I am no expert in giving a step by step, but here is a copy of my config.pm file which is working for customer LDAP auth via my Windows AD domain... hope it helps: As always, make a backup copy of the original Config.pm file before you start modifying.... I created a user account in AD called "otrs ldap" and use that account to authenticate the LDAP query from otrs. Windows AD will not allow anonymous lookups so this is a necessary step... # This is an example configuration for an LDAP auth. backend. # (take care that Net::LDAP is installed!) $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self->{'Customer::AuthModule::LDAP::Host'} = '10.xxx.xxx.xx'; $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=domain,dc=local'; $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'CN=otrs ldap,OU=Users,DC=domain,DC=local'; $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'password'; The section below is for the customer lookups via the Phone Ticket/Email Ticket screen to add a new ticket for a customer. It allows the agent type a piece of the customer info and search AD for the user... The system must be able to verify the customer in AD before it will let you enter a ticket. # (customer user ldap backend and settings) $Self->{CustomerUser1} = { Name =>'LDAP Backend', Module => 'Kernel::System::CustomerUser::LDAP', Params => { # ldap host Host => '10.xxx.xxx.xx', # ldap base dn BaseDN => 'dc=domain,dc=local', # search scope (one|sub) SSCOPE => 'sub', # The following is valid but would only be necessary if the # anonymous user does NOT have permission to read from the LDAP tree UserDN => 'CN=otrs ldap,OU=Users,DC=domain,DC=local', UserPw => 'password', AlwaysFilter => '', #SourceCharset => 'utf-8', #DestCharset => 'iso-8859-1', }, # customer uniq id CustomerKey => 'sAMAccountName', # customer # CustomerID => 'mail', CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchPrefix => '', CustomerUserSearchSuffix => '*', CustomerUserSearchListLimit => 250, CustomerUserPostMasterSearchFields => ['mail'], CustomerUserNameFields => ['givenname', 'sn'], Map => [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown, required, storage-type #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ], [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ], [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ], [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ], [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ], #[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ], #[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ], ], }; With Best Regards, Tim Miller Network Administrator DBT America, Inc. Houston, PA ________________________________ From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On Behalf Of VI - Mario Tonin Sent: Wednesday, November 22, 2006 6:30 AM To: otrs@otrs.org Subject: [otrs] LDAP Authentication Is there anyone who can give me a step-by-step guide to configure ldap autentiation for costumers? I've added this entry: $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self->{'Customer::AuthModule::LDAP::Host'} = 'vidc2.battistolligroup.it'; $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=battistolligroup,dc=it'; . . . . . . . . . . . . . . . . . . . Mario Tonin mario.tonin@battistolli.it mailto:mario.tonin@battistolli.it B.T.V. s.p.a.- Sistemi Informativi Via Luca della Robbia 60 36100 - Vicenza - Italy w http://www.battistolli.it http://www.battistolli.it/