I've gone through countless LDAP documents for OTRS and I cannot for the life of me get customers to authenticate via LDAP I am running win32 OTRS v2.1.7. In the OTRS documentation and in the trinityhome.org documentation it says to edit the config.pm file in otrs/kernel/config.pm I followed the instructions to the best of my knowledge.... but it was still causing customers to be authenticated via the MySQL backend. I tried editing the config and the config.PM file in the otrs/kernel folder and still no progress. Through SysAdmin in OTRS I have tried modifying Framework -> Frontend::Customer::Auth and then It tries to authenticate to my LDAP server and I get the following error in the Otrs.log file Kernel::System::CustomerUser::LDAP::new][71] First bind failed! 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece THis is trying to connect to a Windows 2k3 AD server. Any ideas what i'm doing wrong? Below is the code I tried using in the config.PM file that wasn't doing anything... I pasted it right above "EnD of your config options!!!" #Enable LDAP authentication for Customers / Users $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP'; $Self->{'Customer::AuthModule::LDAP::Host'} = 'DC1.United.net'; $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=Users,dc=United,dc=net'; $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName'; #The following is valid but would only be necessary if the #anonymous user do NOT have permission to read from the LDAP tree $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'otrs_ldap'; $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'Password'; #CustomerUser #(customer user database backend and settings) $Self->{CustomerUser} = { Module => 'Kernel::System::CustomerUser::LDAP', Params => { Host => 'dc1.united.net', BaseDN => 'OU=users,DC=united,DC=net', SSCOPE => 'sub', UserDN =>'otrs_ldap', UserPw => 'Password', }, # customer unique id CustomerKey => 'sAMAccountName', # customer # CustomerID => 'mail', CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'], CustomerUserSearchPrefix => '', CustomerUserSearchSuffix => '*', CustomerUserSearchListLimit => 250, CustomerUserPostMasterSearchFields => ['mail'], CustomerUserNameFields => ['givenname', 'sn'], Map => [ # note: Login, Email and CustomerID needed! # var, frontend, storage, shown, required, storage-type #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ], [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ], [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ], [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ], [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ], [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ], [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ], #[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ], #[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ], ], }; #Add the following lines when only users are allowed to login if they reside in the specified security group #Remove these lines if you want to provide login to all users specified in the User Base DN #example: $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=Users, dc=united, dc=net'; $Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'CN=otrs_allow_C,OU=Users,DC=United,DC=net'; $Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member'; $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN' _________________________________________________________________ Connect and share in new ways with Windows Live. http://www.windowslive.com/share.html?ocid=TXT_TAGHM_Wave2_sharelife_012008