It's certainly not necessary. We are running AD integration using the follwing in Config.pm... $Self->{'AuthModule::LDAP::SearchUserDN'} = 'cn=abd Test,ou=SVG,dc=addomain,dc=com'; The key is the cn=... It is the display name you have to use as username (in the cn field), as it is not the same as the login name. If you do a "ldifde -f output.txt" on your AD server you can dump your AD objects into a text file. Search for the validuser in this file to get the correct DN for it. Mvh, Thomas -----Original Message----- From: Eivind Arnesen [mailto:eivinda@imr.no] Sent: Tuesday, January 13, 2004 10:11 AM To: otrs@otrs.org Subject: [otrs] AD authentication (I had to change LDAP.pm?) Hi folks, In order to authenticate customers against active directory, I had to modify /opt/otrs/Kernel/System/CustomerAuth/LDAP.pm. if (!$LDAP->bind(dn=>'validuser@mydomain,mydomain', password=>'validpassword')) { instead of: if (!$LDAP->bind(dn => $Self->{SearchUserDN}, password => $Self->{SearchUserPw})) I expect that this should not be neccessary.... Eivind DISCLAIMER: This message contains information that may be privileged or confidential and is the property of the Roxar Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorised to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.