[Julian Müller]

Guten Morgen,

OTOBO kann via LDAP Agenten und Kunden synchronisieren. Allerdings habe ich 2 Probleme mit meiner Konfiguration.

1. Werden Gruppen synchronisiert (Trotz AlwaysFilter => '(objectclass=user),  )
2. Wähle ich bestimmte User aus als Kunde eines neuen Tickets aus, so werden mir bereits offene Tickets angezeigt, die MIR als Agent zugewiesen sind, aber nichts mit dem Kunden zutun haben.

 

Das hier ist die gesamte LDAP Konfig:

###############################################################################################
# LDAP Anbindung Firma #
###############################################################################################

 

######################################
# Agenten Authentifizierungs-Backend #
######################################

$Self->{AuthModule} = ‘Kernel::System::Auth::LDAP’;
$Self->{‘AuthModule::LDAP::Host’} = ‘unwichtig’;
$Self->{‘AuthModule::LDAP::UID’} = ‘samaccountname’;
$Self->{‘AuthModule::LDAP::BaseDN’} = ‘unwichtig’;
$Self->{‘AuthModule::LDAP::GroupDN’} = ‘unwichtig’;
$Self->{‘AuthModule::LDAP::AccessAttr’} = ‘member’;
$Self->{‘AuthModule::LDAP::UserAttr’} = ‘DN’;
$Self->{‘AuthModule::LDAP::SearchUserDN’} = ‘unwichtig’;
$Self->{‘AuthModule::LDAP::SearchUserPw’} = ‘unwichtig’;

$Self->{‘AuthModule::LDAP::Params’} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};

#####################################
# Agenten Synchronisierungs-Backend #
#####################################

$Self->{AuthSyncModule} = ‘Kernel::System::Auth::Sync::LDAP’;
$Self->{‘AuthSyncModule::LDAP::Host’} = ‘unwichtig’;
$Self->{‘AuthSyncModule::LDAP::BaseDN’} = ‘unwichtig’;
$Self->{‘AuthSyncModule::LDAP::UID’} = ‘samaccountname’;

# The following is valid but would only be necessary if the
# anonymous user do NOT have permission to read from the LDAP tree
$Self->{‘AuthSyncModule::LDAP::SearchUserDN’} = ‘unwichtig’;
$Self->{‘AuthSyncModule::LDAP::SearchUserPw’} = ‘unwichtig’;

# AuthSyncModule::LDAP::UserSyncMap
# (map if agent should create/synced from LDAP to DB after successful login)
# you may specify LDAP-Fields as either
# * list, which will check each field. first existing will be picked ( [“givenName”,”cn”,”_empty”] )
# * name of an LDAP-Field (may return empty strings) (“givenName”)
# * fixed strings, prefixed with an underscore: “_test”, which will always return this fixed string
$Self->{‘AuthSyncModule::LDAP::UserSyncMap’} = {
# DB -> LDAP
UserFirstname => ‘givenName’,
UserLastname => ‘sn’,
UserEmail => ‘mail’,
};

###########################################
# Customer User LDAP Backend and Settings #
###########################################

# ————————————————— #
# CustomerUser LDAP Authentication Backend
# ————————————————— #
$Self->{‘Customer::AuthModule’} = ‘Kernel::System::CustomerAuth::LDAP’;
$Self->{‘Customer::AuthModule::LDAP::Host’} = ‘unwichtig’;
$Self->{‘Customer::AuthModule::LDAP::BaseDN’} = ‘unwichtig’;
$Self->{‘Customer::AuthModule::LDAP::UID’} = ‘samaccountname’;
#$Self->{‘Customer::AuthModule::LDAP::GroupDN’} = ‘unwichtig’;
$Self->{‘Customer::AuthModule::LDAP::SearchUserDN’} = ‘unwichtig’;
$Self->{‘Customer::AuthModule::LDAP::SearchUserPw’} = ‘unwichtig’;
$Self->{‘Customer::AuthModule::LDAP::Params’} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};

#——————————————————————————————————————————#
# LDAP System Users #
#——————————————————————————————————————————#
$Self->{‘AuthModule1’} = ‘Kernel::System::Auth::LDAP’;
$Self->{‘AuthModule::LDAP::Host1’} = ‘unwichtig’;
$Self->{‘AuthModule::LDAP::BaseDN1’} = ‘unwichtig’;
$Self->{‘AuthModule::LDAP::UID1’} = ‘sAMAccountName’;
$Self->{‘AuthModule::LDAP::SearchUserDN1’} = ‘unwichtig’;
$Self->{‘AuthModule::LDAP::SearchUserPw1’} = ‘unwichtig’;
$Self->{‘AuthModule::LDAP::Params1’} = {
‘async’ => ‘0’,
‘timeout’ => ‘120’,
‘version’ => ‘3’,
‘port’ => ‘389’
};

$Self->{‘AuthModule::LDAP::Die1’} = 1;

#——————————————————————————————————————————#
# UserSyncLDAPMap #
#——————————————————————————————————————————#

$Self->{CustomerUser1} = {
Name => ‘READ ONLY -> LDAP Backend’,
Module => ‘Kernel::System::CustomerUser::LDAP’,
Params => {
Host => ‘unwichtig’,
BaseDN => ‘unwichtig’,
SSCOPE => ‘sub’,
UserDN => ‘unwichtig’,
UserPw => ‘unwichtig’,
AlwaysFilter => ‘(objectclass=user)’,
SourceCharset => ‘utf-8’,
DestCharset => ‘utf-8’,
Params => {
port => 389,
timeout => 120,
async => 0,
version => 3,
},
},
CustomerKey => ‘samaccountname’,
CustomerID => ‘mail’,
CustomerUserListFields => [‘displayName’, ‘mail’],
CustomerUserSearchFields => [‘name’, ‘sAMAccountName’, ‘sn’, ‘telephonenumber’, ‘mail’],
CustomerUserSearchPrefix => ”,
CustomerUserSearchSuffix => ‘*’,
CustomerUserSearchListLimit => 5000,
CustomerUserPostMasterSearchFields => [‘mail’],
CustomerUserNameFields => [‘displayName’],
AdminSetPreferences => 0,
CacheTTL => 2240,
Map => [
[ ‘UserSalutation’, ‘Position’, ‘title’, 1, 0, ‘var’, ”, 1 ],
[ ‘UserFirstname’, ‘Firstname’, ‘givenname’, 1, 1, ‘var’, ”, 1 ],
[ ‘UserLastname’, ‘Lastname’, ‘sn’, 1, 1, ‘var’, ”, 1 ],
[ ‘UserLogin’, ‘Username’, ‘samaccountname’, 1, 1, ‘var’, ”, 1 ],
[ ‘UserEmail’, ‘Email’, ‘mail’, 1, 1, ‘var’, ‘mailto:$Data{“UserEmail”}’, 1 ],
[ ‘UserCustomerID’, ‘CustomerID’, ‘mail’, 0, 1, ‘var’, ”, 1 ],
[ ‘UserPhone’, ‘Phone’, ‘telephonenumber’, 1, 0, ‘var’, ‘callto:$Data{“UserPhone”}’, 1 ],
[ ‘UserDepartment’, ‘Department’, ‘department’, 1, 0, ‘var’, ”, 1 ],
[ ‘UserFAX’, ‘FAX’, ‘facsimiletelephonenumber’, 1, 0, ‘var’, ”, 1 ],
[ ‘UserCompany’, ‘Company’, ‘company’, 1, 0, ‘var’, ”, 1 ],
[ ‘UserAddress’, ‘Address’, ‘streetaddress’, 1, 0, ‘var’, ”, 1 ],
[ ‘UserPostalcode’, ‘Postalcode’, ‘postalcode’, 1, 0, ‘var’, ”, 1 ],
[ ‘UserLocation’, ‘Location’, ‘L’, 1, 0, ‘var’, ”, 1 ],
[ ‘UserCountry’, ‘Country’, ‘co’, 1, 0, ‘var’, ”, 1 ],
[ ‘UserComment’, ‘Comment’, ‘description’, 1, 0, ‘var’, ”, 1 ],
],
};

 

[Autor]

Beiträge