Hi folks,
First let me say that OTRS appears to be a great product! Kudos to the developers!
We are in the process of evaluating our options for a helpdesk/trouble-ticket system. I would really like to give OTRS a good evaluation, but I'm having some problems. Our chosen solution must be able to authenticate users (both agents and customers) via Microsoft Active Directory. It appears that this is possible, but I've yet to have any success. I'll outline the steps I've taken and solicit any input from the community.
OTRS is working fine when authenticating against it's own database. Here's what I've done to try to authenticate against AD:
I edited Kernel/Config.pm and added:
<begin additions to
Config.pm>
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'lincoln.tsteel.com';
$Self->{'AuthModule::LDAP::BaseDN'} = 'ou=Tuscaloosa - Sheet Mill,dc=tsteel,dc=com';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'cn=OTRS Admin,ou=Tuscaloosa - Sheet Mill,dc=tsteel,dc=com';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'password';
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = '
lincoln.tsteel.com';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=Tuscaloosa - Sheet Mill,dc=tsteel,dc=com';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=OTRS Admin,ou=Tuscaloosa - Sheet Mill,dc=tsteel,dc=com';
$Self->{'Customer::AuthModule::LDAP::SearchUserPW'} = 'password';
$Self->{CustomerUser} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'lincoln.tsteel.com',
BaseDN => 'ou=Tuscaloosa - Sheet Mill,dc=tsteel,dc=com',
SSCOPE => 'sub',
UserDN => 'cn=OTRS Admin,ou=Tuscaloosa - Sheet Mill,dc=tsteel,dc=com',
UserPW => 'password',
},
CustomerKey => 'sAMAccountName',
CustomerID => 'mail',
CustomerUserListFields => 'sAMAccountName', 'cn', 'mail',
CustomerUserSearchFields => 'sAMAccountName', 'cn', 'mail',
CustomerUserPostMasterSearchFields => 'mail',
CustomerUserNameFields => 'givenname', 'sn',
Map => [
[ 'UserFirstName', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastName', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
],
};
<end additions to Config.pm>
On my AD box, I ran: ldifde -f
users.ldf -d "OU=Tuscaloosa - Sheet Mill,dc=tsteel,dc=com" -r "<objectClass=user>"
Which returned a listing of all users in the Tuscaloosa - Sheet Mill org unit. Within the users.ldf file (output from the above command), there's an entry for OTRS Admin:
<begin snippet from users.ldf>
dn: CN=OTRS,OU=Tuscaloosa - Sheet Mill,DC=tsteel,DC=com
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: OTRS
sn: Admin
givenName: OTRS
distinguishedName: CN=OTRS,OU=Tuscaloosa - Sheet Mill,DC=tsteel,DC=com
instanceType: 4
whenCreated: 20070920125829.0Z
whenChanged: 20070921135825.0Z
displayName: OTRS
uSNCreated: 8512826
uSNChanged: 8549454
name: OTRS
objectGUID:: po7FpWyIxEWWQeiUc9XMwA==
userAccountControl: 66048
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 128347689772801250
lastLogoff: 0
lastLogon: 128347693211238750
pwdLastSet: 128347667099207500
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAApR5XA/l+DSsgfDsl4xwAAA==
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: OTRS
sAMAccountType: 805306368
userPrincipalName: OTRS@tsteel.com
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=tsteel,DC=com
dSCorePropagationData: 20070921135825.0Z
dSCorePropagationData: 20070921135825.0Z
dSCorePropagationData: 20070921135825.0Z
dSCorePropagationData: 20070921131751.0Z
dSCorePropagationData:
16010108151056.0Z
lastLogonTimestamp: 128347680934676250
<end snippet from users.ldf>
With this configuration, when I attempt to login as an agent using my username (which I know is valid in AD), it errors out with:
Login failed! Your username or password was entered incorrectly.
And, when I revert the Config.pm back (so I can log in) and check the system log, I see:
User: raldridge authentication failed, no LDAP entry
found!BaseDN='ou=Tuscaloosa - Sheet Mill,dc=tsteel,dc=com',
Filter='(sAMAccountName=raldridge)', (REMOTE_ADDR: 10.1.1.50).
Any help would be greatly appreciated.
Thanks,
Robert Aldridge