Thanks Davin,

 

I’ve tried it again and it’s still not working...

 

I read somewhere that the server hosting the AD must also be a Global Catalog... do you know if this is a requirement? Was it the case on your configuration?

 

Thanks

Jan

 

>> 

You do not need to have the CentOS box attached to the domain and you will not need the Windows Services for Unix/Linux.  Depending on how your AD is setup you may need to have a user with administration privileges that can be put into the config file to allow OTRS to search the domain for the users.

Here's how I set it up in my config.  It may not be perfect, but it got the job done for me, if anybody has a better config to reference that they can post, I'm sure I could use some learning too:


$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
  $Self->{'AuthModule::LDAP::Host'} = 'DomainController';
  $Self->{'AuthModule::LDAP::BaseDN'} = 'Base DN';
  $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';

  $Self->{'AuthModule::LDAP::SearchUserDN'} = 'Admin User';
  $Self->{'AuthModule::LDAP::SearchUserPw'} = 'Admin User Password';
 
  $Self->{UserSyncLDAPGroups} = [
       'users'
  ];

  $Self->{UserSyncLDAPMap} = {
    UserFirstname => 'givenName',
    UserLastname => 'sn',
    UserEmail => 'mail',
  };

# CustomerUser1
# (customer user ldap backend and settings)
  $Self->{CustomerUser1} = {
    Module => 'Kernel::System::CustomerUser::LDAP',
    Params => {
      # ldap host
      Host => 'curley',
      # ldap base dn
      BaseDN => 'Base DN',
      # search scope (one|sub)
      SSCOPE => 'sub',
      # The following is valid but would only be necessary if the
      # anonymous user does NOT have permission to read from the LDAP tree
      UserDN => 'Admin User',
      UserPw => 'Admin User Password',
      AlwaysFilter => '',
      SourceCharset => 'utf-8',
      DestCharset => 'iso-8859-1',
    },
    # customer uniq id
    CustomerKey => 'sAMAccountName',
    # customer #
    CustomerID => 'mail',
    CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
    CustomerUserSearchPrefix => '',
    CustomerUserSearchSuffix => '*',
    CustomerUserSearchListLimit => 900,
    CustomerUserPostMasterSearchFields => ['mail'],
    CustomerUserNameFields => ['givenname', 'sn'],
    Map => [
      # note: Login, Email and CustomerID needed!
      # var, frontend, storage, shown, required, storage-type
      #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
      [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
      [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
      [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
      [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
      [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
      [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
      [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
      [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
    ],
  };



Hope it helps:

~Davin

Jan Vorster wrote:

Hi all,

 

I’ve just setup OTRS on my CentOS 5 box and I want it to authenticate the users against an active directory running on Windows 2003 Server.

 

I’ve read somewhere that you need to load Windows Services for Linux in order to have additional UNIX options on an Active Directory user.

 

I did not read anyhting about this in the OTRS manual... so I was wondering if this is a necessary step.

 

Needless to say that my attempts to log on to the AD from the OTRS web interface are failing.

 

 

PS : A second question also... does the CentOS box need to be “on” the domain? Is this even possible?

 

Thanks
Jan

 

<<