Hi Tim,

I remember there was one section in the config.pl where you configure the sync between AD/LDAP and the OTRS customer database. So I guess the authentication works at your side but there will be no customer entry in the OTRS customer db because the sync is not enabled.

Maybe that's a hint.

Kind regards

Falko Zurell
Head of Application Management
I-D Media AG
Ohlauer Strasse 43
D-10999 Berlin

fon: +49 (0)30 - 2 59 47 - 357
fax: +49 (0)30 - 2 59 47 - 111
mobile: +49 (0)160 - 3 62 52 77
web: http://www.idmedia.com
mail: falko.zurell@idmedia.com

  ----- Original Message -----
  From: otrs-bounces
  Sent: 25.09.2006 05:48
  To: <otrs@otrs.org>
  Subject: [otrs] Customer LDAP to AD Authentication - close, but not working


I am having trouble getting the customers to be able to authenticate and log in to the customer.pl web page.  I am trying to use LDAP to authenticate.  From the agent side, my LDAP searches are working fine.  If I search for a customer by name to create a new ticket, I get a complete list of possible names back from the LDAP search.
 
However, when the customers attempt to log in, all I get is  "Login failed! Your username or password was entered incorrectly".  I know the username and password is correct, but I keep getting this error.  In the System log, I get the following message, "CustomerUser: jdoe@dbtamerica.local authentification failed, no LDAP entry found!BaseDN='dc=dbtamerica,dc=local', Filter='(&(sAMAccountName=jdoe@dbtamerica.local)(!objectclass=computer))', (REMOTE_ADDR: 10.222.128.53)." 
 
I have a J Doe account in my AD that I use for testing, the account exists and I am using the correct password. 
 
Do I have to use the PosixGroups lines in the Config.pm file?  I am currently not using these at all, but my understanding is that it should work without them.  Do I have to create a group in AD, or specify that the "domain users" group is allowed access?
 
Any advice is greatly appreciated, this is our last major hurdle to get over, so far we love the package, but we really want the AD authentication to work.
 
With Best Regards,
 
Tim