Hi,
 
Thanks for all your help. I now have it working.
 
I copied the bit about filtering out computers and invalid accounts and pasted into the config.pm file and I left the rest alone as this was working correctly. So my complete LDAP config looks like this:
 
## Set up LDAP for Customer authentication to the Frontend for customers.
    $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
    $Self->{'Customer::AuthModule::LDAP::Host'} = '192.168.1.10';
    # The ou= is your NT Domain name. The dc= (there may be more than one) is your AD domain name.
    $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=woodberry, dc=wbhltd, dc=com';
    $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
    # Our AD requures a valid login to do LDAP searches. Use a generic one, not admin, not your own.
    $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrs';
    $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'whatever';
 
    # We only need to see users. Not computers and no disabled users.
    $Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '(&(!(objectClass=Computer))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))';
                       
## Set up LDAP for finding Customers when creating tickets in the Agent Frontend.
    $Self->{CustomerUser} = {
      Name => 'Exchange LDAP',
      Module => 'Kernel::System::CustomerUser::LDAP',
      Params => {
        # Parameters are basically the same as above.
        Host => '192.168.1.10',
        BaseDN => 'dc=woodberry, dc=wbhltd, dc=com',
        SSCOPE => 'sub',
        UserDN => 'otrs',
        UserPw => 'whatever',
        # if your frontend is e. g. iso-8859-1 and the charset of your
        # ldap server is utf-8, use this options (if not, ignore it)
 
        ### IMPORTANT FOR NON-ENGLISH USERS WITH SPECIAL CHARACTERS ###
        # You *have* to specify the SourceCharset below, else OTRS will default to
        # iso8859-1 (I think), and special characters will be garbled. This took me
        # half a day to figure out.
        SourceCharset => 'utf-8',
        DestCharset => 'utf-8',
        # We only need to see users. Not computers and no disabled users.
        AlwaysFilter => '(&(!(objectClass=Computer))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))',
      },
      CustomerKey => 'sAMAccountName',
      CustomerID => 'mail',
      CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
      CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
      CustomerUserPostMasterSearchFields => ['mail'],
      CustomerUserNameFields => ['givenname', 'sn'],
      Map => [
        ## Set-up the fields you want to import from LDAP.
        # note: Login, Email and CustomerID needed!
        # var, frontend, storage, shown, required, storage-type
        # [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
        [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
        [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
        [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
        [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
        [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
        [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
        # [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
        # [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
      ],
    };
 
However I still couldn't log in to the customer frontend. So I took your suggestion of looking in the otrs.log file (I didn't know there was one so I never looked before) and this is what it said:
 
"Fri Feb 22 10:38:08 2008][Notice][Kernel::System::CustomerAuth::LDAP::Auth] CustomerUser: Leigh Reed@wbhltd.com@wbhltd.com authentification failed, no LDAP entry found!BaseDN='dc=woodberry, dc=wbhltd, dc=com', Filter='(&(sAMAccountName=Leigh Reed@wbhltd.com@wbhltd.com)(&(!(objectClass=Computer))(!(userAccountControl:1.2.840.113556.1.4.803:=2))))', (REMOTE_ADDR: 127.0.0.1)."
 
Notice the part where it says "CustomerUser: Leigh Reed@wbhltd.com@wbhltd.com". It hit me that I had changed the Customer::AuthModule::LDAP::UserSuffix: to @wbhltd.com in the Frontend::Customer::Auth option in SysConfig > Framework when I first started messing about with the LDAP configuration a few days ago. So instead of sending the login "Leigh Reed@wbhltd.com" which is correct it was adding another @wbhltd.com to end making it incorrect.
 
I literally jumped out of my chair when it worked lol, it's been bugging me for days.
 
Thanks again for everyone's help.
 
Leigh

From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On Behalf Of Sune T. Tougaard
Sent: 22 February 2008 08:06
To: User questions and discussions about OTRS.org
Subject: RE: [otrs] LDAP customer authentication with AD not workng, please help?

Hi Leigh,

The customer data and customer login, i think, is actually two different parts of config.pm.

Here's parts of my working config. Replace the obvious enclosed in <>.

    # Customer Authentication backend.
    $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
    # Have seen a few issues when using specific hostnames or IP addresses. Using domain works.
    $Self->{'Customer::AuthModule::LDAP::Host'} = '<subdom>.<dom>.<tld>';
    # Where do you want to start searching?
    $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'DC=<subdom>,DC=<dom>,DC=<tld>';
    # What LDAP attribute would you like to use as User ID in OTRS?
    $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';

    # LDAP search credentials. Dunno if a full DN is required or if just the username is enough. Have only tried this.
    $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'CN=<username>,OU=<yet another OU>,OU=<users OU>,DC=<subdom>,DC=<dom>,DC=<tld>';

    $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = '<password>';
    # We only need to see users. Not computers and no disabled users.
    $Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '(&(!(objectClass=Computer))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))';

**

    # Customer DATA backend.
    $Self->{CustomerUser} = {
        Name => '<displayname>',
        Module => 'Kernel::System::CustomerUser::LDAP',
        Params => {
                Host => '<subdom>.<dom>.<tld>',
                BaseDN => 'DC=<sub>,DC=<dom>,DC=<tld>',
                # Search Scope. (one|sub). One-Level or entire Sub-Tree
                SSCOPE => 'sub',
                # LDAP search credentials. Dunno if a full DN is required or if just the username is enough. Have only tried this.

                UserDN => 'CN=<username>,OU=<yet another OU>,OU=<users OU>,DC=<subdom>,DC=<dom>,DC=<tld>',
                UserPw => '<password>',
                # This is needed to avoid issues with ae, oe, aa. Dunno what happens or if it's entirely correct.
                SourceCharset => 'utf-8',
                DestCharset => 'utf-8',
                # We only need to see users. Not computers and no disabled users.
                AlwaysFilter => '(&(!(objectClass=Computer))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))',
        },
      <i think this matches your config>
    };

Event though the web-interface says "Login failed! Your username or password was entered incorrectly.", you may be able to find additional info about the error in the OTRS log file.

--
/Sune

-----Original Message-----
From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On Behalf Of Leigh Reed
Sent: 21. februar 2008 18:07
To: User questions and discussions about OTRS.org
Subject: RE: [otrs] LDAP customer authentication with AD not workng, please help?

Hi,

Thank for the quick reply.

For some strange reason that config I posted works to some degree.

If I log in to the agent frontend, click on admin and then click Customer Users and do a search I can find every object listed in our AD (including users, computers and even old accounts that were deleted). I don't know why it took such a long time to populate as I couldn't find a single user a couple of hours ago.

Thinking I had cracked it I tried to log in to the customer frontend but I still get the same error no matter what I use as a login name. This seems very strange to me. If it is communicating with AD and can find the users, how come I can't login to the customer frontend?

Thank you

Leigh

-----Original Message-----
From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On Behalf Of Lars Jørgensen
Sent: 21 February 2008 16:50
To: User questions and discussions about OTRS.org
Subject: Re: [otrs] LDAP customer authentication with AD not workng,please help?

Den 21/02/2008 kl. 16.27 skrev leighreed@wbhltd.com:

>    $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=woodberry,
> dc=wbhltd, dc=com';

Try this:

$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=woodberry, dc=woodberry, dc=wbhltd, dc=com';


--
Lars
_______________________________________________
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support or consulting for your OTRS system?
=> http://www.otrs.com/
_______________________________________________
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support or consulting for your OTRS system?
=> http://www.otrs.com/