Solved: how to set organisations for customers based on an LDAP-Attribute

Technical assistance
1

Infos:

  • Used Zammad version: 6.0.0-1689022706.43799676.focal and earlier
  • Used Zammad installation type: source

Expected behavior:

  • I searched for a good way to import our internal customers (e.g. department facility, human resources, marketing, …) via LDAP-Sync and connect them to organisations (e.g. departments) so that every department user sees his department tickets.
  • after LDAP-Sync all imported customers should be linked to one or more organisations (depending on their LDAP attributes)

Actual behavior:

  • I found no way doing this within the configuration of the LDAP-Modules (by the way: I really like the look and feel of the LDAP-Module right now - e.g. the group mapping is done very smart)
  • the possibility to use the mail domains to identify departments does not work for me because all departments share the same mail domain.

Solution

  • To get this done I wrote a litte python script (please pm - if you are interested) using the api REST endpoint of Zammad
  • before that I imported the Mapping-relevant LDAP-attributes to the Customer objects (via LDAP-Sync). e.g. a new field: “ldap-organisation” (Textfield) from Active Directory. (multiple fields are possible)
  • now my script checks, if this Textfield contains some values - if not: the user gets mapped to an non sharing Organisation “personal” (manually created).
  • if there is something in the field “ldap-organisation” e.g. “Department HR” the script cecks for an existing company named “Department HR” (at this point the can be any mapping you can imagine :slight_smile: )
  • if found: the customer gets linked to that company
  • additionally the customer is linked to a secondary organisation called “personal”.
  • Newly created Tickets e.g. from “customer A” (working in “Department HR”) can be created as Tickets from his primary organisation (default: “Department HR”) or from any of his additional companies (e.g. “personal”).
  • again: personal is a non sharing organisation so nobody sees the Tickets neither answers to personal tickets but everyone in the HR-Department sees the HR-Tickets.
  • all organisations have to be created manually or via script if required in the future.
  • the script only affects customers if their ldap “special organisation attribute” is set and if there has been a change in this attribute so that actual company and “special organisation attribute” do not match.
  • the script runs multiple times a day (possible to run it on the zammad machine via cronjob)

Best regards
Christoph

This Topic refers to some closed tickets:
Import LDAP users to organisations based on “department” field - Feature requests - Zammad - Community
Association of customers to organization based on ldap - Feature requests - Zammad - Community
Organisation Mapping after LDAP Sync - Technical assistance - Zammad - Community

1 Like