AD user integration would also help our push to implement osticket

Maybe as part of adding user/pass authentication rather than ticket # based?

Well, that's easy to tune up by using PAM. Our system is using Kerberos authentication.

Only thing You need to change in the code is to replace user_password in include/class.staff.php with:

/*compares user password*/

function check_passwd($password){

if (pam_auth($this->username, $password, &$error)) {

return true;

} else {

return false;

}

}

And then configure PAM to work with Your LDAP.

Maybe this could be implemented to the main branch and add configuration option for it, so then I would not need to update my code manually when updating it ;)

Henkka,

Thank you for the tip! The plan is to utilize some form of authentication plugins configurable via admin panel.

Hi Peter,

LDAP/ AD integration is the most wanted feature for our organization. Osticket working with LDAP/AD and you dont need to manually put passwords of each user its a great idea.

How much time we have to wait for this feature.

LDAP working but a blank page??

I tried the above recommendation and it seems like the username and passwords are authenticating, but I am getting a blank page?? Any suggestions? I am getting invalid password when it is incorrect, so it seems to be authenticating then not know where to go from there.

Thanks:

Can someone please help me to configure PAM to work with LDAP?

I am running Windows Server 2003.

Thanks in advance !!

OsTicket + PAM

Hi All,

I am also experiencing the problem about blank page after a successfull "pam" logon.

Has anybody any news about this thread?

I also have the same problem like riko78's. Does anyone alse can figure out what problem and how to fix it ?

Thanks in advance

I had the blank page problem until I figured out all the needed steps to setup the PAM authentication module.

1. Install the PHP PAM Module. I did a aptitude install php5-auth-pam

2. Create /etc/pam.d/php for PHP's PAM module. Since I also use Kerberos to authenticate against my AD servers my file contents are

auth sufficient pam_krb5.so

auth required pam_deny.so

If you are authenticating users in your /etc/passwd file then you must give the web server's user read permission on /etc/shadow. This is generally considered an awful, awful idea.

3. Modify the osticket code. I still wanted to allow the original admin account created during setup, so I made my code

/*compares user password*/

function check_passwd($password){

if (strlen($this->passwd) && strcmp($this->passwd, MD5($password))==0) {

return true;

}

if (pam_auth($this->username, $password, &$error)) {

return true;

} else {

return false;

}

}

4. In the OSTicket Admin Panel, you still have to create users for each account that wants to login. Create each user with the correct username. With my code change, the user could actually login with their AD password or the one created here. This has security implications you should be aware of.

Once everything was setup, I could login with my AD account and see the Staff Panel.

Features that I would like to see in OSTicket are

Handle external authentication natively, whether it be AD or LDAP or even just PAM

Use LDAP to populate the Staff

Active Directory Authentication

Has any one actually managed to get this to work, I can't see my users wanting to enter their email address every time they want to post a support ticket. It's hard enough getting them to report issues as it is :)

Any help would be appreciated but I am no programmer!

Thanks

I have tried all this and I am not getting the blank page but I can't authenticate as the AD user. I can log into the system as the AD user fine. Any ideas ?