Доброго времени суток.
Пытаюсь практически тоже самое провернуть на агентах. Вроде эта возможность даже за документированна. Не выходит аленький цветочек. Выкладываю листинг Config.pm. Может быть кто нибудь сталкивался или я что-то делаю не правильно. Пробую разными способами. Клиенты и агенты видны в отрс. Права на группы ни в какую. Спасибо.
Код: Выделить всё
$Self->{'DefaultCharset'} = 'utf-8';
# задействуем LDAP аутентификацию для бэкэнд агентов
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'xxx.xxx.xxx.10';
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=local,dc=xxx,dc=xxx';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
# проверка, присутствует ли пользователь в группе, если да, то доступ в OTRS разрешен
$Self->{'AuthModule::LDAP::GroupDN'} = 'cn=OTRSagents,cn=Users,dc=xxx,dc=xxx,dc=xx';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=xxxx,CN=Users,DC=xxx,DC=xxx,DC=xxx';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'xxxxxxxxxxxxxxxx';
$Self->{'AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
sscope => 'sub'
},
# Agent data sync against LDAP
$Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
$Self->{'AuthSyncModule::LDAP::Host'} = 'xxx.xxx.xxx.xxx';
$Self->{'AuthSyncModule::LDAP::BaseDN'} = 'DC=local,DC=xxx,DC=xxx';
$Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'CN=xxxx,CN=Users,DC=local,DC=xxx,DC=xxx';
$Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'xxxxxxxxxxxxx';
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
'users','GANP_helpdesk',
];
$Self->{'AuthSyncModule::LDAP::UserSyncGroupsDefinition'} = {
# ldap group
'cn=OTRSagents,cn=Users,DC=local,DC=xxx,DC=xxx' => {
# otrs group
'GANP_helpdesk' => {
# permission
rw => 1,
# ro => 1,
},
},
};
#AuthSyncModule::LDAP::UserSyncGroupsDefinition
$Self->{'AuthSyncModule::LDAP::UserSyncAttributeGroupsDefinition'} = {
# ldap attribute
'mail' => {
# ldap attribute value
'test@test.com' => {
# otrs group
'GANP_helpdesk' => {
# permission
rw => 1
# ro => 1,
}
}
}
};
# $Self->{'AuthSyncModule::LDAP::UserSyncGroupsDefinition'} = {
# # ldap group
# 'CN=GANP_AGENT,CN=Users,DC=local,DC=xxx,DC=xxx' => {
# # otrs group
# 'GANP_helpdesk' => {
# # permission
# rw => 1,
# ro => 1,
# },
# 'faq' => {
# rw => 0,
# ro => 1,
# },
# },
# 'cn=agent2,o=otrs' => {
# 'users' => {
# rw => 1,
# ro => 1,
# },
# }
# };
#
#
# Authenticate customer users against an LDAP backend #
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; #LDAP
$Self->{'Customer::AuthModule::LDAP::Host'} ='xxx.xxx.xxx.xxx';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'DC=local,DC=xxx,DC=xxx';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'CN=xxxx,CN=Users,DC=local,DC=xxx,DC=xxx';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'xxxxxxxxxxxxx';
$Self->{CustomerUser} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'xxx.xxx.xxx.xxx',
BaseDN => 'OU=users,OU=fil1,DC=local,DC=xxx,DC=xxx',
SSCOPE => 'sub',
UserDN => 'CN=xxxx,CN=Users,DC=local,DC=xxx,DC=xxx',
UserPw => 'xxxxxxxxxxxxx',
AlwaysFilter => '(&(samAccountType=805306368)(primaryGroupID=513)(mail=*)(company=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))',
SourceCharset => 'utf-8',
DestCharset => 'utf-8',
},
ReadOnly => 1,
CustomerKey => 'sAMAccountName',
CustomerID => 'company',
#CustomerUserListFields => ['givenname', 'sn', 'mail'],
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['displayName','sAMAccountName','givenName', 'sn', 'mail','description','company'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 10000,
CustomerUserPostMasterSearchFields => ['displayName','sAMAccountName','givenName','sn','mail','description','company'],
CustomerUserNameFields => ['givenname', 'sn'],
# CustomerUserExcludePrimaryCustomerID => 0,
CacheTTL => 120,
Map => [
# [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenName', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'company', 0, 1, 'var' ],
],
};
#fil2
$Self->{CustomerUser2} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'xxx.xxx.xxx.xxx',
BaseDN => 'OU=users,OU=fil2,DC=local,DC=xxx,DC=xxx',
SSCOPE => 'sub',
UserDN => 'CN=xxxx,CN=Users,DC=local,DC=xxx,DC=xxx',
UserPw => 'xxxxxxxxxxxxx',
AlwaysFilter => '(&(samAccountType=805306368)(primaryGroupID=513)(mail=*)(company=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))',
SourceCharset => 'utf-8',
DestCharset => 'utf-8',
},
ReadOnly => 1,
CustomerKey => 'sAMAccountName',
CustomerID => 'company',
#CustomerUserListFields => ['givenname', 'sn', 'mail'],
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['displayName','sAMAccountName','givenName', 'sn', 'mail','description','company'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 10000,
CustomerUserPostMasterSearchFields => ['displayName','sAMAccountName','givenName','sn','mail','description','company'],
CustomerUserNameFields => ['givenname', 'sn'],
# CustomerUserExcludePrimaryCustomerID => 0,
CacheTTL => 120,
Map => [
# [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenName', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'company', 0, 1, 'var' ],
],
};
#fil2