Hello,
We're evaluating OTRS as a help-desk/ticketing solution and one of the features
that OTRS lists is LDAP integration (which I'm finding is a loosely defined
term). Since we have a centralized directory server and are trying to
impliment single-signon as much as possible, this is a much desired feature.
However, in playing with the demo, I configured it for use with LDAP and
attempted to login as myself. What I found was that it didn't work, because it
was having problems getting the password info from the directory server
(specifically the userPassword attribute). To see what it was doing, I looked
in the code at the UserAdd routine in Kernel/System/User.pm and if I read
things right, what its actually doing is replicating the data into the OTRS
database from a LDAP source.
If this is true, then am I correct in thinking that this feature really boils
down to LDAP AutoPopulation of the database? If so, it kind of defeats the
purpose of using a centralized data source (i.e. LDAP) because what happens
when a person's password changes on the directory? Or if some other mapped
attribute in the directory server changes? Does the OTRS system periodically
check for differences or sync them somehow? Is anything besides UNIX crypt
supported for password hashes (i.e MD5 or SHA1)?
Kevin
--
Kevin M. Myer
Systems Administrator
Lancaster-Lebanon Intermediate Unit 13
(717) 560-6140
