LDAP plugin breaks with PHP 8.1

TomBoston

Does the LDAP plugin work with PHP 8.1? It broke when I upgraded from PHP 8.0.x to 8.1.x. Version 8.0 goes EOL next month. I'm using OSTicket on a local network with active directory and a Windows domain controller. Thanks!

KevinTheJedi

TomBoston

Yes, you must use 1.18.x, PHP 8.1-8.2, and the latest build of the LDAP plugin.

Cheers.

TomBoston

Thanks, I will give this a try with 8.1 and let you know!

Just FYI, the download area of your site states the new version works with PHP 8.0 and 8.1 (not 8.1-8.2):

osTicket Core, v1.18.1
Released October 25, 2023
Requirements:
HTTP server running Microsoft® IIS or Apache, PHP version 8.0-8.1, MySQL database version 5.5+

KevinTheJedi

TomBoston

Yea we had it correctly but I guess when we release v1.18.1 yesterday it reverted the info. We will update it again.

Cheers.

KevinTheJedi

TomBoston

Updated now. Thanks again.

Cheers.

TomBoston

Upgrading OSticket to 1.18.1 resolved the LDAP issue!
I will add, though, that I still had to tweak the LDAP plugin code for TLS to work for me. Increasing a timeout value and specifying the location of the certs, as in the image below. Just passing this along for anyone who may be facing similar issues.

TomBoston

Just one followup on this, and that is users, to log in with LDAP, still must add the local domain name ahead of their username (e.g., DOMAIN\Username ). Has anyone with this same issue found a way around it?

KevinTheJedi

TomBoston

Yes, you didn’t have the new plugin installed before you upgraded. So that means you have to find a working User (without adding the domain before the username), go to the database, go to the _user table, find the User and copy their ID, go to the _user_account table, find the record where user_id matches the ID you copied, copy the backend value (should look like ldap.client.pXXXiXXX), lookup where _user_account.backend = 'ldap.client', and update all those records with the new backend value you copied. Once done they should be able to login normally.

Cheers.

KevinTheJedi

TomBoston

For Agents you can simply go to each Agent account under Admin Panel > Agents > Agents, click the Authentication dropdown, set their backend to LDAP (unless you don't want to restrict them to LDAP then set it to Use any available backend), and then they should be good too. If you have too many Agents to do manually, then you can simply do the same thing as the above just go to the _staff table, copy a working backend value (should look like ldap.pXXXiXXX), and update all _staff records where _staff.backend = 'ldap'.

Cheers.

TomBoston

Updating the “backend” field resolved this! Many thanks!

Finding the characters for a user successfully logging in, then applying with the below query, worked in my case (actual characters are X’d out):

For agents, we have them log in without LDAP, allowing them access should any AD or LDAP issues arise.

Many thanks again for the speedy reply!