I am sorry if I confused anyone, but I wanted my agents to be authenticated against the Active directory also. As far as I can see in the otrs log file, its trying to use the '[Kernel::System::Auth::DB::Auth]' module. I would like to know if we have a corresponding LDAP module or can I simply use the '[Kernel::System::CustomerAuth::LDAP::Auth]' module and where can I specify that.
Yes, you can auth your agents as well as your customers. That is what chapter nine talks about. To auth the agents, add the following to your config.pm $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self->{'AuthModule::LDAP::Host'} = 'host.example.com'; $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=example,dc=com'; $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self->{'AuthModule::LDAP::SearchUserDN'} = 'admin'; $Self->{'AuthModule::LDAP::SearchUserPw'} = 'password'; $Self->{'AuthModule::LDAP::GroupDN'} = 'cn=otrs,cn=Users,dc=nspnet,dc=net'; $Self->{'AuthModule::LDAP::AccessAttr'} = 'member'; ***By the way, I forgot to mention that the admin name in SearchUserDN has to be a fully qualified name, i.e. admin@example.com (username@basedn). Open the snap-in "Active Directory Users and Computers". You can find this when looking at a user's properties, account tab, next to logon name.
I tried putting in the two lines that you mentioned. Also the username and password were for the domain Administrator so it should have worked if it was supposed to. I am able to authenticate against the server using .net so I am sure that it works and is accessible from the install machine. I also tried to put the host name for the host as well as its IP address.
Okay, here is the perl code extracted from kernel/system/auth/ldap.pm. Put it in a perlscript and run it directly from the console. It should give you a good idea whether you are able to connect or not use strict; use Net::LDAP; $Host = ' '; # Put your ldap server here $Admin = ' '; # Put your admin credentials here (fully qualified) $AdminPass = ' '; # Put your admin password here $Uid = ' '; # Put some user's name here that you want to get info about (does not have to be fully qualified - just the sAMAccountName my $SearchBase = ' '; # Put your searchbase here (dc=example,dc=com) my $Filter = "sAMAccountName=$Uid"; # Leave it just like that my $LDAP = Net::LDAP->new($Host) or die "Failed to connect to LDAP host!"; $LDAP->bind($Admin, password => $AdminPass)) or die "Permission to browse directory denied!"; my $Result = $LDAP->search( base=>$SearchBase, filter=>$Filter ) or die "Failed to retreive user information"; my $UserDN = ''; foreach my $Entry ($Result->all_entries) { $UserDN = $Entry->dn(); } if (!$UserDN) { print "User: $Uid login failed, no LDAP entry found! BaseDN='$SearchBase', Filter='$Filter'"; }
Did not find anything useful information about the directory except the tree structure that I could see from the MMC snap-in.
Fine, don't worry about it then. Hth, Tyler Hepworth