Конфиг OTRS + Active Directory + Company Tickets

Челябинская область

Автор:Dmitriy Altuhov

Конфиг OTRS + Active Directory + Company Tickets

Публикуем рабочий конфиг для OTRS с авторизацией/синхронизацией агентов (agents) и клиентов (customers) из Active Directory на Windows Server 2008 R2, и поддержкой Company Tickets

# —————————————————- #
# LDAP Integration for domain.local                   #
# —————————————————- #

# Enable LDAP lookups for Agent logins. User must be a member of OTRS Agents group.
$Self->{‘AuthModule’} = ‘Kernel::System::Auth::LDAP’;
$Self->{‘AuthModule::LDAP::Host’} = ‘server.domain.local’;
$Self->{‘AuthModule::LDAP::BaseDN’} = ‘dc=domain,dc=local’;
$Self->{‘AuthModule::LDAP::UID’} = ‘sAMAccountName’;

$Self->{‘AuthModule::LDAP::SearchUserDN’} = ‘cn=otrs,cn=Users,dc=domain,dc=local’;
$Self->{‘AuthModule::LDAP::SearchUserPw’} = ‘otrs’;

$Self->{‘AuthModule::LDAP::AlwaysFilter’} = ‘(objectclass=user)’;
$Self->{‘AuthModule::LDAP::GroupDN’} = ‘cn=OTRSAgent,cn=Users,dc=domain,dc=local’;
$Self->{‘AuthModule::LDAP::AccessAttr’} = ‘member’;
$Self->{‘AuthModule::LDAP::UserAttr’} = ‘DN’;

# Net::LDAP new params (if needed — for more info see perldoc Net::LDAP)
$Self->{‘AuthModule::LDAP::Params’} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};

# Enable LDAP lookups of Agent account informations and default roles.
$Self->{‘AuthSyncModule’} = ‘Kernel::System::Auth::Sync::LDAP’;
$Self->{‘AuthSyncModule::LDAP::Host’} = ‘server.domain.local’;
$Self->{‘AuthSyncModule::LDAP::BaseDN’} = ‘dc=domain,dc=local’;
$Self->{‘AuthSyncModule::LDAP::UID’} = ‘sAMAccountName’;

$Self->{‘AuthSyncModule::LDAP::SearchUserDN’} = ‘cn=otrs,cn=Users,dc=domain,dc=local’;
$Self->{‘AuthSyncModule::LDAP::SearchUserPw’} = ‘otrs’;

$Self->{‘AuthSyncModule::LDAP::UserSyncMap’} = {
UserFirstname => ‘givenName’,
UserLastname  => ‘sn’,
UserEmail     => ‘mail’,
};
# AuthSyncModule::LDAP::UserSyncInitialGroups
# (sync following group with rw permission after initial create of first agent
# login)
$Self->{‘AuthSyncModule::LDAP::UserSyncInitialGroups’} = [
‘users’,
];
#    $Self->{‘AuthSyncModule::LDAP::UserSyncRolesDefinition’} = {
#       ‘cn=OTRSAgent,cn=Users,dc=domain,dc=local’ => {
#            ‘Company Agents’ => 1,
#        },
#        ‘cn=localadm,cn=Users,dc=domain,dc=local’ => {
#            ‘Tech Support Agents’ => 1,
#        }
#    };
# Enable LDAP lookups for Customer logins.
$Self->{‘Customer::AuthModule’} = ‘Kernel::System::CustomerAuth::LDAP’;
$Self->{‘Customer::AuthModule::LDAP::Host’} = ‘server.domain.local’;
$Self->{‘Customer::AuthModule::LDAP::BaseDN’} = ‘ou=Personal,dc=domain,dc=local’;
$Self->{‘Customer::AuthModule::LDAP::UID’} = ‘sAMAccountName’;
$Self->{‘Customer::AuthModule::LDAP::SearchUserDN’} = ‘cn=otrs,cn=Users,dc=domain,dc=local’;
$Self->{‘Customer::AuthModule::LDAP::SearchUserPw’} = ‘otrs’;
$Self->{‘Customer::AuthModule::LDAP::AlwaysFilter’} = ‘(objectclass=user)’;
#    $Self->{‘Customer::AuthModule::LDAP::GroupDN’} = ‘ou=Personal,dc=domain,dc=local’;
#    $Self->{‘Customer::AuthModule::LDAP::GroupDN’} = ‘cn=localpous,cn=Users,dc=domain,dc=local’;
#    $Self->{‘Customer::AuthModule::LDAP::AccessAttr’} = ‘member’;
#    $Self->{‘Customer::AuthModule::LDAP::UserAttr’} = ‘DN’;

# Enable LDAP lookups for Customer account information.
$Self->{CustomerUser} = {
Module => ‘Kernel::System::CustomerUser::LDAP’,
Name => ‘AD’,
Params => {
Host => ‘server.domain.local’,
BaseDN => ‘ou=Personal,dc=domain,dc=local’,
SSCOPE => ‘sub’,
UserDN => ‘cn=otrs,cn=Users,dc=domain,dc=local’,
UserPw => ‘otrs’,
AlwaysFilter => ‘(&(objectCategory=person)(|(objectClass=user))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))’,
SourceCharset => ‘utf-8’,
DestCharset => ‘utf-8’,
},
#      ReadOnly => 1,
CustomerKey => ‘sAMAccountName’,
CustomerID => ‘company’,
CustomerUserListFields => [‘cn’, ‘mail’],
CustomerUserSearchFields => [‘uid’, ‘cn’, ‘mail’],
CustomerUserSearchPrefix => ‘*’,
CustomerUserSearchSuffix => ‘*’,
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => [‘mail’],
CustomerUserNameFields => [‘givenname’, ‘sn’],
CustomerUserExcludePrimaryCustomerID => 0,
# add an ldap filter for valid users (expert setting)
#    CustomerUserValidFilter => ‘(!(description=locked))’,
# administrator can’t change customer preferences
AdminSetPreferences => 0,
Map => [
# note: Login, Email and CustomerID are mandatory!
# var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly
[ ‘UserTitle’,      ‘Title’,      ‘title’,           1, 0, ‘var’, », 0 ],
[ ‘UserFirstname’,  ‘Firstname’,  ‘givenname’,       1, 1, ‘var’, », 0 ],
[ ‘UserLastname’,   ‘Lastname’,   ‘sn’,              1, 1, ‘var’, », 0 ],
[ ‘UserLogin’,      ‘Username’,   ‘sAMAccountName’,             1, 1, ‘var’, », 0 ],
[ ‘UserEmail’,      ‘Email’,      ‘mail’,            1, 1, ‘var’, », 0 ],
[ ‘UserCustomerID’, ‘CustomerID’, ‘company’,            0, 1, ‘var’, », 0 ],
#        [ ‘UserCustomerIDs’, ‘CustomerIDs’, ‘company’, 1, 0, ‘var’, », 0 ],
[ ‘UserPhone’,      ‘Phone’,      ‘telephonenumber’, 1, 0, ‘var’, », 0 ],
[ ‘UserAddress’,    ‘Address’,    ‘postaladdress’,   1, 0, ‘var’, », 0 ],
[ ‘UserComment’,    ‘Comment’,    ‘description’,     1, 0, ‘var’, », 0 ],
],
};

Comments Are Closed!!!