0

We set up an OTRS authenticating users with LDAP (Microsoft AD), and we want to assign ALL users from domain to be customers on OTRS, the problem is that years ago when the domain was created, our Windows Servers were in our native language (Portuguese), and the default groups are named like that, not "Domain Users", but "Usuários do domínio" with all that accentuation. OTRS is not liking it and won't work getting users from that group:

$Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'CN=Usuários do domínio,CN=Users,DC=example,DC=com';

Could anyone enlight me if is there another way to get ALL users from a domain besides using groups on OTRS or maybe workaround that accentuation problem?

esserafael
  • 329
  • 2
  • 9
  • 20
  • 1
    not a otrs user, but if you want to get all user accounts in AD then you need to use this filter: "(&(objectclass=user)(objectcategory=person)(!(objectclass=computer)))" with the correct base to your environment and scope sub. – natxo asenjo Apr 06 '16 at 20:32
  • I'm from Brazil, so I face this a lot. I tested the two answers below and both worked. Also, if you enclose "Usuários do domínio" in double quotes, it seems to work too. It would be nice if the OP @esserafael could come back and choose one answer, or tell us how thet solved it. – Henrique May 29 '20 at 16:28

2 Answers2

2

Authenticating Customers with LDAP backend, with ALL users (and no dedicated "otrs-allow" group) is working for me in OTRS 5s. Just get rid of referencing this group in Settings (Admin -> SysConfig -> Search) and /opt/otrs/Kernel/Config.pm.

1) in /opt/otrs/Kernel/Config.pm - just comment this out:

# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group xyz to use otrs)
## $Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'cn=otrs-allow,dc=example,dc=org';
## $Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
## $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN';

2) in OTRS Agent interface - being admin go "Admin -> SysConfig -> Search" and search for:

  • Customer::AuthModule::LDAP::GroupDN
  • Customer::AuthModule::LDAP::AccessAttr
  • Customer::AuthModule::LDAP::UserAttr

Reset this options to default and uncheck.

sea
  • 19
  • 3
1

I think the following LDAP query will work just fine:

$Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'CN=Usu*rios do dom*nio,CN=Users,DC=example,DC=com';
samueldc
  • 26
  • 2