基于用户名的OTRS AD身份验证
答
是的,这是可能的。
什么是对OTRS(DB,LDAP,BASIC)
如果它是DB,那么请在内核/ Config.pm添加这些行
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::DB';
$Self->{'Customer::AuthModule::DB::Table'} = 'customer_user';
$Self->{'Customer::AuthModule::DB::CustomerKey'} = 'login';
这将设置你的认证后端所需customerKey登录o栏表customer_user
更新#1
那么,在这种情况下,编辑您的Config.pm文件,并添加这些行:
请注意变量LDAP :: UID,CustomerKey和UserCustomerID的映射。检查您的广告,并确保,每一个客户,在sAMAccountName赋独特的价值
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{CustomerUser} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'host.example.com',
BaseDN => 'OU=BaseOU,DC=example,DC=com',
SSCOPE => 'sub',
UserDN =>'otrs_ldap',
UserPw => 'PASSWORD',
},
# customer unique id
CustomerKey => 'sAMAccountName',
# customer #
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
#[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'sAMAccountName', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
#[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
#[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
我对OTRS客户认证后端是LDAP与电子邮件作为过滤器,其OTRS用途authentication.Is有办法让OTRS可以验证仅基于用户的登录名。 –
编辑了LDAP的配置验证 – Artjoman
是的,我的主要问题是在我们的AD用户的电子邮件字段中留空,所以我们必须仅基于用户名进行身份验证。这意味着我们不需要AD上的用户电子邮件ID。 –