Hi everybody, I've been searching through the messages of this mailing list and tried several configurations before posting this. I'm test-running OTRS V2.1.5 on a windows server 2003 R2 in an AD environment Here's my problem: Whenever a customer tries to logon via the customer.pl it won't work (username or password error) In the logfile I get the following error: [Fri Feb 16 08:44:11 2007][Error][Kernel::System::CustomerAuth::LDAP::Auth][148] Search failed! Bad filter When I log in as an administrator and do a (customer) search it returns the expected result Below you'll find my config pm Thanks in advance for all help! Jurgen ---- # insert your own config settings "here" # # config settings taken from Kernel/Config/Defaults.pm # # ---------------------------------------------------- # # $Self->{SessionUseCookie} = 0; # $Self->{CheckMXRecord} = 0; #------------------------------------------------------------------------ $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self->{'AuthModule::LDAP::Host'} = 'srv-02.mydomain.be'; $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=mydomain, dc=be'; $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName'; # Check if the user is allowed to auth in a posixGroup # (e. g. user needs to be in a group xyz to use otrs) #$Self->{'AuthModule::LDAP::GroupDN'} = 'cn=otrsallow,ou=posixGroups,dc=mydomain,dc=be'; #$Self->{'AuthModule::LDAP: :AccessAttr'} = 'memberUid'; $Self->{'AuthModule::LDAP::SearchUserDN'} = 'cn=OTRS, cn=Users, dc=mydomain, dc=be'; $Self->{'AuthModule::LDAP::SearchUserPw'} = '********'; # in case you want to add a suffix to each login name, then # you can use this option. e. g. user just want to use user but # in your ldap directory exists user@domain. #$Self->{'AuthModule::LDAP::UserSuffix'} = '@mydomain.be'; # CustomerUser # (customer user ldap backend and settings) $Self->{CustomerUser} = { Name => 'LDAP', Module => 'Kernel::System::CustomerUser::LDAP', Params => { # ldap host Host => 'srv-02.mydomain.be', # ldap base dn BaseDN => 'dc=mydomain, dc=be', # search scope (one|sub) SSCOPE => 'sub', # The following is valid but would only be necessary if the # anonymous user does NOT have permission to read from the LDAP tree UserDN => 'cn=OTRS, cn=Users, dc=mydomain, dc=be', UserPw => '********', AlwaysFilter => '', SourceCharset => 'utf-8', DestCharset => 'iso-8859-1', }, # customer uniq id CustomerKey => 'sAMAccountName', # customer # CustomerID => 'mail', CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchPrefix => '', CustomerUserSearchSuffix => '*', CustomerUserSearchListLimit => 250, CustomerUserPostMasterSearchFields => ['mail'], CustomerUserNameFields => ['givenname', 'sn'], Map => [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown, required, storage-type #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ], [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ], [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ], [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ], [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ], #[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ], #[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ], ], };