It's not really an OTRS issue as Apache is the one handling the actual
authentication. The problem is you can't have a fallback when using
Apache Kerberos authentication (many people have tried [and failed]
google "apache kerberos ldap fallback"). If you fail Kerberos
authentication then Apache will deny you access to any resources.
Steve
On 14 November 2012 12:33, Juan Manuel Clavero Almirón
Hi Roy, yes, I do sync against the samaccountname. I capture it from the kerb login using HTTPBasicAuth::ReplaceRegExp
But that's not the problem: the problem is for the users that cannot do kerberos authentification. I need them to be able to do LDAP auth using OTRS login page, as they did before. Instead, they just get a 'forbidden' error and doesn't get any login page.
Kind regards, Juan Clavero