[otrs] LDAP and active directory authentication problems

Tyler Hepworth TylerH at natr.com
Thu Apr 22 15:48:51 CEST 2004

Nikunj Patel wrote:
>I tried the fully qualified username for the
> SearchDN parameter (I was using only the username before) and

Great :-)
> I tested the fact about users being added from the LDAP to
> the database automatically on first login and it did not
> work. The AD user has to be created as a Customer User before
> he/she can access the system. 

I fully disagree with this.  I have never prepopulated a user in OTRS yet
and accounts are added automatically the first time they log in with
authentication against AD.  In fact, I have gone so far as to rewrite the
code so that not only are they added to the OTRS database upon login, but
they are also added to the appropriate group(s) based off of group(s) that
they belong to in AD.  So, no more OTRS administration for me.  I let AD
take care of it!  Admins are automatically assigned as admins, agents as
agents, etc.
> Now that everything is working, I have one more question.
> Will I be able to do Integrated Windows authentication using
> Apache or will I have to port OTRS over to IIS for it ?

I know you can do "single sign on" using HTTP basic auth, but it appears
that it compares the username logged onto a system against a list of user's
stored in apache (skips LDAP altogether).  So, I don't think that is exactly
what you are after.  I'd actually like to know more about this too.  Perhaps
a cron could export LDAP user accounts into an Apache auth file from time to

Tyler Hepworth

More information about the otrs mailing list