LDAP auth not working with OTRS version 2.4.9

[sidnei]

hello,

i've tried to configure active directory authentication in my 2.4.9 version of otrs, but had no success.
i got error "incorrect login - user name or password incorrect" both in agent or customer frontends.

so, i've searched this forum and some other resources on the web, and found that many others had the same problem i am facing now, but any of them could find out a solution that puts orts to work as it should.

i wonder if there is really any possibility of authenticating otrs with windows active directory users. any one could tell me if it worked and perhaps could help me to get into the light path?

i am able to provide config files and error-log to anyone that could help me.

thanks a lot for any valuable help on this.
sidnei

[Wolfgangf]

Sidnei,

it is definitelly working (I'm using this combination: otrs, active directory)

My tipp would be searching this forum for LDAP OTRS, there is a lot of good howtos ...
it all begins by installing the Net::LDAP perl module and ends with setting the values in <OTRS_HOME>/Kernel/Config.pm

Also have a look at the documentation, it's well described here
http://doc.otrs.org/2.4/en/html/c1782.html
this covers costumers + agents

Hope this helps

[sidnei]

Sidnei,

it is definitelly working (I'm using this combination: otrs, active directory)

My tipp would be searching this forum for LDAP OTRS, there is a lot of good howtos ...
it all begins by installing the Net::LDAP perl module and ends with setting the values in <OTRS_HOME>/Kernel/Config.pm

Also have a look at the documentation, it's well described here
http://doc.otrs.org/2.4/en/html/c1782.html
this covers costumers + agents

Hope this helps

hi wolfgang,

although i was already searched and read dozens of pages, the one you sent is perfect.
thanks a lot for the document link. it helped me into get it working.

just for the info, i was making a mistake between "uid" and "sAMAccountName", and also was using "DN" where i should use "CN"
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::UserAttr'} = 'CN';

but, now otrs database is populated with not only persons, but all domain objects. i guess this is where i should treat this:
# add an ldap filter for valid users (expert setting)
# CustomerUserValidFilter => '(!(description=locked))',

i will now search how to use this, and if i don't find i will submit another post.

thanks again, regards from brazil
sidnei

[Wolfgangf]

Hi!
I'm handling this by filtering on a valid e-mail address

Code: Select all

    # in case you want to add always one filter to each ldap query, use
    # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
# -->
    $Self->{'AuthModule::LDAP::AlwaysFilter'} =  '(&(objectclass=user)(mail=*))';

in all LDAP sources (Customers and agents)

BR