RE: [otrs] Active Directory Authentication
Hi Jason, Same authentication setup here, and i think that i might have experienced something like this. Try adding this line to the config: $Self->{'AuthModule::LDAP::AccessAttr'} = 'member'; I think that the otrs default setting is: $Self->{'AuthModule::LDAP::AccessAttr'} = 'memberUid'; And that's not quite what the AD LDAP has to offer. As for the host failover, i don't know if you can use multiple host names. I'm using just the domain name. That is: "example.org", and the DNS round-robins it. Not entirely failover, but better than nothing. -- /Sune _____ From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On Behalf Of Benedick, Jason Sent: 21. maj 2007 00:49 To: otrs@otrs.org Subject: [otrs] Active Directory Authentication I have active directory authentication working with the exception of the GroupDN for the admin interface. When I comment out the GroupDN and the UserAttr lines everything works fine again. We are running Windows Server 2003 on our DCs if that matters. $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self->{'AuthModule::LDAP::Host'} = 'dc1.example.org'; $Self->{'AuthModule::LDAP::BaseDN'} = 'OU=users,dc=example,dc=org'; $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=LDAP\\, Linux,OU=Service Accounts,DC=example,DC=org'; $Self->{'AuthModule::LDAP::SearchUserPw'} = 'password'; $Self->{'AuthModule::LDAP::GroupDN'} = 'CN=otrs,OU=users,DC=example,DC=org'; $Self->{'AuthModule::LDAP::UserAttr'} = 'DN'; $Self->{UserSyncLDAPMap} = { #DB -> LDAP Firstname => 'givenName', Lastname => 'sn', Email => 'mail', }; Also while I'm asking can I put multiple DCs in under host for failover? IE can I do something like: $Self->{'AuthModule::LDAP::Host'} = 'dc1.example.org;dc2.example.org'; and will OTRS use dc2 if dc1 is down? Thanks, Jason R. Benedick Workstation Technician Thaddeus Stevens College of Technology
Adding that line doesn't solve the problem I'm having. Thanks, Jason R. Benedick Workstation Technician Thaddeus Stevens College of Technology (717) 391-6957 From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On Behalf Of Sune T. Tougaard Sent: Monday, May 21, 2007 5:10 AM To: User questions and discussions about OTRS.org Subject: RE: [otrs] Active Directory Authentication Hi Jason, Same authentication setup here, and i think that i might have experienced something like this. Try adding this line to the config: $Self->{'AuthModule::LDAP::AccessAttr'} = 'member'; I think that the otrs default setting is: $Self->{'AuthModule::LDAP::AccessAttr'} = 'memberUid'; And that's not quite what the AD LDAP has to offer. As for the host failover, i don't know if you can use multiple host names. I'm using just the domain name. That is: "example.org", and the DNS round-robins it. Not entirely failover, but better than nothing. -- /Sune ________________________________ From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On Behalf Of Benedick, Jason Sent: 21. maj 2007 00:49 To: otrs@otrs.org Subject: [otrs] Active Directory Authentication I have active directory authentication working with the exception of the GroupDN for the admin interface. When I comment out the GroupDN and the UserAttr lines everything works fine again. We are running Windows Server 2003 on our DCs if that matters. $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self->{'AuthModule::LDAP::Host'} = 'dc1.example.org'; $Self->{'AuthModule::LDAP::BaseDN'} = 'OU=users,dc=example,dc=org'; $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=LDAP\\, Linux,OU=Service Accounts,DC=example,DC=org'; $Self->{'AuthModule::LDAP::SearchUserPw'} = 'password'; $Self->{'AuthModule::LDAP::GroupDN'} = 'CN=otrs,OU=users,DC=example,DC=org'; $Self->{'AuthModule::LDAP::UserAttr'} = 'DN'; $Self->{UserSyncLDAPMap} = { #DB -> LDAP Firstname => 'givenName', Lastname => 'sn', Email => 'mail', }; Also while I'm asking can I put multiple DCs in under host for failover? IE can I do something like: $Self->{'AuthModule::LDAP::Host'} = 'dc1.example.org;dc2.example.org'; and will OTRS use dc2 if dc1 is down? Thanks, Jason R. Benedick Workstation Technician Thaddeus Stevens College of Technology
participants (2)
-
Benedick, Jason -
Sune T. Tougaard