Hello again,
So I tried to get my AD LDAP server to authenticate within the application.
However, I get this error message, after enabling ldap extension on php.ini and restarting apache...What am I doing wrong?
I am sure the rest of the information is fine...so what am I doing wrong? I need some kind of backend system to authenticate clients and staff, either AD or Google... as I've posted before...
Try putting port 389 at the end of it. So instead of 10.8.10.40 put 10.8.10.40:389 and retry.
Cheers.
KevinTheJedi
Thanks for replying
Still does not work
I don't think this is an OSTicket version problem, this should work anyway
Looking at the error it’s saying that the credentials you configured is invalid. Please update the credentials to the correct ones and it should connect.
Cheers.
KevinTheJedi
I was able to make it work, I had to fill out only the first part of it as it is an AD Domain.
After these changes will I be able to log in with any AD creds?
Do I have to configure HTTP Passtru?
I can't seem to find an official tutorial on the forums for this...
As long as the username or email address they are using to login matches what’s in your AD.
The HTTP Passthru plugin is only if you want to configure the system to auto login users via credentials passed by the web server. Unfortunately we don’t have any documentation on this plugin but there are helpful posts on here and guides online.
Cheers.
KevinTheJedi
Ok, good to be clear on what HTTP Passthru does.
The problem I'm facing now is that when I login with an AD user to the client portion of the portal it kinds of logs in but then I still see the "sign in" at the upper right hand side of the screen, so no actual authentication is done there (?).
I have the option for agents to register users only. Could that be a problem?
KevinTheJedi I checked logs in EventViewer and they don't seem to be related to OSTicket
So hard to troubleshoot this...
I created a test AD User in the domain root and I get this now:
Wait, does that user exist in osticket yet? If not they need to be. Else you need to update your registration to Public.
Cheers.
KevinTheJedi
KevinTheJedi
Yep, disabling that made it work. That is why I mentioned it in the previous comment.
I saw that email information and phone number is not captured despite that information being set in the object properties for the users.
All right thanks, hopefully @ntozier can help me get those filled automatically hehe
So I've read through this twice and I'm not real sure what it is you are trying to do, or what the problem is that you are experiencing is (it has been a long day so maybe my reading comprehension is bad right now).
The Authentication::LDAP and AD plugin lets users authenticate against an LDAP/AD server. But those users have to exist in osTicket to work right. We use a paid plugin to sync our users from AD to osTicket to make this easier.
ntozier thanks for the reply
Well, users are not registered but they can login, (they get automatically registered after first login) create tickets, and even first and last name shows in their profile.
However, I cannot get other attributes to show up. Maybe thats why there's a paid plugin?
It should be pulling that info on User creation if it follows msad or RFC-2307 schemas. You can see this here:
I would assume the attribute names in your AD don’t match what we are looking for (https://github.com/osTicket/osTicket-plugins/blob/develop/auth-ldap/authentication.php#L288-292).
Cheers.
That only shows the display names for the attributes not the actual attribute names. I’m not too familiar with AD so I have no idea where to find that unfortunately.
Cheers.
