Thanks for the suggestion, Edward.  Changing the SearchUserDN to <username>@<domain> continues to work for the agent login.  I still haven't been able to get the customer login working.  Any hints?  Here's my current LDAP portion of Config.pm:

    $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
    $Self->{'AuthModule::LDAP::Host'} = ' ldapserver.domain.com';
    $Self->{'AuthModule::LDAP::BaseDN'} = 'ou=Group of Users,dc=domain,dc=com';
    $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
    $Self->{'AuthModule::LDAP::SearchUserDN'} = 'OTRS@domain.com';
    $Self->{'AuthModule::LDAP::SearchUserPw'} = '********';

    $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
    $Self->{'Customer::AuthModule::LDAP::Host'} = ' ldapserver.domain.com';
    $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=Group of Users,dc=domain,dc=com';
    $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
    $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = ' OTRS@domain.com';
    $Self->{'Customer::AuthModule::LDAP::SearchUserPW'} = '********';

    $Self->{CustomerUser} = {
      Module => 'Kernel::System::CustomerUser::LDAP',
      Params => {
        Host => ' ldapserver.domain.com',
        BaseDN => 'ou=Group of Users,dc=domain,dc=com',
        SSCOPE => 'sub',
        AlwaysFilter => '(&(sAMAccountName=*)(mail=*))',
        UserDN => 'OTRS@domain.com',
        UserPW => '********',
      },
      CustomerKey => 'sAMAccountName',
      CustomerID => 'mail',
      CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
      CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
      CustomerUserPostMasterSearchFields => ['mail'],
      CustomerUserNameFields => ['givenname', 'sn'],
      Map => [
        # note: Login, Email and CustomerID needed!
        # var, frontend, storage, shown, required, storage-type
        # [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
        [ 'UserFirstName', 'Firstname', 'givenname', 1, 1, 'var' ],
        [ 'UserLastName', 'Lastname', 'sn', 1, 1, 'var' ],
        [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
        [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
        [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
      ],
    };

    # UserSyncLDAPMap
    # (map if agent should create/synced from LDAP to DB after login)
    $Self->{UserSyncLDAPMap} = {
        # DB -> LDAP
        Firstname => 'givenName',
        Lastname => 'sn',
        Email => 'mail',
    };

    # UserSyncLDAPGroups
    # (If "LDAP" was selected for AuthModule, you can specify initial
    # user groups for first login.)
    $Self->{UserSyncLDAPGroups} = [
        'users',
    ];




On 9/21/07, Edward Kovarski < edward.kovarski@groupkae.com> wrote:

Robert,

You may also try <username>@<domain> which is the new Microsoft style
for specifying users within domains. This is what we use in
configuration...

Ed

On 21-Sep-07, at 2:48 PM, Robert Aldridge wrote:

> Finally got it working...
>
> I changed every entry of:
>
> 'cn=OTRS Admin,ou=Tuscaloosa - Sheet Mill,dc=tsteel,dc=com';
>
> to:
>
> 'tsteel\OTRS'
>
> and, to pull user data to the local DB, I added:
>
>     # UserSyncLDAPMap
>     # (map if agent should create/synced from LDAP to DB after login)
>     $Self->{UserSyncLDAPMap} = {
>         # DB -> LDAP
>         Firstname => 'givenName',
>         Lastname => 'sn',
>         Email => 'mail',
>     };
>
>     # UserSyncLDAPGroups
>     # (If "LDAP" was selected for AuthModule, you can specify initial
>     # user groups for first login.)
>     $Self->{UserSyncLDAPGroups} = [
>         'users',
>     ];
>
>
> Perhaps this will help someone else who's trying to set OTRS up
> with Microsoft Active Directory.
>
> Thanks,
>
> Robert Aldridge
>
>
>
> On 9/21/07, Robert Aldridge < bamarob55@gmail.com> wrote: Hi folks,
>
> First let me say that OTRS appears to be a great product!  Kudos to
> the developers!
>
> We are in the process of evaluating our options for a helpdesk/
> trouble-ticket system.  I would really like to give OTRS a good
> evaluation, but I'm having some problems.  Our chosen solution must
> be able to authenticate users (both agents and customers) via
> Microsoft Active Directory.  It appears that this is possible, but
> I've yet to have any success.  I'll outline the steps I've taken
> and solicit any input from the community.
>
> OTRS is working fine when authenticating against it's own
> database.  Here's what I've done to try to authenticate against AD:
>
> I edited Kernel/Config.pm and added:
>
> <begin additions to Config.pm>
>
>     $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
>     $Self->{'AuthModule::LDAP::Host'} = ' lincoln.tsteel.com';
>     $Self->{'AuthModule::LDAP::BaseDN'} = 'ou=Tuscaloosa - Sheet
> Mill,dc=tsteel,dc=com';
>     $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
>     $Self->{'AuthModule::LDAP::SearchUserDN'} = 'cn=OTRS
> Admin,ou=Tuscaloosa - Sheet Mill,dc=tsteel,dc=com';
>     $Self->{'AuthModule::LDAP::SearchUserPw'} = 'password';
>
>     $Self->{'Customer::AuthModule'} =
> 'Kernel::System::CustomerAuth::LDAP';
>     $Self->{'Customer::AuthModule::LDAP::Host'} = '
> lincoln.tsteel.com';
>     $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=Tuscaloosa
> - Sheet Mill,dc=tsteel,dc=com';
>     $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
>     $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'cn=OTRS
> Admin,ou=Tuscaloosa - Sheet Mill,dc=tsteel,dc=com';
>     $Self->{'Customer::AuthModule::LDAP::SearchUserPW'} = 'password';
>
>     $Self->{CustomerUser} = {
>     Module => 'Kernel::System::CustomerUser::LDAP',
>     Params => {
>     Host => ' lincoln.tsteel.com ',
>     BaseDN => 'ou=Tuscaloosa - Sheet Mill,dc=tsteel,dc=com',
>     SSCOPE => 'sub',
>     UserDN => 'cn=OTRS Admin,ou=Tuscaloosa - Sheet
> Mill,dc=tsteel,dc=com',
>     UserPW => 'password',
>     },
>     CustomerKey => 'sAMAccountName',
>     CustomerID => 'mail',
>     CustomerUserListFields => 'sAMAccountName', 'cn', 'mail',
>     CustomerUserSearchFields => 'sAMAccountName', 'cn', 'mail',
>     CustomerUserPostMasterSearchFields => 'mail',
>     CustomerUserNameFields => 'givenname', 'sn',
>     Map => [
>     [ 'UserFirstName', 'Firstname', 'givenname', 1, 1, 'var' ],
>     [ 'UserLastName', 'Lastname', 'sn', 1, 1, 'var' ],
>     [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
>     [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
>     [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
>     ],
>     };
>
> <end additions to Config.pm>
>
>
> On my AD box, I ran: ldifde -f users.ldf -d "OU=Tuscaloosa - Sheet
> Mill,dc=tsteel,dc=com" -r "<objectClass=user>"
>
> Which returned a listing of all users in the Tuscaloosa - Sheet
> Mill org unit.  Within the users.ldf file (output from the above
> command), there's an entry for OTRS Admin:
>
> <begin snippet from users.ldf>
>
>     dn: CN=OTRS,OU=Tuscaloosa - Sheet Mill,DC=tsteel,DC=com
>     changetype: add
>     objectClass: top
>     objectClass: person
>     objectClass: organizationalPerson
>     objectClass: user
>     cn: OTRS
>     sn: Admin
>     givenName: OTRS
>     distinguishedName: CN=OTRS,OU=Tuscaloosa - Sheet
> Mill,DC=tsteel,DC=com
>     instanceType: 4
>     whenCreated: 20070920125829.0Z
>     whenChanged: 20070921135825.0Z
>     displayName: OTRS
>     uSNCreated: 8512826
>     uSNChanged: 8549454
>     name: OTRS
>     objectGUID:: po7FpWyIxEWWQeiUc9XMwA==
>     userAccountControl: 66048
>     badPwdCount: 0
>     codePage: 0
>     countryCode: 0
>     badPasswordTime: 128347689772801250
>     lastLogoff: 0
>     lastLogon: 128347693211238750
>     pwdLastSet: 128347667099207500
>     primaryGroupID: 513
>     objectSid:: AQUAAAAAAAUVAAAApR5XA/l+DSsgfDsl4xwAAA==
>     accountExpires: 9223372036854775807
>     logonCount: 0
>     sAMAccountName: OTRS
>     sAMAccountType: 805306368
>     userPrincipalName: OTRS@tsteel.com
>     objectCategory:
> CN=Person,CN=Schema,CN=Configuration,DC=tsteel,DC=com
>     dSCorePropagationData: 20070921135825.0Z
>     dSCorePropagationData: 20070921135825.0Z
>     dSCorePropagationData: 20070921135825.0Z
>     dSCorePropagationData: 20070921131751.0Z
>     dSCorePropagationData: 16010108151056.0Z
>     lastLogonTimestamp: 128347680934676250
>
>
> <end snippet from users.ldf>
>
>
> With this configuration, when I attempt to login as an agent using
> my username (which I know is valid in AD), it errors out with:
>
> Login failed! Your username or password was entered incorrectly.
>
> And, when I revert the Config.pm back (so I can log in) and check
> the system log, I see:
>
> User: raldridge authentication failed, no LDAP entry found!
> BaseDN='ou=Tuscaloosa - Sheet Mill,dc=tsteel,dc=com',
> Filter='(sAMAccountName=raldridge)', (REMOTE_ADDR: 10.1.1.50).
>
> Any help would be greatly appreciated.
>
> Thanks,
>
> Robert Aldridge
>
> _______________________________________________
> OTRS mailing list: otrs - Webpage: http://otrs.org/
> Archive: http://lists.otrs.org/pipermail/otrs
> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
> Support or consulting for your OTRS system?
> => http://www.otrs.com/