LDAP setup in v.3.3

netjess · Post by **netjess** » 18 Jun 2014, 00:12

Hello,

I had set up OTRS version 3.1 at a former workplace. I am trying to setup version 3.3 from the most recent download and I cannot get LDAP/AD to let me log in. The best I was able to get was an error that stated that the username authenticated but there was no entry in the database.
Was there a complete change in the way that it handles LDAP integration? in the 3.1 setup it created the account on login and then I could promote users to Agents after their initial login.

I am also wondering why do all of the guides direct you to edit the Config.pm when there is an area in the gui under SysConfig > Framework > Framework::Customer::Auth

I've tried about four different suggested configurations to get LDAP auth and import to DB working but no love.

My current Congig.pm

Code: Select all

package Kernel::Config;

use strict;
use warnings;
use utf8;

sub Load {
    my $Self = shift;

    # ---------------------------------------------------- #
    # database settings                                    #
    # ---------------------------------------------------- #

    # The database host
    $Self->{'DatabaseHost'} = '127.0.0.1';

    # The database name
    $Self->{'Database'} = "otrs";

    # The database user
    $Self->{'DatabaseUser'} = "otrs";

    # The password of database user. You also can use bin/otrs.CryptPassword.pl
    # for crypted passwords
    $Self->{'DatabasePw'} = 'dbPassword';

    # The database DSN for MySQL ==> more: "perldoc DBD::mysql"
    $Self->{'DatabaseDSN'} = "DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost}";

    # The database DSN for PostgreSQL ==> more: "perldoc DBD::Pg"
    # if you want to use a local socket connection
#    $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};";
    # if you want to use a TCP/IP connection
#    $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};host=$Self->{DatabaseHost};";
    # if you have PostgresSQL 8.1 or earlier, activate the legacy driver with this line:
#    $Self->{DatabasePostgresqlBefore82} = 1;

    # The database DSN for Microsoft SQL Server - only supported if OTRS is
    # installed on Windows as well
#    $Self->{DatabaseDSN} = "DBI:ODBC:driver={SQL Server};Database=$Self->{Database};Server=$Self->{DatabaseHost},1433";

    # The database DSN for Oracle ==> more: "perldoc DBD::oracle"
#    $ENV{ORACLE_HOME} = '/u01/app/oracle/product/10.2.0/client_1';
#    $ENV{NLS_DATE_FORMAT} = 'YYYY-MM-DD HH24:MI:SS';
#    $ENV{NLS_LANG} = "american_america.utf8";

#    $Self->{DatabaseDSN} = "DBI:Oracle:sid=OTRS;host=$Self->{DatabaseHost};port=1522;";

    # ---------------------------------------------------- #
    # fs root directory
    # ---------------------------------------------------- #
    $Self->{Home} = '/opt/otrs';

    # ---------------------------------------------------- #
    # insert your own config settings "here"               #
    # config settings taken from Kernel/Config/Defaults.pm #
    # ---------------------------------------------------- #
    # $Self->{SessionUseCookie} = 0;
    # $Self->{CheckMXRecord} = 0;

    # ---------------------------------------------------- #

    # ---------------------------------------------------- #
    # data inserted by installer                           #
    # ---------------------------------------------------- #
    # $DIBI$
#--------------------------------------------------------#
# Start Own Config
#--------------------------------------------------------#
 # AUTH
   $Self->{'AuthModule1'} = 'Kernel::System::Auth::DB';

   $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
   $Self->{'AuthModule::LDAP::Host'} = 'mv-dc2.mercer.local';
   $Self->{'AuthModule::LDAP::BaseDN'} = 'ou=Employees,dc=mercer,dc=local';
   $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';

   $Self->{'AuthModule::LDAP::SearchUserDN'} = 'ldapbind@mercer.local';
   $Self->{'AuthModule::LDAP::SearchUserPw'} = 'superPassword';

   $Self->{'AuthModule::UseSyncBackend'} = 'AuthSyncBackend';
   $Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';
   $Self->{'AuthSyncModule::LDAP::Host'} = 'mv-dc2.mercer.local';
   $Self->{'AuthSyncModule::LDAP::BaseDN'} = 'ou=Employees,dc=mercer,dc=local';
   $Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'ldapbind@mercer.local';
   $Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'superPassword';
   $Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';
   $Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
   # DB -> LDAP
   UserFirstname => 'givenName',
   UserLastname => 'sn',
   UserEmail => 'mail',
   CustomerID => 'objectGUID',
   };
# ---------------------------------------------------- #
# end of your own config options!!!                    #
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# needed system stuff (don't edit this)                #
# ---------------------------------------------------- #
}
use base qw(Kernel::Config::Defaults);
# -----------------------------------------------------#
1;

netjess · Post by **netjess** » 18 Jun 2014, 00:16

Here is what happens when I try to login.

root@mv-web01:/opt/otrs/Kernel# tail -f /var/log/apache2/error.log
Module: ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_index_2epl::handler (unknown version) Line: 41
Module: (eval) (v1.99) Line: 206
Module: ModPerl::RegistryCooker::run (v1.99) Line: 206
Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 172
Module: ModPerl::Registry::handler (v1.99) Line: 31

[Tue Jun 17 16:56:31 2014] ZZZAAuto.pm: Subroutine Load redefined at /opt/otrs/Kernel/Config/Files/ZZZAAuto.pm line 7.
[Tue Jun 17 17:09:30.401783 2014] [mpm_prefork:notice] [pid 3293] AH00169: caught SIGTERM, shutting down
[Tue Jun 17 17:09:32.673217 2014] [mpm_prefork:notice] [pid 4434] AH00163: Apache/2.4.6 (Ubuntu) PHP/5.5.3-1ubuntu2.3 mod_perl/2.0.8 Perl/v5.14.2 configured -- resuming normal operations
[Tue Jun 17 17:09:32.673276 2014] [core:notice] [pid 4434] AH00094: Command line: '/usr/sbin/apache2'
ERROR: OTRS-CGI-48 Perl: 5.14.2 OS: linux Time: Tue Jun 17 17:09:55 2014

Message: No UserID found for 'jcain'!

RemoteAddress: 10.1.2.53
RequestURI: /otrs/index.pl

Traceback (4439):
Module: Kernel::System::User::UserLookup (OTRS 3.3.x git) Line: 834
Module: Kernel::System::Auth::Sync::LDAP::Sync (OTRS 3.3.x git) Line: 196
Module: Kernel::System::Auth::Auth (OTRS 3.3.x git) Line: 198
Module: Kernel::System::Web::InterfaceAgent::Run (OTRS 3.3.x git) Line: 206
Module: ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_index_2epl::handler (unknown version) Line: 41
Module: (eval) (v1.99) Line: 206
Module: ModPerl::RegistryCooker::run (v1.99) Line: 206
Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 172
Module: ModPerl::Registry::handler (v1.99) Line: 31

ERROR: OTRS-CGI-48 Perl: 5.14.2 OS: linux Time: Tue Jun 17 17:09:55 2014

Message: Need UserEmail!

RemoteAddress: 10.1.2.53
RequestURI: /otrs/index.pl

Traceback (4439):
Module: Kernel::System::User::UserAdd (OTRS 3.3.x git) Line: 387
Module: Kernel::System::Auth::Sync::LDAP::Sync (OTRS 3.3.x git) Line: 264
Module: Kernel::System::Auth::Auth (OTRS 3.3.x git) Line: 198
Module: Kernel::System::Web::InterfaceAgent::Run (OTRS 3.3.x git) Line: 206
Module: ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_index_2epl::handler (unknown version) Line: 41
Module: (eval) (v1.99) Line: 206
Module: ModPerl::RegistryCooker::run (v1.99) Line: 206
Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 172
Module: ModPerl::Registry::handler (v1.99) Line: 31

ERROR: OTRS-CGI-48 Perl: 5.14.2 OS: linux Time: Tue Jun 17 17:09:55 2014

Message: Can't create user 'jcain' (CN=Jesse,OU=Oklahoma City,OU=OK,OU=Employees,DC=mercer,DC=local) in RDBMS!

RemoteAddress: 10.1.2.53
RequestURI: /otrs/index.pl

Traceback (4439):
Module: Kernel::System::Auth::Sync::LDAP::Sync (OTRS 3.3.x git) Line: 273
Module: Kernel::System::Auth::Auth (OTRS 3.3.x git) Line: 198
Module: Kernel::System::Web::InterfaceAgent::Run (OTRS 3.3.x git) Line: 206
Module: ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_index_2epl::handler (unknown version) Line: 41
Module: (eval) (v1.99) Line: 206
Module: ModPerl::RegistryCooker::run (v1.99) Line: 206
Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 172
Module: ModPerl::Registry::handler (v1.99) Line: 31

ERROR: OTRS-CGI-48 Perl: 5.14.2 OS: linux Time: Tue Jun 17 17:09:55 2014

Message: No UserID found for 'jcain'!

RemoteAddress: 10.1.2.53
RequestURI: /otrs/index.pl

Traceback (4439):
Module: Kernel::System::User::UserLookup (OTRS 3.3.x git) Line: 834
Module: Kernel::System::Auth::Auth (OTRS 3.3.x git) Line: 221
Module: Kernel::System::Web::InterfaceAgent::Run (OTRS 3.3.x git) Line: 206
Module: ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_index_2epl::handler (unknown version) Line: 41
Module: (eval) (v1.99) Line: 206
Module: ModPerl::RegistryCooker::run (v1.99) Line: 206
Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 172
Module: ModPerl::Registry::handler (v1.99) Line: 31

ERROR: OTRS-CGI-48 Perl: 5.14.2 OS: linux Time: Tue Jun 17 17:09:55 2014

Message: No UserID found for 'jcain'!

RemoteAddress: 10.1.2.53
RequestURI: /otrs/index.pl

Traceback (4439):
Module: Kernel::System::User::UserLookup (OTRS 3.3.x git) Line: 834
Module: Kernel::System::Auth::Auth (OTRS 3.3.x git) Line: 293
Module: Kernel::System::Web::InterfaceAgent::Run (OTRS 3.3.x git) Line: 206
Module: ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_index_2epl::handler (unknown version) Line: 41
Module: (eval) (v1.99) Line: 206
Module: ModPerl::RegistryCooker::run (v1.99) Line: 206
Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 172
Module: ModPerl::Registry::handler (v1.99) Line: 31

Post by **crythias** » 18 Jun 2014, 03:11

I wrote this

netjess wrote:I am also wondering why do all of the guides direct you to edit the Config.pm when there is an area in the gui under SysConfig > Framework > Framework::Customer::Auth

What do you want? Customer Auth (customer.pl) or Agent Auth (index.pl)? In any case, I'm not a fan of the gui interface...

Your config ...
$Self->{'AuthModule1'} = 'Kernel::System::Auth::DB';
eh. no clue. ok.

CustomerID => 'objectGUID',
I don't know why agents have or should need a customerID. they're only going to have the first three things to sync here.

Need also this:
$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
'users',
];

netjess · Post by **netjess** » 18 Jun 2014, 15:59

I would like to auth both Customers and Agents.
the previous LDAP config I pulled from an old post that said he had gotten it working viewtopic.php?f=62&t=6616

The section "$Self->{'AuthModule1'} = 'Kernel::System::Auth::DB';" was supposed to enable using both DB and LDAP auth, I presume by differentiating AuthModule and AuthModule1.

I have changed my config trying the following.

Code: Select all

#--------------------------------------------------------#
# Start Own Config
#--------------------------------------------------------#
#Enable LDAP authentication for Customers / Users
  $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
  $Self->{'Customer::AuthModule::LDAP::Host'} = 'mv-dc2.mercer.local';
  $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=Employees,dc=mercer,dc=local';
  $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';

#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
  $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'ldapbind';
  $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'superPassword';

#CustomerUser
#(customer user database backend and settings)
    $Self->{CustomerUser} = {
      Module => 'Kernel::System::CustomerUser::LDAP',
      Params => {
      Host => 'mv-dc2.mercer.local',
      BaseDN => 'ou=Employees,dc=mercer,dc=local',
      SSCOPE => 'sub',
      UserDN =>'ldapbind',
      UserPw => 'superPassword',
    },
# customer unique id
    CustomerKey => 'sAMAccountName',
    # customer #
    CustomerID => 'objectGUID',
    CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserSearchPrefix => '',
    CustomerUserSearchSuffix => '*',
    CustomerUserSearchListLimit => 250,
    CustomerUserPostMasterSearchFields => ['mail'],
    CustomerUserNameFields => ['givenname', 'sn'],
    Map => [
      # note: Login, Email and CustomerID needed!
      # var, frontend, storage, shown, required, storage-type
      #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
      [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
      [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
      [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
      [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
      [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
      [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
      #[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
      #[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
    ],
  };
$Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
'users',
];
# ---------------------------------------------------- #
# end of your own config options!!!                    #
# ---------------------------------------------------- #

I try to log into the customer.pl and I get this in syslog:
Jun 18 08:50:13 mv-web01 OTRS-CGI-48[19667]: [Notice][Kernel::System::Auth::DB::Auth] User: jcain doesn't exist or is invalid!!! (REMOTE_ADDR: 10.1.2.53)
Jun 18 08:50:13 mv-web01 OTRS-CGI-48[19667]: [Error][Kernel::System::User::UserLookup][Line:834]: No UserID found for 'jcain'!
Jun 18 08:51:07 mv-web01 OTRS-CGI-48[19668]: [Notice][Kernel::System::CustomerAuth::LDAP::Auth] CustomerUser: jcain@mercer.local authentication failed, no LDAP entry found!BaseDN='ou=Employees,dc=mercer,dc=local', Filter='(&(sAMAccountName=jcain@mercer.local)(objectclass=user))', (REMOTE_ADDR: 10.1.2.53).

It doesn't seem to be searching recursively. I thought that was what the parameter SSCOPE => 'sub' was supposed to handle?

Post by **crythias** » 18 Jun 2014, 16:20

Jun 18 08:50:13 mv-web01 OTRS-CGI-48[19667]: [Notice][Kernel::System::Auth::DB::Auth] User: jcain doesn't exist or is invalid!!! (REMOTE_ADDR: 10.1.2.53)
reasonable. it's looking at a database and can't find it. this is agent, not customer

Jun 18 08:50:13 mv-web01 OTRS-CGI-48[19667]: [Error][Kernel::System::User::UserLookup][Line:834]: No UserID found for 'jcain'!
fair enough, it's not in (agent)

Jun 18 08:51:07 mv-web01 OTRS-CGI-48[19668]: [Notice][Kernel::System::CustomerAuth::LDAP::Auth] CustomerUser: jcain@mercer.local authentication failed, no LDAP entry found!BaseDN='ou=Employees,dc=mercer,dc=local', Filter='(&(sAMAccountName=jcain@mercer.local)(objectclass=user))', (REMOTE_ADDR: 10.1.2.53).
likely true, sAMAccountNames represent logins, and don't necessary reflect principal names.

netjess · Post by **netjess** » 18 Jun 2014, 21:47

crythias,
Thank you for the direction.
I have it working now with the following configuration.
A couple of things though, It does not auto populate the agent accounts but if I manually create them in the GUI they can log in and work just fine.
Also, it populated the "Customer User" data but without the CustomerID attribute. Is there a way to get it to re-sync or to remove those account and get them recreated?

Code: Select all

#--------------------------------------------------------#
# Start Own Config
#--------------------------------------------------------#
$Self->{'AuthModule1'} = 'Kernel::System::Auth::DB';
#Enable LDAP authentication for Customers / Users
  $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
  $Self->{'Customer::AuthModule::LDAP::Host'} = 'mv-dc2.mercer.local';
  $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=Employees,dc=mercer,dc=local';
  $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';

#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
  $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'ldapbind@mercer.local';
  $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'superPassword';

#CustomerUser
#(customer user database backend and settings)
    $Self->{CustomerUser} = {
      Module => 'Kernel::System::CustomerUser::LDAP',
      Params => {
      Host => 'mv-dc2.mercer.local',
      BaseDN => 'ou=Employees,dc=mercer,dc=local',
      SSCOPE => 'sub',
      UserDN =>'ldapbind@mercer.local',
      UserPw => 'superPassword',
    },
# customer unique id
    CustomerKey => 'sAMAccountName',
    # customer #
    CustomerID => 'sAMAccountName',
    CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserSearchPrefix => '',
    CustomerUserSearchSuffix => '*',
    CustomerUserSearchListLimit => 250,
    CustomerUserPostMasterSearchFields => ['mail'],
    CustomerUserNameFields => ['givenname', 'sn'],
    Map => [
      # note: Login, Email and CustomerID needed!
      # var, frontend, storage, shown, required, storage-type
      #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
      [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
      [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
      [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
      [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
      [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
      [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
      #[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
      #[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
    ],
  };
#Enable LDAP authentication for Agent / Users
  $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
  $Self->{'AuthModule::LDAP::Host'} = 'mv-dc2.mercer.local';
  $Self->{'AuthModule::LDAP::BaseDN'} = 'ou=Employees,dc=mercer,dc=local';
  $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';

#The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
  $Self->{'AuthModule::LDAP::SearchUserDN'} = 'ldapbind@mercer.local';
  $Self->{'AuthModule::LDAP::SearchUserPw'} = 'superPassword';

# UserSyncLDAPMap
# (map if agent should create/synced from LDAP to DB after login)
    $Self->{UserSyncLDAPMap} = {
        # DB -> LDAP
        UserFirstname => 'givenName',
        UserLastname => 'sn',
        UserEmail => 'mail',
    };

# UserSyncLDAPGroups
# (If "LDAP" was selected for AuthModule, you can specify
# initial user groups for first login.)
    $Self->{UserSyncLDAPGroups} = [
        'users',
    ];

# UserTable
    $Self->{DatabaseUserTable} = 'users';
    $Self->{DatabaseUserTableUserID} = 'id';
    $Self->{DatabaseUserTableUserPW} = 'pw';
    $Self->{DatabaseUserTableUser} = 'login';

#Add the following lines when only users are allowed to login if they reside in the spicified security group
#Remove these lines if you want to provide login to all users specified in the User Base DN
  $Self->{'AuthModule::LDAP::GroupDN'} ='CN=ITDept,OU=IT,OU=Oklahoma City,OU=OK,OU=Employees,DC=mercer,DC=local';
  $Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
  $Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
  $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [
'users',
];
# ---------------------------------------------------- #
# end of your own config options!!!                    #
# ---------------------------------------------------- #

Post by **crythias** » 20 Jun 2014, 13:57

LDAP for customers is a direct query, not a sync.

netjess · Post by **netjess** » 21 Jun 2014, 05:23

So is CustomerID not a required ?
What is the difference between "customer users" and just "customers"?

Post by **crythias** » 21 Jun 2014, 12:47

netjess wrote:It does not auto populate the agent accounts but if I manually create them in the GUI they can log in and work just fine.

This should be handled through AuthSync.

Code: Select all

    $Self->{'AuthModule::UseSyncBackend'} = 'AuthSyncBackend';

netjess wrote:Also, it populated the "Customer User" data but without the CustomerID attribute. Is there a way to get it to re-sync or to remove those account and get them recreated?

if no mail, it won't populate:

Code: Select all

      [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],

(or change 'mail' to 'sAMAccountname' if you want)

netjess wrote:So is CustomerID not a required ?

It's required

netjess wrote:What is the difference between "customer users" and just "customers"?

Depends on context. But Customer::AuthModule seems to indicate authentication, right?
CustomerUser is demographics. They are purposefully separate. Demographics means anything not user/password.
Read the link posted originally, and also viewtopic.php?f=60&t=7531 (plus my "Need Help" link.)

Znuny Open Source Ticketsystem

LDAP setup in v.3.3

LDAP setup in v.3.3

Re: LDAP setup in v.3.3

Re: LDAP setup in v.3.3

Re: LDAP setup in v.3.3

Re: LDAP setup in v.3.3

Re: LDAP setup in v.3.3

Re: LDAP setup in v.3.3

Re: LDAP setup in v.3.3

Re: LDAP setup in v.3.3