Hi Steven,
I was afraid this would be the answer: OR kerberos OR OTRS auth...
well, we can't have it all, can we?
Kind regards,
Juan Clavero
-----Mensaje original-----
De: Steven Carr [mailto:sjcarr@gmail.com]
Enviado el: miércoles, 14 de noviembre de 2012 16:58
Para: User questions and discussions about OTRS.
Asunto: Re: [otrs] Kerberos and LDAP Authentication
It's not really an OTRS issue as Apache is the one handling the actual authentication. The problem is you can't have a fallback when using Apache Kerberos authentication (many people have tried [and failed] google "apache kerberos ldap fallback"). If you fail Kerberos authentication then Apache will deny you access to any resources.
Steve
On 14 November 2012 12:33, Juan Manuel Clavero Almirón
Hi Roy, yes, I do sync against the samaccountname. I capture it from the kerb login using HTTPBasicAuth::ReplaceRegExp
But that's not the problem: the problem is for the users that cannot do kerberos authentification. I need them to be able to do LDAP auth using OTRS login page, as they did before. Instead, they just get a 'forbidden' error and doesn't get any login page.
Kind regards, Juan Clavero