Tahnks! I'll give it a go...
>>
That's honestly one that I don't know the answer to. Here's a php
script I use to make sure that I can connect and query the AD domain
controller (you will need to be sure that php-ldap is installed.:
<?php
$dn = "basedn";
$attributes = array("displayname");
$filter = "(cn=*)";
$ad = ldap_connect("ldap://domaincontroller";)
or die("Couldn't connect to AD!");
$bd = ldap_bind($ad,"searchu...@searchdomain","searchuserpassword")
or die("Couldn't bind to AD!");
$result = ldap_search($ad, $dn, $filter, $attributes);
$entries = ldap_get_entries($ad, $result);
for ($i=0; $i<$entries["count"]; $i++) {
echo "<p>Name: ".$entries[$i]["displayname"][0]."<br />";
echo ' <br />';
echo ' <br />';
}
ldap_unbind($ad);
?>
If that works, you should be able to see a listing of the display name
of all of your AD Users. If that doesn't work, then you may need to
look at your search users' privileges and the Base DN you're connecting
to. The Global Catalog may be important, but as I'm not the AD admin at
my shop, I just don't know how it's setup.
Also, have you run the CheckModules script that comes with OTRS to make
sure you have the LDAP module for Perl installed?
Sorry I can't be more helpful than that.
~Davin
Jan Vorster wrote:
Thanks Davin,
I've tried it again and it's still not working...
I read somewhere that the server hosting the AD must also be a Global
Catalog... do you know if this is a requirement? Was it the case on your
configuration?
Thanks
Jan
>>
You do not need to have the CentOS box attached to the domain and you
will not need the Windows Services for Unix/Linux. Depending on how
your AD is setup you may need to have a user with administration
privileges that can be put into the config file to allow OTRS to search
the domain for the users.
Here's how I set it up in my config. It may not be perfect, but it got
the job done for me, if anybody has a better config to reference that
they can post, I'm sure I could use some learning too:
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'DomainController';
$Self->{'AuthModule::LDAP::BaseDN'} = 'Base DN';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'Admin User';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'Admin User Password';
$Self->{UserSyncLDAPGroups} = [
'users'
];
$Self->{UserSyncLDAPMap} = {
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
# CustomerUser1
# (customer user ldap backend and settings)
$Self->{CustomerUser1} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
# ldap host
Host => 'curley',
# ldap base dn
BaseDN => 'Base DN',
# search scope (one|sub)
SSCOPE => 'sub',
# The following is valid but would only be necessary if the
# anonymous user does NOT have permission to read from the LDAP
tree
UserDN => 'Admin User',
UserPw => 'Admin User Password',
AlwaysFilter => '',
SourceCharset => 'utf-8',
DestCharset => 'iso-8859-1',
},
# customer uniq id
CustomerKey => 'sAMAccountName',
# customer #
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 900,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
#[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};
Hope it helps:
~Davin
Jan Vorster wrote:
Hi all,
I've just setup OTRS on my CentOS 5 box and I want it to authenticate
the users against an active directory running on Windows 2003 Server.
I've read somewhere that you need to load Windows Services for Linux in
order to have additional UNIX options on an Active Directory user.
I did not read anyhting about this in the OTRS manual... so I was
wondering if this is a necessary step.
Needless to say that my attempts to log on to the AD from the OTRS web
interface are failing.
PS : A second question also... does the CentOS box need to be "on" the
domain? Is this even possible?
Thanks
Jan
<<
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/
