Hi Leigh, The customer data and customer login, i think, is actually two different parts of config.pm. Here's parts of my working config. Replace the obvious enclosed in <>. # Customer Authentication backend. $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; # Have seen a few issues when using specific hostnames or IP addresses. Using domain works. $Self->{'Customer::AuthModule::LDAP::Host'} = '<subdom>.<dom>.<tld>'; # Where do you want to start searching? $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'DC=<subdom>,DC=<dom>,DC=<tld>'; # What LDAP attribute would you like to use as User ID in OTRS? $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName'; # LDAP search credentials. Dunno if a full DN is required or if just the username is enough. Have only tried this. $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'CN=<username>,OU=<yet another OU>,OU=<users OU>,DC=<subdom>,DC=<dom>,DC=<tld>'; $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = '<password>'; # We only need to see users. Not computers and no disabled users. $Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '(&(!(objectClass=Computer))(!(userAccountControl:1.2.840.113556.1.4.803:=2) ))'; ** # Customer DATA backend. $Self->{CustomerUser} = { Name => '<displayname>', Module => 'Kernel::System::CustomerUser::LDAP', Params => { Host => '<subdom>.<dom>.<tld>', BaseDN => 'DC=<sub>,DC=<dom>,DC=<tld>', # Search Scope. (one|sub). One-Level or entire Sub-Tree SSCOPE => 'sub', # LDAP search credentials. Dunno if a full DN is required or if just the username is enough. Have only tried this. UserDN => 'CN=<username>,OU=<yet another OU>,OU=<users OU>,DC=<subdom>,DC=<dom>,DC=<tld>', UserPw => '<password>', # This is needed to avoid issues with ae, oe, aa. Dunno what happens or if it's entirely correct. SourceCharset => 'utf-8', DestCharset => 'utf-8', # We only need to see users. Not computers and no disabled users. AlwaysFilter => '(&(!(objectClass=Computer))(!(userAccountControl:1.2.840.113556.1.4.803:=2) ))', }, <i think this matches your config> }; Event though the web-interface says "Login failed! Your username or password was entered incorrectly.", you may be able to find additional info about the error in the OTRS log file. -- /Sune -----Original Message----- From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On Behalf Of Leigh Reed Sent: 21. februar 2008 18:07 To: User questions and discussions about OTRS.org Subject: RE: [otrs] LDAP customer authentication with AD not workng, please help? Hi, Thank for the quick reply. For some strange reason that config I posted works to some degree. If I log in to the agent frontend, click on admin and then click Customer Users and do a search I can find every object listed in our AD (including users, computers and even old accounts that were deleted). I don't know why it took such a long time to populate as I couldn't find a single user a couple of hours ago. Thinking I had cracked it I tried to log in to the customer frontend but I still get the same error no matter what I use as a login name. This seems very strange to me. If it is communicating with AD and can find the users, how come I can't login to the customer frontend? Thank you Leigh -----Original Message----- From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On Behalf Of Lars Jørgensen Sent: 21 February 2008 16:50 To: User questions and discussions about OTRS.org Subject: Re: [otrs] LDAP customer authentication with AD not workng,please help? Den 21/02/2008 kl. 16.27 skrev leighreed@wbhltd.com:
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=woodberry, dc=wbhltd, dc=com';
Try this: $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=woodberry, dc=woodberry, dc=wbhltd, dc=com'; -- Lars _______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support or consulting for your OTRS system? => http://www.otrs.com/ _______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support or consulting for your OTRS system? => http://www.otrs.com/