL} = 'http:///otrs/not-authorised-for-otrs.html';
#$Self->{LogoutURL} = 'http:///otrs/thanks-for-using-otrs.html';
# $DIBI$
# --------------------------------------------------- #
# #
# Start of config options!!! #
# CustomerUser stuff #
# #
# --------------------------------------------------- #
# CustomerUser
# (customer user database backend and settings)
# $Self->{CustomerUser} = {
# Name => 'Database Backend',
# Module => 'Kernel::System::CustomerUser::DB',
# Params => {
# if you want to use an external database, add the
# required settings
# DSN => 'DBI:odbc:yourdsn',
# DSN => 'DBI:mysql:database=customerdb;host=customerdbhost',
# User => '',
# Password => '',
# Table => 'customer_user',
# if your frontend is unicode and the charset of your
# customer database server is iso-8859-1, use these options.
# SourceCharset => 'iso-8859-1',
# DestCharset => 'utf-8',
# CaseSensitive will control if the SQL statements need LOWER()
# function calls to work case insensitively. Setting this to
# 1 will improve performance dramatically on large databases.
# CaseSensitive => 0,
# },
# customer unique id
# CustomerKey => 'login',
# customer #
# CustomerID => 'customer_id',
# CustomerValid => 'valid_id',
# CustomerUserListFields => [ 'first_name', 'last_name', 'email' ],
# CustomerUserListFields => ['login', 'first_name', 'last_name', 'customer_id', 'email'],
# CustomerUserSearchFields => [ 'login', 'first_name', 'last_name', 'customer_id' ],
# CustomerUserSearchPrefix => '*',
# CustomerUserSearchSuffix => '*',
# CustomerUserSearchListLimit => 250,
# CustomerUserPostMasterSearchFields => ['email'],
# CustomerUserNameFields => [ 'title', 'first_name', 'last_name' ],
# CustomerUserEmailUniqCheck => 1,
# # show now own tickets in customer panel, CompanyTickets
# CustomerUserExcludePrimaryCustomerID => 0,
# # generate auto logins
# AutoLoginCreation => 0,
# # generate auto login prefix
# AutoLoginCreationPrefix => 'auto',
# # admin can change customer preferences
# AdminSetPreferences => 1,
# # use customer company support (reference to company, See CustomerCompany settings)
# CustomerCompanySupport => 1,
# cache time to live in sec. - cache any database queries
# CacheTTL => 60 * 60 * 24,
# # just a read only source
# ReadOnly => 1,
#Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly, http-link-target, link class(es)
# [ 'UserTitle', 'Title', 'title', 1, 0, 'var', '', 0 ],
# [ 'UserFirstname', 'Firstname', 'first_name', 1, 1, 'var', '', 0 ],
# [ 'UserLastname', 'Lastname', 'last_name', 1, 1, 'var', '', 0 ],
# [ 'UserLogin', 'Username', 'login', 1, 1, 'var', '', 0 ],
# [ 'UserPassword', 'Password', 'pw', 0, 0, 'var', '', 0 ],
# [ 'UserEmail', 'Email', 'email', 1, 1, 'var', '', 0 ],
# [ 'UserEmail', 'Email', 'email', 1, 1, 'var', '$Env{"CGIHandle"}?Action=AgentTicketCompose;ResponseID=1;TicketID=$Data{"TicketID"};ArticleID=$Data{"ArticleID"}', 0, '', 'AsPopup OTRSPopup_TicketAction' ],
# [ 'UserCustomerID', 'CustomerID', 'customer_id', 0, 1, 'var', '', 0 ],
# [ 'UserCustomerIDs', 'CustomerIDs', 'customer_ids', 1, 0, 'var', '', 0 ],
# [ 'UserPhone', 'Phone', 'phone', 1, 0, 'var', '', 0 ],
# [ 'UserFax', 'Fax', 'fax', 1, 0, 'var', '', 0 ],
# [ 'UserMobile', 'Mobile', 'mobile', 1, 0, 'var', '', 0 ],
#[ 'UserRoom', 'Room', 'room', 1, 0, 'var', '', 0 ],
#[ 'UserExtNo', 'ExtNo', 'ExtNo', 1, 0, 'var', '', 0 ],
# [ 'UserStreet', 'Street', 'street', 1, 0, 'var', '', 0 ],
# [ 'UserZip', 'Zip', 'zip', 1, 0, 'var', '', 0 ],
#[ 'UserCity', 'City', 'city', 1, 0, 'var', '', 0 ],
#[ 'UserCountry', 'Country', 'country', 1, 0, 'var', '', 0 ],
#[ 'UserComment', 'Comment', 'comments', 1, 0, 'var', '', 0 ],
#[ 'ValidID', 'Valid', 'valid_id', 0, 1, 'int', '', 0 ],
# ],
# default selections
#Selections => {
# UserTitle => {
# 'Mr.' => 'Mr.',
# 'Mrs.' => 'Mrs.',
# },
#},
# };
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# #
# End of your own config options!!! #
# #
# ---------------------------------------------------- #
# ---------------------------------------------------- #
}
# ---------------------------------------------------- #
# needed system stuff (don't edit this) #
# ---------------------------------------------------- #
use strict;
use warnings;
use vars qw(@ISA $VERSION);
$VERSION = qw($Revision: 1.27 $)[1];
use Kernel::Config::Defaults;
push (@ISA, 'Kernel::Config::Defaults');
# -----------------------------------------------------#
1;
Gerald Young
May 14, 2013, 10:19:26 AM5/14/13
to User questions and discussions about OTRS.
half of that post is commented out, so it's a bit difficult to address your issue specifically. Next time, please consider removing large chunks of commented sections when posting. What do the logs say? Especially, otrs.log or apache error.log or what version of OTRS, what operating system is it installed on, etc.
The general "feel" of the answer is that you have a problem in CustomerUser. Specifically, you may have too strict of a filter or improper GroupDN.
When you say,
the apache log probably can tell you more information.
Simon Allison
May 15, 2013, 10:03:17 AM5/15/13
to User questions and discussions about OTRS.
Sorry about that, I had commented out a lot of the config, as this is on windows.
Here is our system
OTRS 3.2.2
Windows 2003
Apache log shows :
Message: Sizelimit exceeded
RemoteAddress: 172.16.52.51
RequestURI: /otrs/index.pl?Action=AdminCustomerUser;Nav=Agent
Traceback (536):
Module: Kernel::System::CustomerUser::LDAP::CustomerSearch (v1.74) Line: 383
Module: Kernel::System::CustomerUser::CustomerSearch (v1.72) Line: 198
Module: Kernel::Modules::AdminCustomerUser::_Overview (v1.105) Line: 665
Module: Kernel::Modules::AdminCustomerUser::Run (v1.105) Line: 602
Module: Kernel::System::Web::InterfaceAgent::Run (v1.73) Line: 866
Module: ModPerl::ROOT::ModPerl::Registry::C_3a_Program_20Files_OTRS_OTRS_bin_cgi_2dbin_index_2epl::handler (unknown version) Line: 48
Module: (eval) (v1.94) Line: 204
Module: ModPerl::RegistryCooker::run (v1.94) Line: 204
Module: ModPerl::RegistryCooker::default_handler (v1.94) Line: 170
Module: ModPerl::Registry::handler (v1.99) Line: 31
Scalars leaked: 1
Scalars leaked: 1
Scalars leaked: 1
Scalars leaked: 1
Scalars
From: otrs-b...@otrs.org [mailto:otrs-b...@otrs.org]
On Behalf Of Gerald Young
Sent: 14 May 2013 15:19
To: User questions and discussions about OTRS.
Subject: Re: [otrs] LDAP customer information
half of that post is commented out, so it's a bit difficult to address your issue specifically. Next time, please consider removing large chunks of commented sections when posting. What do the logs say? Especially, otrs.log or apache error.log or what version of OTRS, what operating system is it installed on, etc.
The general "feel" of the answer is that you have a problem in CustomerUser. Specifically, you may have too strict of a filter or improper GroupDN.
When you say,
> The link below is where I get page cannot be displayed
the apache log probably can tell you more information.
On Tue, May 14, 2013 at 6:16 AM, Simon Allison <SPAl...@southdowns.ac.uk> wrote:
Hi Gerald,
Sorry I forgot to send this yesterday, here is a copy of the config.pm (obvious bits removed)
Simon
**********************************************************************
This message may contain privileged and confidential information.
It is intended solely for the person to whom it is addressed.
If you are not the intended recipient, please notify the sender and delete the message immediately.
Gerald Young
May 15, 2013, 10:09:15 AM5/15/13
to User questions and discussions about OTRS.
Simon Allison
May 17, 2013, 11:11:24 AM5/17/13
to User questions and discussions about OTRS.
Thanks for the information, I found the right information here:
http://forums.otterhub.org/viewtopic.php?f=61&t=19875
You were right about the groupDN – didn’t need it.
Simon
Reply all
Reply to author
Forward
0 new messages