LDAP issue after upgrade to 1.18

helpdesksulekha

I have upgraded the Osticket version to 18.1 and confirmed the ldap migration happened to 0.62
Added two LDAP server instances.
If i register new user without the username under manage account access but given only email id, the user is able to login through ldap by just giving the user name without full email id.
but if append any new user with this username field from Manager account access, then he is getting access denied.
I checked the user_account table and updated the latest ldap backend setting ad ldap.client.p10i7 still he is getting access denied.
Dont know where the issue is.
All users who does not have the username field are able to login even with old ldap.client backend setting.
Please help.

KevinTheJedi

helpdesksulekha

I think it’s due to multiple instances. Disable one and retest.

Cheers.

helpdesksulekha

Yes. I if delete one instance and keep one it works. provided the ldap backend setting points to new. ldap.client doesn't work.
Was the two instances serve only as backup to first? as it takes only the first one to lookup.
If i have two domains separately, will this two instance won't work?

KevinTheJedi

helpdesksulekha

Upgrade to v1.18.2, re-enable both instances, and retest. If it's still an issue after upgrading to v1.18.2 then there is a bug with multiple LDAP instances and you'll simply need to use one instance until the bug is addressed. If the bug is present in v1.18.2 as well, a temporary workaround can be putting all needed users in a specific OU in AD then create a singular plugin instance for that OU. Of course, you'd have to update everyone's backend to match the new instance ID.

The old ldap.client (users) and ldap (agents) backends should no longer work once upgraded. Since multi-instance plugins were introduced it will look for backends like ldap.client.p1i2 (users) and ldap.p1i2 (agents) to match the specific instance config. The p1i2 part simply means Plugin with ID of 1 and Instance of ID 2. Of course the IDs will be different in your case.

To note, we are focusing on v2.0 so legacy is not receiving updates as often as before. So it will take quite some time before we can even look at this again.

Cheers.

helpdesksulekha

Hi - thanks for your prompt reply. Yes the multiple instances did work only as a backup and not as combined. Only the first priority instance accepts ldap connections and allow users to login. Only if i disable the first, the second one works.
I will not be able to move users to single ou as we have two separate domains with separate domain controllers and users sets. The purpose of upgrading to recent version is because of this multiple instance for ldap. Anyway we will create a separate ticketing instance and use two separate ldaps for two domains and wait for 2.0 upgrade. Appreciate your help.