Re: [otrs] Active Directory authentication working, just one problem...

Here's my configuration for LDAP against AD. I hope it helps. Alex. # # Configuration for LDAP user authentication # $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self->{'AuthModule::LDAP::Host'} = 'example.com'; $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=example,dc=com'; $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self->{'AuthModule::LDAP::SearchUserDN'} = 'cn=LDAP_USER,cn=Users,dc=example,dc =com'; $Self->{'AuthModule::LDAP::SearchUserPw'} = 'password'; # # Control Who gets in via LDAP # $Self->{'AuthModule::LDAP::GroupDN'} = 'cn=OTRS, ou=Intranet, ou=Access Cont rol, ou=city, dc=example, dc=com'; $Self->{'AuthModule::LDAP::UserAttr'} = 'DN'; # UserSyncLDAPMap # (map if agent should create/synced from LDAP to DB after login) $Self->{UserSyncLDAPMap} = { # DB -> LDAP Firstname => 'givenName', Lastname => 'sn', Email => 'mail', }; Chris de Vidal wrote:
Alexis Castillo said this with great authority:
It's working for me, but I only have it for internal users.
Comment out the
$Self->{'AuthModule::LDAP::AccessAttr'} = 'memberUid';
in Config.pm
You should only have the $Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
Only users in your $Self->{'AuthModule::LDAP::GroupDN'} = 'cn=<group>, ou=<its OU>, dc=example, dc=com'; should be able to log in.
Bummer, still not working.
I just have these two lines: $Self->{'AuthModule::LDAP::GroupDN'} = 'cn=<group>, ou=
{'AuthModule::LDAP::UserAttr'} = 'DN'; I thought it was working. I set it to a group I'm in and was able to log in. So I logged out and set it to another group and I could still log in.
Care to copy and paste all of the Active Directory sections of your Config.pm file so I can see if I'm missing anything or misunderstanding you?
CD
Ever lied? You're a liar. Ever stolen? You're a thief. Ever hated? The bible equates hate with murder. Ever lusted? Jesus equated lust with adultery. You've broken God's law.
He'll judge all evil and you're without hope -- unless you have a savior. Repent and believe. _______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? => http://www.otrs.de/
-- Alexis Castillo Systems Administrator Quicksilver Express Courier http://www.qec.com/

Alexis Castillo said this with great authority:
Here's my configuration for LDAP against AD. I hope it helps.
OK that doesn't look much different than mine. Could you please confirm that a user that is NOT in this group cannot log in? That's the behavior I see; anyone can log in. CD Ever lied? You're a liar. Ever stolen? You're a thief. Ever hated? The bible equates hate with murder. Ever lusted? Jesus equated lust with adultery. You've broken God's law. He'll judge all evil and you're without hope -- unless you have a savior. Repent and believe.
participants (2)
-
Alexis Castillo
-
Chris de Vidal