I'm getting this error: May 21 15:30:05 websvr OTRS-CGI-10[21731]: [Notice][Kernel::System::Auth::LDAP::Auth] User: benedick authentication failed, no LDAP group entry foundGroupDN='CN=otrs,OU=users,DC=example,DC=org', Filter='(member=CN=Benedick\, Jason,OU=users,DC=example,DC=org)'! Jason R. Benedick Workstation Technician Thaddeus Stevens College of Technology (717) 391-6957 From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On Behalf Of Sune T. Tougaard Sent: Monday, May 21, 2007 10:53 AM To: User questions and discussions about OTRS.org Subject: RE: [otrs] Active Directory Authentication Any details in the logfile? Also, i don't think that nested groups works, so the members has to be "direct" members of the group. -- /Sune ________________________________ From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On Behalf Of Benedick, Jason Sent: 21. maj 2007 15:18 To: User questions and discussions about OTRS.org Subject: RE: [otrs] Active Directory Authentication Adding that line doesn't solve the problem I'm having. Thanks, Jason R. Benedick Workstation Technician Thaddeus Stevens College of Technology (717) 391-6957 From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On Behalf Of Sune T. Tougaard Sent: Monday, May 21, 2007 5:10 AM To: User questions and discussions about OTRS.org Subject: RE: [otrs] Active Directory Authentication Hi Jason, Same authentication setup here, and i think that i might have experienced something like this. Try adding this line to the config: $Self->{'AuthModule::LDAP::AccessAttr'} = 'member'; I think that the otrs default setting is: $Self->{'AuthModule::LDAP::AccessAttr'} = 'memberUid'; And that's not quite what the AD LDAP has to offer. As for the host failover, i don't know if you can use multiple host names. I'm using just the domain name. That is: "example.org", and the DNS round-robins it. Not entirely failover, but better than nothing. -- /Sune ________________________________ From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On Behalf Of Benedick, Jason Sent: 21. maj 2007 00:49 To: otrs@otrs.org Subject: [otrs] Active Directory Authentication I have active directory authentication working with the exception of the GroupDN for the admin interface. When I comment out the GroupDN and the UserAttr lines everything works fine again. We are running Windows Server 2003 on our DCs if that matters. $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self->{'AuthModule::LDAP::Host'} = 'dc1.example.org'; $Self->{'AuthModule::LDAP::BaseDN'} = 'OU=users,dc=example,dc=org'; $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=LDAP\\, Linux,OU=Service Accounts,DC=example,DC=org'; $Self->{'AuthModule::LDAP::SearchUserPw'} = 'password'; $Self->{'AuthModule::LDAP::GroupDN'} = 'CN=otrs,OU=users,DC=example,DC=org'; $Self->{'AuthModule::LDAP::UserAttr'} = 'DN'; $Self->{UserSyncLDAPMap} = { #DB -> LDAP Firstname => 'givenName', Lastname => 'sn', Email => 'mail', }; Also while I'm asking can I put multiple DCs in under host for failover? IE can I do something like: $Self->{'AuthModule::LDAP::Host'} = 'dc1.example.org;dc2.example.org'; and will OTRS use dc2 if dc1 is down? Thanks, Jason R. Benedick Workstation Technician Thaddeus Stevens College of Technology