Thanks Kevin, it would be nice if it was that easy but php-ldap is installed. Before installing OSTicket on the new server I made sure that all the PHP extensions installed on the older server were also on the new one. I just double checked and it definitely is installed.

    roark

    I was just answering the question of:

    Are there any Ubuntu packages that need to be installed for the LDAP plug-in to work correctly that are not required for OSTicket itself?

    We do have a new release coming soon as well as new builds of the LDAP plugin, etc. so stay tuned!

    Cheers.

      I decided to test PHP 8.0 to see if it would help. The repository I used also installed PHP 8.2 by default so before I installed 8.0 I tried it with 8.2, but still experienced the same error.
      However, after installing 8.0.27 and setting Apache to use that version, we are able to authenticate and all seems to be working perfectly now.

        roark
        Not to be a total PITA for you -- but an you tell me -- did you just install 8.0.27 and all the same modules that you have for 8.1? To install 8.0.27 is it as easy as specifying 8.0.27?

          I followed the instructions here (I hope it's OK to paste a link here)...

          https://blog[dot]devops[dot]dev/downgrade-php8-1-to-php8-0-or-php7-4-on-ubuntu-22-04-2fab4a6a3be3

          When I first added the repository and ran apt-update it upgraded a lot of the 8.1 packages that were already there and also installed 8.2. I tested the plug-in with 8.2 and it still was not working for me so I followed the instructions to install 8.0 and 8.0.27 is what I ended up with. Now, my server has 8.0, 8.1 and 8.2 all installed but 8.0 has been set as the default, and it is working well for us now.

          sgriffin

          I'm revisiting this and would like to know if you can provide a little more information here. I believe the reason I could never replicate this is because I use OpenLDAP and this does not use msad schema. The issue here is solely related to msad schemas.

          Anyways, I would like to know what your Use TLS, Search User, Search Base, and LDAP Schema settings are set to. Please post a screenshot and censor any sensitive information.

          Cheers.

            whowe-ppd

            You can paste it here whilst censoring any sensitive info. For the Search User/Search Base I just really need to see the format (ie. cn=xxx,dc=xxx).

            Cheers.

              So I have the domain filled out and one of the main DCs set as our DNS server -- that same server is set as the LDAP server with port 389. Search user is:
              cn=helpdesk,ou=IT,ou=Users,dc=ourdomain,dc=dom

              Password is filled in for that user. Serach base is:

              ou=Users,dc=ourdomain,dc=dom with Microsoft Active Directory selected for the LDAP schema. I downgraded to 8.0 and it may be working -- but we really need support for 8.1 and higher. Thank you for your assistance.

                whowe-ppd

                Okay, that all seems fine. At this point the next step involves very extensive debugging which I currently don't have the time for as I'm focusing on other issues. I also currently don't have time to setup a full AD server at the moment.

                If you want to unpack your plugin and debug to speed up this process I can provide some debug statements. This will however break user authentication with ldap completely and output debug statements to the browser so you may want to setup a separate test environment if you choose to debug.

                Cheers.

                  whowe-ppd

                  Also, have you tried applying the patch I referenced above to see if that addresses the issue?

                  Cheers.

                    For Search User, set it to a username.

                    i.e. instead of cn=helpdesk,ou=IT,ou=Users,dc=ourdomain,dc=dom
                    set it to helpdesk or OURDOMAIN\helpdesk

                    We're in production so I downgraded to PHP8.0 and all works. If I get some time I'll spin up another instance where we can debug.

                      2 months later

                      whowe-ppd

                      I was finally able to revisit this with a legitimate MSAD server setup on Windows Server 2019. After extensive testing I can finally say without a doubt there should be no issues with User/Agent logins with PHP 8.1, v1.17.3, and latest build of LDAP plugin with correct LDAP settings configured.

                      If you still have issues check to see if you have more than one instance of the LDAP plugin enabled. If so, disable one of the instances and retest. Also, check to make sure your Search User and Search Base is correct. These two settings are very important. You can find the appropriate Search User string by running the following in a command prompt on the domain controller (this is assuming the administrator's username is Administrator):

                      dsquery user -name "Administrator"

                      This should give you something like:

                      "CN=Administrator,CN=Users,DC=domain,DC=com"

                      Cheers.

                        10 days later

                        We are having the same issue. I've diligently read through all options in this thread. We are running IIS on Server 2019, PHP 8.1.17, and OSticket v1,17,3. Agents can login fine using LDAP authentication. I can even create brand new agents and they can authenticate via LDAP exclusively. Users are not able to at all. I just get Access Denied. I even tried manually creating and registering a user with a password. Access Denied. Really frustrated. Dept of Homeland Security is demanding that we move to PHP 8.1.16 or greater so we don't have a choice on PHP version. Incidentally, I get the same results with 8.1.16 and 8.1.17. Any help appreciated!

                          eagletech

                          What is the format of your Search User and Search Base strings? What is the ost_user_account.backend value of the Users unable to login?

                          Cheers.

                            Search User and Search Base fields are empty as they have been for years.

                            ost_user_account.backend is ldap.client.

                            *I guess I should add that I HAVE tried adding a search and bind user just to troubleshoot, but it has yielded no difference.

                              eagletech

                              That's one problem. You didn't update your plugin before upgrading osTicket. You will need to first update your plugin with the latest build from the website. Next, set the backend for every affected user to ldap.client.p123i123. Replace 123 in each part with the plugin ID and instance ID respectively. You can look at this thread for more info:

                              This would've happened automatically on upgrade if you updated your plugin first.

                              Cheers.