Hello!

 

Can someone explain a little bit more analytically how one can use AD to authenticate users?

 

I read the “External Backends” section in the manual but a few things are not clear to me.

 

So far I have managed to perform section 5.2.2 (https://otrs.github.io/doc/manual/admin/stable/en/html/external-backends.html#customer-backend-ldap) which is to configure AD for customer backend.

 

When completed from the menu Admin->Customer Users I can see the people defined on the AD to access OTRS.

 

Of course they are not able to authenticate. I am reading below section 5.3.2.2 (https://otrs.github.io/doc/manual/admin/stable/en/html/external-backends.html#customer-auth-backend-ldap)

but that doesn’t work with a “wrong password error” although the apache log says “Cannot find ID for USERNAME”

 

What I am trying to understand here is if I need somehow before authenticating to put the AD entries into the OTRS database so that it can retrieve the “username” and then by using the next part to authenticate at the AD using that.

 

If someone could share its configuration would be very nice.

 

In general what I am trying to achieve is not to have any users on OTRS DB and do everything from AD. For the moment I have configured two AD groups one for Agents and one for Customers. Ideally OTRS should be able to distinguish between those and allow login accordingly. So if you have any configuration that you can share it will be much appreciated.

 

Best regards,

 

G.