Hey there, this is my first message to this list I'm trying to authenticate otrs with our W2K server using ActiveDir. This solution seems perfect for our organization since we are requiring a help desk and we already have about a thousand AD users. I have been using Linux and LDAP for years and I tough this wouldn't be that hard... and it was. My problem is that I'm able to authenticate agents -well, just the one that is in mysql and in AD- but I'm not able to authenticate clients -regular AD users- to the customer.pl interface. I'm copying the config stuff in case anybody sees anything wrong, BTW, I have tweaked some of the sAMAccount parts just for testing Thanks for your help Vlad #agentes $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self->{'AuthModule::LDAP::Host'} = 'w2k'; $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=domain, dc=com'; $Self->{'AuthModule::LDAP::UID'} = 'userPrincipalName'; $Self->{'AuthModule::LDAP::SearchUserDN'} = 'cn=Soporte Consultores, cn=Users, dc=domainx, dc=com'; $Self->{'AuthModule::LDAP::SearchUserPw'} = 'pass'; #$Self->{'AuthModule::LDAP::AccessAttr'} = 'member'; #---------------Clientes---------------------------------------# $Self->{CustomerDefaultState} = 'new'; $Self->{CustomerUser} = { Name => 'LDAP Source', Module => 'Kernel::System::CustomerUser::LDAP', Params => { # ldap host Host => 'w2k', # ldap base dn BaseDN => 'DC=doamin,DC=com', # search scope (one|sub) SSCOPE => 'sub', # The following is valid but would only be necessary if the # anonymous user does NOT have permission to read from the LDAP tree # Absolutely necessary for Active Directory UserDN => 'cn=Soporte Consultores, cn=Users, dc=domain, dc=com', UserPw => 'passwd', }, # customer uniq id CustomerKey => 'sAMAccountName', # customer # CustomerID => 'mail', CustomerUserListFields => ['givenname', 'sn', 'mail'], CustomerUserSearchFields => ['displayName','sAMAccountName','givenname', 'sn', 'mail','description'], CustomerUserPostMasterSearchFields => ['displayName','sAMAccountName','givenname','sn','mail','description'], #CustomerUserPostMasterSearchFields => ['mail'], CustomerUserNameFields => ['givenname', 'sn'], Map => [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown, required, storage-type [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ], [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ], [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ], [ 'UserCustomerID', 'CustomerID', 'url', 0, 1, 'var' ], [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ], [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ], [ 'UserComment', 'Comment', 'description', 1, 0, 'var' ], ], }; #------------------------------------------------------# # Customer LDAP Authentication # #------------------------------------------------------# # This is an example configuration for an LDAP auth. backend. # (take care that Net::LDAP is installed!) $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self->{'Customer::AuthModule::LDAP::Host'} = 'w2k'; $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=domain,dc=com'; $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'CN=otrs,OU=Gente,DC=domain,DC=com'; $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'pass';