OTRS ist in der Lage, mit verschiedenen Kundendaten (insbesondere Login, E-Mail, Telefon) umzugehen. Diese Informationen können im Agenten-Interface angezeigt und für das Kunden-Interface verwendet werden. Weiterhin werden die Daten für die Authentifizierung der Kunden am System benötigt.
Die benutzten/angezeigten Kundendaten sind frei konfigurierbar, es gibt jedoch folgende benötigte Optionen die unbedingt vorhanden sein müssen, damit OTRS ordnungsgemäß funktioniert:
Benutzer-Login
E-Mail-Adresse
Benutzer-Kunden-ID
Verwenden Sie die folgenden SysConfig-Parameter, wenn Sie die Kundeninformationen im Agenten-Interface angezeigen wollen.
# Ticket::Frontend::CustomerInfo* # (show customer info on Compose (Phone and Email), Zoom and # Queue view) $Self->{'Ticket::Frontend::CustomerInfoCompose'} = 1; $Self->{'Ticket::Frontend::CustomerInfoZoom'} = 1;
Skript: SysConfig Konfigurationsparameter.
Es existieren zwei Kundenbenutzer Back-ends, DB und LDAP. Falls Sie bereits ein Kundenverzeichnis (z. B. SAP, ...) haben, ist es natürlich möglich, dafür ein eigenes Back-end zu schreiben.
The Example below shows the configuration of a DB customer backend, which uses customer data stored in the OTRS database.
Beispiel 4.7. Konfiguration eines Datenbank-Kunden-Backends
# CustomerUser (customer database backend and settings) $Self->{CustomerUser} = { Name => 'Database Datasource', Module => 'Kernel::System::CustomerUser::DB', Params => { # if you want to use an external database, add the required settings # DSN => 'DBI:odbc:yourdsn', # Type => 'mssql', # only for ODBC connections # DSN => 'DBI:mysql:database=customerdb;host=customerdbhost', # User => '', # Password => '', Table => 'customer_user', # CaseSensitive will control if the SQL statements need LOWER() # function calls to work case insensitively. Setting this to # 1 will improve performance dramatically on large databases. CaseSensitive => 0, }, # customer unique id CustomerKey => 'login', # customer # CustomerID => 'customer_id', CustomerValid => 'valid_id', CustomerUserListFields => ['first_name', 'last_name', 'email'], CustomerUserSearchFields => ['login', 'last_name', 'customer_id'], CustomerUserSearchPrefix => '', CustomerUserSearchSuffix => '*', CustomerUserSearchListLimit => 250, CustomerUserPostMasterSearchFields => ['email'], CustomerUserNameFields => ['title','first_name','last_name'], CustomerUserEmailUniqCheck => 1, # # show not own tickets in customer panel, CompanyTickets # CustomerUserExcludePrimaryCustomerID => 0, # # generate auto logins # AutoLoginCreation => 0, # AutoLoginCreationPrefix => 'auto', # # admin can change customer preferences # AdminSetPreferences => 1, # # cache time to live in sec. - cache any database queries # CacheTTL => 0, # # just a read only source # ReadOnly => 1, Map => [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly, http-link-target, link class(es) [ 'UserTitle', 'Title', 'title', 1, 0, 'var', '', 0 ], [ 'UserFirstname', 'Firstname', 'first_name', 1, 1, 'var', '', 0 ], [ 'UserLastname', 'Lastname', 'last_name', 1, 1, 'var', '', 0 ], [ 'UserLogin', 'Username', 'login', 1, 1, 'var', '', 0 ], [ 'UserPassword', 'Password', 'pw', 0, 0, 'var', '', 0 ], [ 'UserEmail', 'Email', 'email', 1, 1, 'var', '', 0 ], # [ 'UserEmail', Translatable('Email'), 'email', 1, 1, 'var', '[% Env("CGIHandle") %]?Action=AgentTicketCompose;ResponseID=1;TicketID=[% Data.TicketID | uri %];ArticleID=[% Data.ArticleID | uri %]', 0, '', 'AsPopup OTRSPopup_TicketAction' ], [ 'UserCustomerID', 'CustomerID', 'customer_id', 0, 1, 'var', '', 0 ], # [ 'UserCustomerIDs', 'CustomerIDs', 'customer_ids', 1, 0, 'var', '', 0 ], [ 'UserPhone', 'Phone', 'phone', 1, 0, 'var', '', 0 ], [ 'UserFax', 'Fax', 'fax', 1, 0, 'var', '', 0 ], [ 'UserMobile', 'Mobile', 'mobile', 1, 0, 'var', '', 0 ], [ 'UserStreet', 'Street', 'street', 1, 0, 'var', '', 0 ], [ 'UserZip', 'Zip', 'zip', 1, 0, 'var', '', 0 ], [ 'UserCity', 'City', 'city', 1, 0, 'var', '', 0 ], [ 'UserCountry', 'Country', 'country', 1, 0, 'var', '', 0 ], [ 'UserComment', 'Comment', 'comments', 1, 0, 'var', '', 0 ], [ 'ValidID', 'Valid', 'valid_id', 0, 1, 'int', '', 0 ], # Dynamic field example # [ 'DynamicField_Name_X', undef, 'Name_X', 0, 0, 'dynamic_field', undef, 0, undef, undef, ], ], # default selections Selections => { UserTitle => { 'Mr.' => 'Mr.', 'Mrs.' => 'Mrs.', }, }, };
Falls Sie die Kundendaten anpassen möchten, ändern Sie in der Datenbank die Tabellenspalten oder fügen Sie weitere hinzu (im folgenden Beispiel wird ein Feld für die Raumnummer hinzugefügt).
linux:~# mysql -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 116 to server version: 5.0.18-Debian_7-log Type 'help;' or '\h' for help. Type '\c' to clear the buffer. mysql> use otrs; Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed mysql> ALTER TABLE customer_user ADD room VARCHAR (250); Query OK, 1 rows affected (0.01 sec) Records: 1 Duplicates: 0 Warnings: 0 mysql> quit Bye linux:~#
Skript: Ein Feld zur Tabelle customer_user hinzufügen.
Danach fügen Sie Ihre eigenen Spalten dem MAP Array in der Datei
Kernel/Config.pm
hinzu:
# var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly, http-link-target, link class(es) [...] [ 'UserRoom', 'Room', 'room', 0, 1, 'var', '', 0 ],
Skript: Hinzufügen eines Feldes in Kernel/Config.pm file.
Es ist auch möglich, diese Kundeninformationen über den Kundenlink im Agent-Interface zu bearbeiten.
Please note that you may omit http-link-target
and
link class
keys in map array elements, if they are not to
be used. These keys add target=""
and
class=""
attributes to the HTTP link element,
respectively. They are ignored if http-link
is not set.
Es ist möglich, einem Kunden mehr als nur eine Kundennummer zuzuweisen. Dies kann z. B. dann sinnvoll sein, wenn ein Kunde auf Tickets anderer Kunden zugreifen muss, z. B. der Abteilungsleiter auf die Tickets der Mitarbeiter seiner Abteilung. Hat ein Kunde Zugriff auf Tickets anderer Kunden, verwendet man in OTRS das sog. Firmen Ticket Feature. Im Kunden-Interface können diese Tickets über den "Firmen-Ticket" Link eingesehen werden.
Um Firmen-Tickets zu verwenden, muss die customer_user Tabelle in der OTRS Datenbank um eine Spalte erweitert werden, in die später die Kundennummern eingetragen werden, auf die ein Kunde zusätzlich zu den eigenen Tickets Zugriff haben soll.
linux:~# mysql -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 124 to server version: 5.0.18-Debian_7-log Type 'help;' or '\h' for help. Type '\c' to clear the buffer. mysql> use otrs; Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed mysql> ALTER TABLE customer_user ADD customer_ids VARCHAR (250); Query OK, 1 rows affected (0.02 sec) Records: 1 Duplicates: 0 Warnings: 0 mysql> quit Bye linux:~#
Skript: Hinzufügen eines Feldes customer_ids zur Tabelle customer_user.
Danach fügen Sie die neue Spalte dem MAP Array in der Datei
Kernel/Config.pm
hinzu.
# var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly, http-link-target, link class(es) [...] [ 'UserCustomerIDs', 'CustomerIDs', 'customer_ids', 1, 0, 'var', '', 0 ],
Skript: Hinzufügen des Feldes UserCustomerIDs zu Kernel/Config.pm.
Die Spalte für die Multi-Kundennummern kann ab nun über das Admin-Interface bzw. über die Kundenverwaltung gepflegt werden.
To ensure that one customer can access the tickets of other customers, add the IDs of these other users into the new field for the multiple customer IDs. Each ID has to be separated by a semicolon (see Example below).
Beispiel 4.8. Using Company Tickets with a DB Backend
Angenommen es sind die Kunden A, B und C im System angelegt. A soll mit Hilfe von Firmen Tickets über das Kunden-Interface Zugriff auf die Tickets von B und C haben, B und C sollen jedoch jeweils nur ihre eigenen Tickets einsehen und bearbeiten können.
Um dieses Setup zu realisieren, ändern Sie wie oben beschrieben die
customer_user Tabelle in der OTRS Datenbank und das Mapping
inKernel/Config.pm
. Anschließend laden Sie über die
Kundenverwaltung die Einstellungen des Kunden A und tragen bei
"Kundennummern" die Werte "B;C;" ein.
If you have an LDAP directory with your customer data, you can use it as the customer backend with OTRS, as shown in Example below.
Beispiel 4.9. Konfiguration eines LDAP Kunden-Backends
# CustomerUser # (customer ldap backend and settings) $Self->{CustomerUser} = { Name => 'LDAP Data Source', Module => 'Kernel::System::CustomerUser::LDAP', Params => { # ldap host Host => 'bay.csuhayward.edu', # ldap base dn BaseDN => 'ou=seas,o=csuh', # search scope (one|sub) SSCOPE => 'sub', # The following is valid but would only be necessary if the # anonymous user does NOT have permission to read from the LDAP tree UserDN => '', UserPw => '', # in case you want to add always one filter to each ldap query, use # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)' AlwaysFilter => '', # if the charset of your ldap server is iso-8859-1, use this: # SourceCharset => 'iso-8859-1', # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP) Params => { port => 389, timeout => 120, async => 0, version => 3, }, }, # customer unique id CustomerKey => 'uid', # customer # CustomerID => 'mail', CustomerUserListFields => ['cn', 'mail'], CustomerUserSearchFields => ['uid', 'cn', 'mail'], CustomerUserSearchPrefix => '', CustomerUserSearchSuffix => '*', CustomerUserSearchListLimit => 250, CustomerUserPostMasterSearchFields => ['mail'], CustomerUserNameFields => ['givenname', 'sn'], # show not own tickets in customer panel, CompanyTickets CustomerUserExcludePrimaryCustomerID => 0, # add an ldap filter for valid users (expert setting) # CustomerUserValidFilter => '(!(description=locked))', # administrator can't change customer preferences AdminSetPreferences => 0, # # cache time to live in sec. - cache any database queries # CacheTTL => 0, Map => [ # note: Login, Email and CustomerID are mandatory! # var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly, http-link-target, link class(es) [ 'UserTitle', 'Title', 'title', 1, 0, 'var', '', 0 ], [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var', '', 0 ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var', '', 0 ], [ 'UserLogin', 'Username', 'uid', 1, 1, 'var', '', 0 ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var', '', 0 ], [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var', '', 0 ], # [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1, 0, 'var', '', 0 ], [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var', '', 0 ], [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var', '', 0 ], [ 'UserComment', 'Comment', 'description', 1, 0, 'var', '', 0 ], ], };
Falls Sie in Ihrem LDAP Verzeichnis weitere Informationen zu Ihren Kunden
gespeichert haben und mit OTRS darauf zugreifen möchten, erweitern Sie das
MAP Array in Kernel/Config.pm
bzw. entfernen nicht
gewünschte Einträge.
# var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly, http-link-target, link class(es) [...] [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var', '', 0 ],
Skript: Hinzufügen neuer Felder zu Kernel/Config.pm.
Um Firmentickets mit einem LDAP zu nutzen, muss ein Feld zum LDAP-Verzeichnis hinzugefügt werden, welches die IDs enthält, die für einen Kunden zugänglich sein sollen.
Wenn das neue Feld erstellt wurde, muss es zum MAP Array in
Kernel/Config.pm
hinzugefügt werden.
# var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly [...] [ 'UserCustomerIDs', 'CustomerIDs', 'customer_ids', 1, 0, 'var', '', 0 ],
Skript: Hinzufügen eines neuen Feldes in Kernel/Config.pm.
Das Feld muss direkt im LDAP-Verzeichnis bearbeitet werden, weil OTRS von LDAP nur lesen kann, nicht jedoch darauf schreiben.
To ensure access by a customer to the tickets of other customers, add the customer IDs of the customers whose tickets should be accessed to the new field in your LDAP directory. Each ID has to be separated by a semicolon (see Example below).
Beispiel 4.10. Verwendung von Firmentickets mit einem LDAP-Backend
Angenommen es sind die Kunden A, B und C im System angelegt. A soll mit Hilfe von Firmen Tickets über das Kunden-Interface Zugriff auf die Tickets von B und C haben, B und C sollen jedoch jeweils nur ihre eigenen Tickets einsehen und bearbeiten können.
Um dieses Setup zu realisieren, ändern Sie wie oben beschrieben das LDAP
Verzeichnis und das Mapping in
Kernel/Config.pm
. Anschließend tragen Sie im LDAP
Verzeichnis innerhalb der Einstellungen für den Kunden A für CustomerIDs die
Werte "B;C;" ein.
If you want to utilize more than one customer data source used with OTRS (e.g. an LDAP and a database backend), the CustomerUser config parameter should be expanded with a number, e.g. "CustomerUser1", "CustomerUser2" (see Example below).
Beispiel 4.11. Gleichzeitige Einbindung mehrerer verschiedener Kunden Backends
In der folgenden KOnfiguration verwendet OTRS gleichzeitig ein Datenbank- und ein LDAP-Kunden-Backend.
# 1. Customer user backend: DB # (customer database backend and settings) $Self->{CustomerUser1} = { Name => 'Customer Database', Module => 'Kernel::System::CustomerUser::DB', Params => { # if you want to use an external database, add the # required settings # DSN => 'DBI:odbc:yourdsn', # Type => 'mssql', # only for ODBC connections # DSN => 'DBI:mysql:database=customerdb;host=customerdbhost', # User => '', # Password => '', Table => 'customer_user', }, # customer unique id CustomerKey => 'login', # customer # CustomerID => 'customer_id', CustomerValid => 'valid_id', CustomerUserListFields => ['first_name', 'last_name', 'email'], CustomerUserSearchFields => ['login', 'last_name', 'customer_id'], CustomerUserSearchPrefix => '', CustomerUserSearchSuffix => '*', CustomerUserSearchListLimit => 250, CustomerUserPostMasterSearchFields => ['email'], CustomerUserNameFields => ['title','first_name','last_name'], CustomerUserEmailUniqCheck => 1, # # show not own tickets in customer panel, CompanyTickets # CustomerUserExcludePrimaryCustomerID => 0, # # generate auto logins # AutoLoginCreation => 0, # AutoLoginCreationPrefix => 'auto', # # admin can change customer preferences # AdminSetPreferences => 1, # # cache time to live in sec. - cache any database queries # CacheTTL => 0, # # just a read only source # ReadOnly => 1, Map => [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly, http-link-target [ 'UserTitle', 'Title', 'title', 1, 0, 'var', '', 0 ], [ 'UserFirstname', 'Firstname', 'first_name', 1, 1, 'var', '', 0 ], [ 'UserLastname', 'Lastname', 'last_name', 1, 1, 'var', '', 0 ], [ 'UserLogin', 'Username', 'login', 1, 1, 'var', '', 0 ], [ 'UserPassword', 'Password', 'pw', 0, 0, 'var', '', 0 ], [ 'UserEmail', 'Email', 'email', 1, 1, 'var', '', 0 ], [ 'UserCustomerID', 'CustomerID', 'customer_id', 0, 1, 'var', '', 0 ], [ 'UserPhone', 'Phone', 'phone', 1, 0, 'var', '', 0 ], [ 'UserFax', 'Fax', 'fax', 1, 0, 'var', '', 0 ], [ 'UserMobile', 'Mobile', 'mobile', 1, 0, 'var', '', 0 ], [ 'UserStreet', 'Street', 'street', 1, 0, 'var', '', 0 ], [ 'UserZip', 'Zip', 'zip', 1, 0, 'var', '', 0 ], [ 'UserCity', 'City', 'city', 1, 0, 'var', '', 0 ], [ 'UserCountry', 'Country', 'country', 1, 0, 'var', '', 0 ], [ 'UserComment', 'Comment', 'comments', 1, 0, 'var', '', 0 ], [ 'ValidID', 'Valid', 'valid_id', 0, 1, 'int', '', 0 ], ], # default selections Selections => { UserTitle => { 'Mr.' => 'Mr.', 'Mrs.' => 'Mrs.', }, }, }; # 2. Customer user backend: LDAP # (customer ldap backend and settings) $Self->{CustomerUser2} = { Name => 'LDAP Datasource', Module => 'Kernel::System::CustomerUser::LDAP', Params => { # ldap host Host => 'bay.csuhayward.edu', # ldap base dn BaseDN => 'ou=seas,o=csuh', # search scope (one|sub) SSCOPE => 'sub', # The following is valid but would only be necessary if the # anonymous user does NOT have permission to read from the LDAP tree UserDN => '', UserPw => '', # in case you want to add always one filter to each ldap query, use # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)' AlwaysFilter => '', # if the charset of your ldap server is iso-8859-1, use this: # SourceCharset => 'iso-8859-1', # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP) Params => { port => 389, timeout => 120, async => 0, version => 3, }, }, # customer unique id CustomerKey => 'uid', # customer # CustomerID => 'mail', CustomerUserListFields => ['cn', 'mail'], CustomerUserSearchFields => ['uid', 'cn', 'mail'], CustomerUserSearchPrefix => '', CustomerUserSearchSuffix => '*', CustomerUserSearchListLimit => 250, CustomerUserPostMasterSearchFields => ['mail'], CustomerUserNameFields => ['givenname', 'sn'], # show not own tickets in customer panel, CompanyTickets CustomerUserExcludePrimaryCustomerID => 0, # add a ldap filter for valid users (expert setting) # CustomerUserValidFilter => '(!(description=locked))', # admin can't change customer preferences AdminSetPreferences => 0, Map => [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly [ 'UserTitle', 'Title', 'title', 1, 0, 'var', '', 0 ], [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var', '', 0 ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var', '', 0 ], [ 'UserLogin', 'Username', 'uid', 1, 1, 'var', '', 0 ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var', '', 0 ], [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var', '', 0 ], # [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1, 0, 'var', '', 0 ], [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var', '', 0 ], [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var', '', 0 ], [ 'UserComment', 'Comment', 'description', 1, 0, 'var', '', 0 ], ], };
Es können bis zu 10 Kunden Back-ends gleichzeitig eingebunden werden. Über die Kundenverwaltung in OTRS ist der Zugriff auf die verschiedenen Back-ends möglich.
Manchmal kann es von Vorteil sein Kundendaten direkt in einem dynamischen Feld innerhalb eines Ticket zu speichern, um z.b. spezielle Statistiken zu erzeugen.
The dynamic field values are set when a ticket is created or when the customer of a ticket is changed. The values of the dynamic fields are taken from the customer data. This works for all backends, but is especially useful for LDAP-backends.
To activate this optional feature of OTRS, please activate the settings
Ticket::EventModulePost###950-DynamicFieldFromCustomerUser
and DynamicFieldFromCustomerUser::Mapping
. The latter
setting contains the configuration of which CustomerUser
field entry should be stored in which ticket dynamic field. The fields must
be present in the system and should be enabled for
AgentTicketFreeText
, so that they can be set
manually. They mustn't be enabled for AgentTicketPhone
,
AgentTicketEmail
and
AgentTicketCustomer
. If they were, they would have
precedence over the automatically set values.
OTRS bietet die Möglichkeit Agenten und Kunden über verschiedene Back-ends zu authentifizieren.
The backend to authenticate agents which is used by default is the OTRS database. Agents can be added and edited via the agent management interface in the Admin page (see Example below).
Beispiel 4.12. Agentenauthentifizierung gegen ein Datenbank-Backend
$Self->{'AuthModule'} = 'Kernel::System::Auth::DB';
If an LDAP directory has all your agent data stored, you can use the LDAP module to authenticate your users in OTRS (see Example below). This module has only read access to the LDAP tree, which means that you cannot edit your user data via the agent management interface.
Beispiel 4.13. Agentenauthentifizierung gegen ein LDAP Backend
# This is an example configuration for an LDAP auth. backend. # (Make sure Net::LDAP is installed!) $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self->{'AuthModule::LDAP::Host'} = 'ldap.example.com'; $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=example,dc=com'; $Self->{'AuthModule::LDAP::UID'} = 'uid'; # Check if the user is allowed to auth in a posixGroup # (e. g. user needs to be in a group xyz to use otrs) $Self->{'AuthModule::LDAP::GroupDN'} = 'cn=otrsallow,ou=posixGroups,dc=example,dc=com'; $Self->{'AuthModule::LDAP::AccessAttr'} = 'memberUid'; # for ldap posixGroups objectclass (just uid) # $Self->{'AuthModule::LDAP::UserAttr'} = 'UID'; # for non ldap posixGroups objectclass (with full user dn) # $Self->{'AuthModule::LDAP::UserAttr'} = 'DN'; # The following is valid but would only be necessary if the # anonymous user do NOT have permission to read from the LDAP tree $Self->{'AuthModule::LDAP::SearchUserDN'} = ''; $Self->{'AuthModule::LDAP::SearchUserPw'} = ''; # in case you want to add always one filter to each ldap query, use # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)' $Self->{'AuthModule::LDAP::AlwaysFilter'} = ''; # in case you want to add a suffix to each login name, then # you can use this option. e. g. user just want to use user but # in your ldap directory exists user@domain.com # $Self->{'AuthModule::LDAP::UserSuffix'} = '@domain.com'; # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP) $Self->{'AuthModule::LDAP::Params'} = { port => 389, timeout => 120, async => 0, version => 3, };
Mit den folgenden Konfigurationsparametern können die Benutzerdaten der Agenten aus dem LDAP in die lokale OTRS Datenbank synchronisiert werden. Dies reduziert die Zugriffe auf ihr LDAP Verzeichnis, entlastet den Server mit den LDAP Daten und beschleunigt die Anmeldung an OTRS. Die Synchronisierung der Daten findet bei der ersten Anmeldung des Agenten statt, trotz der synchronisierten Daten bleibt ihr LDAP Verzeichnis die letzte Instanz bei der Anmeldung. D.h. wird ein User im LDAP Verzeichnis gelöscht oder deaktiviert, klappt die Anmeldung an OTRS nicht. Ebenfalls müssen die Daten für einen Agenten weiterhin direkt im LDAP Verzeichnis gepflegt werden.
# defines AuthSyncBackend (AuthSyncModule) for AuthModule # if this key exists and is empty, there won't be a sync. # example values: AuthSyncBackend, AuthSyncBackend2 $Self->{'AuthModule::UseSyncBackend'} = 'AuthSyncBackend'; # agent data sync against ldap $Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP'; $Self->{'AuthSyncModule::LDAP::Host'} = 'ldap://ldap.example.com/'; $Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=otrs, dc=org'; $Self->{'AuthSyncModule::LDAP::UID'} = 'uid'; $Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'uid=sys, ou=user, dc=otrs, dc=org'; $Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'some_pass'; $Self->{'AuthSyncModule::LDAP::UserSyncMap'} = { # DB -> LDAP UserFirstname => 'givenName', UserLastname => 'sn', UserEmail => 'mail', }; [...] # AuthSyncModule::LDAP::UserSyncInitialGroups # (sync following group with rw permission after initial create of first agent # login) $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [ 'users', ];
Skript: Synchronisation der Benutzerdaten aus dem LDAP-Verzeichnis in die OTRS-Datenbank.
Alternatively, you can use LDAP groups to determine group memberships or
roles in OTRS. For more information and examples, see
Kernel/Config/Defaults.pm
. Here is an example for
synchronizing from LDAP into OTRS groups.
# Attributes needed for group syncs # (attribute name for group value key) $Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'memberUid'; # (select the attribute for type of group content UID/DN for full ldap name) # $Self->{'AuthSyncModule::LDAP::UserAttr'} = 'UID'; # $Self->{'AuthSyncModule::LDAP::UserAttr'} = 'DN'; AuthSyncModule::LDAP::UserSyncGroupsDefinition # (If "LDAP" was selected for AuthModule and you want to sync LDAP # groups to otrs groups, define the following.) $Self->{'AuthSyncModule::LDAP::UserSyncGroupsDefinition'} = { # your ldap group 'cn=agent,o=otrs' => { # otrs group(s) 'admin' => { # permission rw => 1, ro => 1, }, 'faq' => { rw => 0, ro => 1, }, }, 'cn=agent2,o=otrs' => { 'users' => { rw => 1, ro => 1, }, } };
If you want to implement a "single sign on" solution for all your agents, you can use HTTP basic authentication (for all your systems) and the HTTPBasicAuth module for OTRS (see Example below).
Beispiel 4.14. Agentenauthentifizierung über HTTPBasic
# This is an example configuration for an apache ($ENV{REMOTE_USER}) # auth. backend. Use it if you want to have a singe login through # apache http-basic-auth $Self->{'AuthModule'} = 'Kernel::System::Auth::HTTPBasicAuth'; # Note: # # If you use this module, you should use as fallback # the following configuration settings if the user is not authorized # apache ($ENV{REMOTE_USER}) $Self->{LoginURL} = 'http://host.example.com/not-authorised-for-otrs.html'; $Self->{LogoutURL} = 'http://host.example.com/thanks-for-using-otrs.html';
The configuration parameters shown in Example below can be used to authenticate agents against a Radius server.
Beispiel 4.15. Agentenauthentifizierung gegen ein Radius-Backend
# This is example configuration to auth. agents against a radius server $Self->{'AuthModule'} = 'Kernel::System::Auth::Radius'; $Self->{'AuthModule::Radius::Host'} = 'radiushost'; $Self->{'AuthModule::Radius::Password'} = 'radiussecret';
The default user authentication backend for customers in OTRS is the OTRS database. With this backend, all customer data can be edited via the web interface of OTRS (see Example below).
Beispiel 4.16. Kundenauthentifizierung gegen ein Datenbank-Backend
# This is the auth. module against the otrs db $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::DB'; $Self->{'Customer::AuthModule::DB::Table'} = 'customer_user'; $Self->{'Customer::AuthModule::DB::CustomerKey'} = 'login'; $Self->{'Customer::AuthModule::DB::CustomerPassword'} = 'pw'; #$Self->{'Customer::AuthModule::DB::DSN'} = "DBI:mysql:database=customerdb;host=customerdbhost"; #$Self->{'Customer::AuthModule::DB::User'} = "some_user"; #$Self->{'Customer::AuthModule::DB::Password'} = "some_password";
If you have an LDAP directory with all your customer data, you can use the LDAP module to authenticate your customers to OTRS (see Example below). Because this module has only read-access to the LDAP backend, it is not possible to edit the customer data via the OTRS web interface.
Beispiel 4.17. Kundenauthentifizierung gegen ein LDAP Backend
# This is an example configuration for an LDAP auth. backend. # (make sure Net::LDAP is installed!) $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self->{'Customer::AuthModule::LDAP::Host'} = 'ldap.example.com'; $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=example,dc=com'; $Self->{'Customer::AuthModule::LDAP::UID'} = 'uid'; # Check if the user is allowed to auth in a posixGroup # (e. g. user needs to be in a group xyz to use otrs) $Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'cn=otrsallow,ou=posixGroups,dc=example,dc=com'; $Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'memberUid'; # for ldap posixGroups objectclass (just uid) $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID'; # for non ldap posixGroups objectclass (full user dn) #$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN'; # The following is valid but would only be necessary if the # anonymous user does NOT have permission to read from the LDAP tree $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = ''; $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = ''; # in case you want to add always one filter to each ldap query, use # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)' $Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = ''; # in case you want to add a suffix to each customer login name, then # you can use this option. e. g. user just want to use user but # in your ldap directory exists user@domain.com #$Self->{'Customer::AuthModule::LDAP::UserSuffix'} = '@domain.com'; # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP) $Self->{'Customer::AuthModule::LDAP::Params'} = { port => 389, timeout => 120, async => 0, version => 3, };
If you want to implement a "single sign on" solution for all your customer users, you can use HTTPBasic authentication (for all your systems) and use the HTTPBasicAuth module with OTRS (no login is needed with OTRS any more). See Example below.
Beispiel 4.18. Kundenauthentifizierung über HTTPBasic
# This is an example configuration for an apache ($ENV{REMOTE_USER}) # auth. backend. Use it if you want to have a singe login through # apache http-basic-auth $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::HTTPBasicAuth'; # Note: # If you use this module, you should use the following # config settings as fallback, if user isn't login through # apache ($ENV{REMOTE_USER}) $Self->{CustomerPanelLoginURL} = 'http://host.example.com/not-authorised-for-otrs.html'; $Self->{CustomerPanelLogoutURL} = 'http://host.example.com/thanks-for-using-otrs.html';
The settings shown in Example below can be used to authenticate your customers against a Radius server.
Beispiel 4.19. Kundenauthentifizierung gegen ein Radius-Backend
# This is a example configuration to auth. customer against a radius server $Self->{'Customer::AuthModule'} = 'Kernel::System::Auth::Radius'; $Self->{'Customer::AuthModule::Radius::Host'} = 'radiushost'; $Self->{'Customer::AuthModule::Radius::Password'} = 'radiussecret';
Es ist möglich, die Kunden-Selbstregistrierung für neue Kunden über "customer.pl" anzupassen. Somit können Sie mehr optionale oder benötigte Felder (z. B. Adresse, Ort, Telefonnummer) hinzufügen.
In folgenden Beispiel wird ein benötigtes Feld für die Raumnummer hinzugefügt.
To display the new field for the room number in the customer.pl web
interface, the .tt file responsible for the layout in this interface has to
be modified. Edit the
Kernel/Output/HTML/Templates/Standard/CustomerLogin.tt
file, adding the new field around line 130 (see Script below).
[...] <div class="NewLine"> <label for="Room">[% Translate("Room{CustomerUser}") | html %]</label> <input title="[% Translate("Room Number") | html %]" name="Room" type="text" id="UserRoom" maxlength="50" /> </div> [...]
Skript: Anzeigen eines neuen Feldes in der Weboberfläche.
Zusätzlich muss das Kunden-Mapping um den Eintrag für die Raumnummer
erweitert werden. Dazu werden zuerst die Einstellungen für "CustomerUser"
aus der Datei Kernel/Config/Defaults.pm
in die Datei
Kernel/Config.pm
übertragen. Anschließend wird das
Kunden-Mapping um das Raumnummer-Feld erweitert.
# CustomerUser # (customer database backend and settings) $Self->{CustomerUser} = { Name => 'Database Backend', Module => 'Kernel::System::CustomerUser::DB', Params => { # if you want to use an external database, add the # required settings # DSN => 'DBI:odbc:yourdsn', # Type => 'mssql', # only for ODBC connections # DSN => 'DBI:mysql:database=customerdb;host=customerdbhost', # User => '', # Password => '', Table => 'customer_user', }, # customer unique id CustomerKey => 'login', # customer # CustomerID => 'customer_id', CustomerValid => 'valid_id', CustomerUserListFields => ['first_name', 'last_name', 'email'], # CustomerUserListFields => ['login', 'first_name', 'last_name', 'customer_id', 'email'], CustomerUserSearchFields => ['login', 'last_name', 'customer_id'], CustomerUserSearchPrefix => '', CustomerUserSearchSuffix => '*', CustomerUserSearchListLimit => 250, CustomerUserPostMasterSearchFields => ['email'], CustomerUserNameFields => ['title', 'first_name', 'last_name'], CustomerUserEmailUniqCheck => 1, # # show not own tickets in customer panel, CompanyTickets # CustomerUserExcludePrimaryCustomerID => 0, # # generate auto logins # AutoLoginCreation => 0, # AutoLoginCreationPrefix => 'auto', # # admin can change customer preferences # AdminSetPreferences => 1, # # cache time to live in sec. - cache database queries # CacheTTL => 0, # # just a read only source # ReadOnly => 1, Map => [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly, http-link-target [ 'UserTitle', 'Title', 'title', 1, 0, 'var', '', 0 ], [ 'UserFirstname', 'Firstname', 'first_name', 1, 1, 'var', '', 0 ], [ 'UserLastname', 'Lastname', 'last_name', 1, 1, 'var', '', 0 ], [ 'UserLogin', 'Username', 'login', 1, 1, 'var', '', 0 ], [ 'UserPassword', 'Password', 'pw', 0, 0, 'var', '', 0 ], [ 'UserEmail', 'Email', 'email', 1, 1, 'var', '', 0 ], [ 'UserCustomerID', 'CustomerID', 'customer_id', 0, 1, 'var', '', 0 ], [ 'UserPhone', 'Phone', 'phone', 1, 0, 'var', '', 0 ], [ 'UserFax', 'Fax', 'fax', 1, 0, 'var', '', 0 ], [ 'UserMobile', 'Mobile', 'mobile', 1, 0, 'var', '', 0 ], [ 'UserRoom', 'Room', 'room', 1, 0, 'var', '', 0 ], [ 'UserStreet', 'Street', 'street', 1, 0, 'var', '', 0 ], [ 'UserZip', 'Zip', 'zip', 1, 0, 'var', '', 0 ], [ 'UserCity', 'City', 'city', 1, 0, 'var', '', 0 ], [ 'UserCountry', 'Country', 'country', 1, 0, 'var', '', 0 ], [ 'UserComment', 'Comment', 'comments', 1, 0, 'var', '', 0 ], [ 'ValidID', 'Valid', 'valid_id', 0, 1, 'int', '', 0 ], ], # default selections Selections => { UserTitle => { 'Mr.' => 'Mr.', 'Mrs.' => 'Mrs.', }, }, };
Skript: Anpassung des MAP-Arrays.
Abschließend muss eine neue Spalte zur "customer_user" Tabelle in der OTRS Datenbank hinzugefügt werden, in der die Raumnummer gespeichert werden kann.
linux:~# mysql -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 6 to server version: 5.0.18-Debian_7-log Type 'help;' or '\h' for help. Type '\c' to clear the buffer. mysql> use otrs; Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed mysql> ALTER TABLE customer_user ADD room VARCHAR (200); Query OK, 3 rows affected (0.01 sec) Records: 3 Duplicates: 0 Warnings: 0 mysql> quit Bye linux:~#
Skript: Hinzufügen einer neuen Spalte zur Tabelle customer_user.
Now the new field for the room should be displayed in the Customer Information panel if filled, and in the Customer User administration screens. Also, new customers should have to insert their room number if they register a new account.