hi List!
i´ve succesfully configured Kerberos Single Sign On with Apache 2.2 and
mod_auth_kerb on Linux and Microsoft ActiveDirectory with OTRS
HTTPBasicAuth.
It works fine - our Customers / Agents don´t have to logon manually,
they get authenticated automagically by Internet Explorer. Only the Agents
have to be created before in the OTRS System, Customer Attributes are
synchronized via LDAP. Feel free to ask me, if you have more questions
about this configuration...
A Problem was that the Username is passed as " [EMAIL PROTECTED] " from
the mod_auth_kerb modul.
So when a customer is authenticated as [EMAIL PROTECTED] you want to
use samAccountName as customer-id, you have to cut off the @DOMAIN.COM from
the username. Instead of using samAccountName as customer-id mapping you
also can use "userPrincipalName" which would be in the [EMAIL PROTECTED]
Format..
for some strange reasons we have to use samAccountName and we can set:
$Self->{'AuthModule::HTTPBasicAuth::Replace'} ='@DOMAIN.COM;
$Self->{'Customer::AuthModule::HTTPBasicAuth::Replace'} ='@DOMAIN.COM';
but in the Code it looks like this:
--HTTPBasicAuth.pm--
Line 77: $User =~ s/^\Q$Replace\E//;
IMHO it should look like this:
$User =~ s/\Q$Replace\E//i;
( without the ^ - Match the beginning of the line )
because Username-Domain-Format can vary depending on the used
Webserver-Modul, e.g. modntlm or mod_auth_kerb:
NTLM: domain.com\username
Kerberos: [EMAIL PROTECTED]
more?...
maybe it is worthy enough to change it in the code?
thanks/greets
jakob
--
GMX startet ShortView.de. Hier findest Du Leute mit Deinen Interessen!
Jetzt dabei sein: http://www.shortview.de/[EMAIL PROTECTED]
_______________________________________________
OTRS mailing list: dev - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/dev
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/dev
