Hi Jason,
 
Same authentication setup here, and i think that i might have experienced something like this.
 
Try adding this line to the config:
 
$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
 
I think that the otrs default setting is:
 
$Self->{'AuthModule::LDAP::AccessAttr'} = 'memberUid';
 
And that's not quite what the AD LDAP has to offer.
 
As for the host failover, i don't know if you can use multiple host names.
I'm using just the domain name.
That is: "example.org", and the DNS round-robins it. Not entirely failover, but better than nothing.
 
--
/Sune
 

From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On Behalf Of Benedick, Jason
Sent: 21. maj 2007 00:49
To: otrs@otrs.org
Subject: [otrs] Active Directory Authentication

I have active directory authentication working with the exception of the GroupDN for the admin interface. When I comment out the GroupDN and the UserAttr lines everything works fine again. We are running Windows Server 2003 on our DCs if that matters.

 

    $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';

    $Self->{'AuthModule::LDAP::Host'} = 'dc1.example.org';

    $Self->{'AuthModule::LDAP::BaseDN'} = 'OU=users,dc=example,dc=org';

    $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';

    $Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=LDAP\\, Linux,OU=Service Accounts,DC=example,DC=org';

    $Self->{'AuthModule::LDAP::SearchUserPw'} = 'password';

 

    $Self->{'AuthModule::LDAP::GroupDN'} = 'CN=otrs,OU=users,DC=example,DC=org';

    $Self->{'AuthModule::LDAP::UserAttr'} = 'DN';

 

    $Self->{UserSyncLDAPMap} = {

        #DB -> LDAP

        Firstname => 'givenName',

        Lastname => 'sn',

        Email => 'mail',

    };

 

Also while I’m asking can I put multiple DCs in under host for failover? IE can I do something like:

    $Self->{'AuthModule::LDAP::Host'} = 'dc1.example.org;dc2.example.org';

and will OTRS use dc2 if dc1 is down?

 

Thanks,

Jason R. Benedick

Workstation Technician

Thaddeus Stevens College of Technology