Agent Authentication with LDAP failing

[johnsonua]

We initially set up our instance of OTRS with LDAP authentication for agents against the built-in Domain Admins group in our domain. Recently we've needed to expand the number of agents beyond that, so I created a new group OTRS-Agents and added everyone to them.

But when I changed Config.pm to point to the new group, no one could log in. I"ve checked and rechecked the dn of the group and it it correct.


in
#------------------------------------------------------#
# Agent LDAP Authentication Settings #
#------------------------------------------------------#

$Self->{'AuthModule::LDAP::GroupDN'} = 'cn=Domain Admins,cn=Users,dc=xxx,dc=xxx,dc=xxx,dc=xxx'; <----works

$Self->{'AuthModule::LDAP::GroupDN'} = 'cn=OTRS-Agents,cn=OTRS,cn=Security,cn=PharmGroups,dc=xxx,dc=xxx,dc=xxx,dc=xxx'; <---does not work

(This is from my current Config.pm, I commented out the Domain Admins line to test the new group.)

I've long used other perl scripts using the same Net::LDAP and Net::LDAP::Util modules to accomplish a variety of authentication and search functions with AD using the same search user and PW as OTRS does and a script searching for a member of that group works as expected.

Do I have to change something in the database as well? From my understanding, Config.pm is parsed last after startup and should over-ride anything in the db.

[root]

Hi Bruce,

Are the agents direct member of OTRS-Agents or did you added a group to this group?

- Roy

[johnsonua]

Direct members

[root]

Hi,

There are no changes anywhere in the database needed. Please set the SysConfig MinimumLogLevel to debug, try again and check the log. Also the complete configuration would be helpful.

- Roy

[johnsonua]

Sorry for the long delay in the response (I have way too many hats to wear!)

I didn't see anything in the logs, but when I moved the AD group from the OU it was in to cn=Users,dn=my,dn=domain,dn=tld it worked.

[root]

Hi,

What's your BaseDN?

- Roy