Hello every one, I have OS Ticket installed version 1.6.0 on Debian latest version with Apache 2.x. I have the computer authenticating to the MS AD successfully.

Apache authentication is working too. However when I try to use my username and password in OS Ticket it does not work. I have tried it with username, domain\username.

I have used the guidelines here: http://osticket.com/forums/showthread.php?t=3312(http://osticket.com/forums/showthread.php?t=3312)

That apparently does not work, is there any one who has been successful achieving this?

Am I supposed to put a value in there, see bold section:

if (!@ldap_bind( $ds, $domain."\\".$this->username, $password) )

10 days later

The only things you need to change are as follows.

$ds=ldap_connect('ldap://mydc.mydomain.com') - (ldap://mydc.mydomain.com) Needs to be FQDN of one of your Domain controllers.

AND

$domain="mydomain"; - (mydomain) Needs just your domain name.

P.s Suggest you use the code further down the page that has fallback to the mySQL db on failure.

Os Ticket Active Directory Authentication Help

Tried that but still no use, won't work.

The only things you need to change are as follows.

$ds=ldap_connect('ldap://mydc.mydomain.com') - (ldap://mydc.mydomain.com) Needs to be FQDN of one of your Domain controllers.

AND

$domain="mydomain"; - (mydomain) Needs just your domain name.

P.s Suggest you use the code further down the page that has fallback to the mySQL db on failure.

This worked

I used the how-to here and it worked on the first try without any issues. I'm using Ubuntu with Apache2 going to Windows Server 2008 R2 AD.

http://www.bauer-power.net/2010/04/how-to-make-osticket-160-authenticate.html(http://www.bauer-power.net/2010/04/how-to-make-osticket-160-authenticate.html)

14 days later

Active directory offsite

What if your Active directory server is not on the same network as your website. We host our website with a 3rd party host to make sure it never goes down, but active directory server is on site. Is there a way to make them connect.

In short, yes. The setup would be essentially the same. You would need to use the IP of the server or the FQDN.

You would need to make sure that the server can reach the AD server. You would need to make sure that the ldap server allows the connection. You would need to make sure that any firewalls didn't prevent connections.

a month later

Any one with any kind of success and update on this? I installed it on another system that has Debian running and it is part of the domain and I have another web based product running on it and successfully authenticating to the Active Directory, but this one still not working.

Other than editing class.staff.php is there a place where I will also need to configure the DN's and stuff?

a year later

HI All,

I tried the same piece of code,

$ds=ldap_connect('ldap://gul.repin.com');

$domain="repin";

if (!@ldap_bind( $ds, $domain."\\".$this->username, $password) ) {

Auth failed!

return(FALSE);

return (strlen($this->passwd) && strcmp($this->passwd, MD5($password))==0)?(TRUE):(FALSE);

}

else{

Auth succeeded!

return(TRUE);

}

End Changes

}

but this code works only with the administrator user, whereas not with the other users.

9 days later

My Changes to Get osTicket working with AD

First: test my ldap connection with osticket:

1. make a php file (ex. test.php) and include content

2. if it works, then you'll see the logged in message

<?php

\\format i used = 'microsoft.com'

$ldap = ldap_connect('your_domain_name');

//format = domain\username (ex. 'microsoft\bgates')

$username='ad username';

$password='ad password';

if($bind = ldap_bind($ldap, $username,$password ))

echo 'logged in';

else

echo 'fail';

echo '
done';

?>

Second: My changes and examples in bold for class.staff.php. The addition in change one was the major stopper because my username was not passing thru the scp login screen.

Two changes:

1. add $this->username in function load()

2. make 2 simple changes for AD connection

1.****************************************** 1.

function load($var='') {

$this->ht=db_fetch_array($res);

$this->id = $this->ht;

$this->username = $this->ht;

$this->teams = $this->ht = array();

$this->group = $this->dept = null;

$this->departments = $this->stats = array();

}

2.****************************************** 2.

function getInfo() {

return $this->udata;

}

/*compares user password*/

function check_passwd($password, $autoupdate=true) {

/*bcrypt based password match*/

if(Passwd:($password, $this->getPasswd()))

return true;

// Change made for LDAP Auth based on -> http://osticket.com/forums/showthread.php?t=3312(http://osticket.com/forums/showthread.php?t=3312)

// Change this line to the FQDN of your domain controller

$ds=ldap_connect('microsoft.com') or die("Couldn't connect to AD!");

// Change this line to the name of your Active Directory domain

if ($ds) {

$domain="microsoft"."\\"; $ldapbind = ldap_bind($ds);

if (!@ldap_bind( $ds, $domain.$this->username, $password))

{

//just to show the passed values if your AD login is not working - delete after

print $domain;

print $this->username;

print $password;

// Auth failed! lets try at osTicket database

return (strlen($this->passwd) && strcmp($this->passwd, MD5($password))==0)?(TRUE):(FALSE);

// return(FALSE);

}

else{// Auth succeeded!

return(TRUE);

}

// End Changes

}

}

// //Fall back to MD5

// if(!$password || strcmp($this->getPasswd(), MD5($password))) return false;

//

// //Password is a MD5 hash: rehash it (if enabled) otherwise force passwd change.

// $sql='UPDATE '.STAFF_TABLE.' SET passwd='.db_input(Passwd:($password)).' WHERE staff_id='.db_input($this->getId());

// if(!$autoupdate || !db_query($sql)) $this->forcePasswdRest();

// return true;}

6 months later

Thanks

$this->username = $this->ht;

This line made all the difference with Windows Server 2003. Thank you.

Write a Reply...