This is what we use for authenticating/etc against AD:

In Kernel/Config.pm:
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = 'IP-Addr';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=SOMEPLACE,dc=TLD';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'DOMAIN\user';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'Password';
$Self->{'Customer::AuthModule::LDAP::Params'} = {
        port => 3268,
        timeout => 120,
        async => 0,
        version => 3,
};

and to synchronize customer info against AD:

$Self->{CustomerUser} = {
        Name => 'Active Directory',
       Module => 'Kernel::System::CustomerUser::LDAP',
        Params => {
            Host => 'IP-Addr',
            BaseDN => 'DC=SOMEPLACE,DC=TLD',
            SSCOPE => 'sub',
            AlwaysFilter => '(primaryGroupID=513)',
            UserDN => 'DOMAIN\user',
            UserPw => 'Password',
            SourceCharset => 'utf-8',
            DestCharset => 'iso-8859-1',
            Params => {
                port => 3268,
                timeout => 120,
                async => 0,
                version => 3,
            },
        },
        CustomerKey => 'sAMAccountName',
        CustomerID => 'userPrincipalName',
        CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
        CustomerUserSearchFields => ['cn', 'mail', 'displayName', 'sAMAccountName','sn','givenName'],
        CustomerUserSearchPrefix => '',
        CustomerUserSearchSuffix => '',
        CustomerUserSearchListLimit => 1000,
        CustomerUserPostMasterSearchFields => ['mail'],
        CustomerUserNameFields => ['givenName', 'sn'],
        Map => [
            [ 'UserSalutation', 'Title',      'title',           1, 0, 'var', '', 0 ],
            [ 'UserFirstname', 'Firstname', 'givenName',       1, 1, 'var', '', 0 ],
            [ 'UserLastname',   'Lastname',   'sn',              1, 1, 'var', '', 0 ],
            [ 'UserLogin',      'Username',   'sAMAccountName',             1, 1, 'var', '', 0 ],
            [ 'UserEmail',      'Email',      'mail',            1, 1, 'var', '', 0 ],
            [ 'UserCustomerID', 'CustomerID', 'userPrincipalName',            0, 1, 'var', '', 0 ],
            [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1, 0, 'var', '', 0 ],
            [ 'UserPhone',      'Phone',      'telephonenumber', 1, 0, 'var', '', 0 ],
            [ 'UserAddress',    'Site',    'physicalDeliveryOfficeName',   1, 0, 'var', '', 0 ],
            [ 'UserComment',    'Comment',    'description',     1, 0, 'var', '', 0 ],
        ],
    };

The AlwaysFilter => '(primaryGroupID=513)', entry is primarily usefull to keep it from pulling seemingly every object in AD when viewing the Customer Users <=> Groups control pannel in the admin area.

The reason for the odd port numbers is that a while back i read that some people have more reliable plain LDAP access to AD on those ports, and using them has never failed me.

good luck

Mike

John d'Alelio wrote:

We have a small company, but have several offices and I was wondering if there was anyway to set OTRS to us windows domain user logins, or if not, can I disable the login portion of the system and let users create tickets by selecting a userid.

John F. d'Alelio

I.T. Manager

Adaptive Methods

5885 Trinity Parkway, Suite 230

Centreville, VA 20120

(w) 703.968.6130

(c) 571.201.3667
_______________________________________________
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support or consulting for your OTRS system?
=> http://www.otrs.com/