Viewing 0 reply threads
  • Author
    Posts
    • #12858
      Karl67 Karl
      Participant

        Hello All,

        I have connected Otobo on a microsoft ActiveDirectory for agent authentication.

        This first step is working normally. Now, I need to assign Otobo Roles regarding user’s group in AD.

        But, cannot manage this step to work.

        This is my configuration and error logs, any advice will be welcomed.

        # # Agent Authentication #
        # # --------------------------------------------------------------------------------------------
        
        $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
        $Self->{'AuthModule::LDAP::Host'} = 'my.ldap.host'; #name or ip address of the ldap server
        $Self->{'AuthModule::LDAP::BaseDN'} = 'DC=myhost,DC=com';#domain name
        $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
        $Self->{'AuthModule::LDAP::AccessAttr'} = 'memberUID'; # for 2008st domain is 'member' for 2003rd domain is 'memberUID'*
        $Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=compte technique,OU=Informatique,DC=myhost,DC=com'; # the user that logs in the Ldap. It is also possible to use the Principal Name
        $Self->{'AuthModule::LDAP::SearchUserPw'} = 'Password'; # the password of the account that logs in the Ldap
        
        # ROLE ASSIGNMENT
        $Self->{'AuthSyncModule::LDAP::UserSyncRolesDefinition'} = {
        # ldap group
        'CN=Supervisors,OU=Informatique,DC=myhost,DC=com' => {
        # otobo role
        'Supervisors' => 1,
        },
        };
        

        Now, in systemlogs, I see authentication was good.

        User: ctechnique (CN=compte technique,OU=Informatique,DC=myhost,DC=com) authentication ok

        But for group assignment, Otobo doesn’t find the user is the “supervisors” group in AD. (it is for sure).

        User: ctechnique not in GroupDN='CN=Supervisors,OU=Informatique,DC=myhost,DC=com', Filter='(memberUid=CN=compte technique,OU=Informatique,DC=myhost,DC=com)'!

        Perhaps something wrong with this filter with “memberUid=CN=..” but cannot found where to change this filter ?

        Thanks in advance.

    Viewing 0 reply threads
    • You must be logged in to reply to this topic.