Nikunj Patel wrote:
I tried the fully qualified username for the SearchDN parameter (I was using only the username before) and IT WORKED !!!
Great :-)
I tested the fact about users being added from the LDAP to the database automatically on first login and it did not work. The AD user has to be created as a Customer User before he/she can access the system.
I fully disagree with this. I have never prepopulated a user in OTRS yet and accounts are added automatically the first time they log in with authentication against AD. In fact, I have gone so far as to rewrite the code so that not only are they added to the OTRS database upon login, but they are also added to the appropriate group(s) based off of group(s) that they belong to in AD. So, no more OTRS administration for me. I let AD take care of it! Admins are automatically assigned as admins, agents as agents, etc.
Now that everything is working, I have one more question. Will I be able to do Integrated Windows authentication using Apache or will I have to port OTRS over to IIS for it ?
I know you can do "single sign on" using HTTP basic auth, but it appears that it compares the username logged onto a system against a list of user's stored in apache (skips LDAP altogether). So, I don't think that is exactly what you are after. I'd actually like to know more about this too. Perhaps a cron could export LDAP user accounts into an Apache auth file from time to time? Hth, Tyler Hepworth