Re: [otrs] User LDAP authentication

Yes, I have the same setup/configuration - and now it works fine. However, when this authentication type is enabled, how do you use for instance, root@localhost or perhaps a local admin accout (set up so I don't use root@localhost)? I can create an LDAP admin account used for purposes of OTRS administration, but I'm wondering if there is a way to have a local account login with the LDAP authentication enabled. Bart
ohliger@fh-rosenheim.de 01/11 10:30 AM >>> Both,
think that is right. I am using for agent and customer interface the same eDir but with different authorization mechanism (group membership). regards Christoph Free BSD schrieb:
Bart Wallace wrote:
if I have a local OTRS agent account, when I enable $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP, I am unable to use that local account as it does not exist in LDAP. How do you work around this, or does it matter to you in your installation?
Thanks for the help,
Bart
Dear Bart
I don't have any experience with eDir, sorry. But I'm using Active Directory for customer authentication, and local mysql for agent authentication. The Agent accounts I created are identical to their accounts in the AD. However, since OTRS offers two different areas for loggin into the system, they are authenticated differently. If they are using the customer interface, they are logged in as customer, and if from agent interface, then they have agent rights.
My guess is, you might not be using two separate authentication modules here. I might be wrong, someone with more experience will be able to clarify and point my mistake, but if you don't have the agent accounts in the LDAP tree (or the eDir tree), then maybe you should either create those accounts or use mysql (or similar) backend for agent authentication.
Hope this helps. _______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
_______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

I am not aware of any "fallback authentication", maybe that is possible. I am only using LDAP authentication (no root@localhost), in case of failures that is done with a load balance/failover mechanism. Christoph Bart Wallace schrieb:
Yes, I have the same setup/configuration - and now it works fine. However, when this authentication type is enabled, how do you use for instance, root@localhost or perhaps a local admin accout (set up so I don't use root@localhost)? I can create an LDAP admin account used for purposes of OTRS administration, but I'm wondering if there is a way to have a local account login with the LDAP authentication enabled.
Bart
ohliger@fh-rosenheim.de 01/11 10:30 AM >>>
Both,
think that is right. I am using for agent and customer interface the same eDir but with different authorization mechanism (group membership).
regards Christoph
Free BSD schrieb:
Bart Wallace wrote:
if I have a local OTRS agent account, when I enable $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP, I am unable to
use
that local account as it does not exist in LDAP. How do you work
around
this, or does it matter to you in your installation?
Thanks for the help,
Bart
Dear Bart
I don't have any experience with eDir, sorry. But I'm using Active Directory for customer authentication, and local mysql for agent authentication. The Agent accounts I created are identical to their accounts in the AD. However, since OTRS offers two different areas
for
loggin into the system, they are authenticated differently. If they
are
using the customer interface, they are logged in as customer, and if from agent interface, then they have agent rights.
My guess is, you might not be using two separate authentication
modules
here. I might be wrong, someone with more experience will be able to clarify and point my mistake, but if you don't have the agent
accounts
in the LDAP tree (or the eDir tree), then maybe you should either
create
those accounts or use mysql (or similar) backend for agent
authentication.
Hope this helps. _______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
_______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs _______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
participants (2)
-
Bart Wallace
-
Christoph Ohliger