Agents roles assignment in OTOBO driven by ActiveDirectory groups

[Karl67 Karl]

Hello All,

I have connected Otobo on a microsoft ActiveDirectory for agent authentication.

This first step is working normally. Now, I need to assign Otobo Roles regarding user’s group in AD.

But, cannot manage this step to work.

This is my configuration and error logs, any advice will be welcomed.

# # Agent Authentication #
# # --------------------------------------------------------------------------------------------

$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'my.ldap.host'; #name or ip address of the ldap server
$Self->{'AuthModule::LDAP::BaseDN'} = 'DC=myhost,DC=com';#domain name
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'memberUID'; # for 2008st domain is 'member' for 2003rd domain is 'memberUID'*
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=compte technique,OU=Informatique,DC=myhost,DC=com'; # the user that logs in the Ldap. It is also possible to use the Principal Name
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'Password'; # the password of the account that logs in the Ldap

# ROLE ASSIGNMENT
$Self->{'AuthSyncModule::LDAP::UserSyncRolesDefinition'} = {
# ldap group
'CN=Supervisors,OU=Informatique,DC=myhost,DC=com' => {
# otobo role
'Supervisors' => 1,
},
};

Now, in systemlogs, I see authentication was good.

User: ctechnique (CN=compte technique,OU=Informatique,DC=myhost,DC=com) authentication ok

But for group assignment, Otobo doesn’t find the user is the „supervisors“ group in AD. (it is for sure).

User: ctechnique not in GroupDN='CN=Supervisors,OU=Informatique,DC=myhost,DC=com', Filter='(memberUid=CN=compte technique,OU=Informatique,DC=myhost,DC=com)'!

Perhaps something wrong with this filter with „memberUid=CN=..“ but cannot found where to change this filter ?

Thanks in advance.

• Dieses Thema wurde geändert vor 1 Jahr von Karl67 Karl.

[Autor]

Beiträge