client authentication with openldap

plegrand

Hello,first sorry for my poor englishI installed latest osticket and ldap authentication plugin directly from osticket site.i install it, and i cant make client ldap authentication works.i

follow the instructions to install plugin and it seems to works to

create new agent : when i put username, others fields are automatically

filled from my ldap directory.But when i want to authenticate client from ldap it doesn't works "Accès refusé"does client has to be already registered to authenticate against ldap ?Or may be i made a mistake in configuration ?I don't use AD but openldapHere is my configuration :domain : mon-domaine.localdns : xxx.xxx.xxx.xxxservers : 192.168.151.234tls : 0bind_dn :bind_pw :search_base : ou=people,dc=ma-base,dc=frschema : {"2307":"Posix Account (rfc 2307)"}auth-staff : 1auth-client : 1Nothing in apache logsI enable debug level on osticket and here is message i can see : Tentative de connexion échouée (utilisateur)Jeton CSRF non valide __CSRFToken__It doesn't works even if i use good bind_dn and bind_pw (my ldap server allow anonymous)Thanks for your help

Chefkeks

Would be great if you could provide more info about your osTicket:http://forum.osticket.com/d/discussion//please-read-before-requesting-assistance#latestApart from that missing info:- Do you have PHP ldap extension installed and enabled?- Have you enabled the plugin? (Forgot that once too... )- What registration method for clients are you using? (Admin Panel > Settings > Access)Since you're using OpenLDAP, you might want to take a look at these issues over at GitHub:https://github.com/osTicket/core-plugins/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen+openldapCheers,Michael

plegrand

Hello,here is more information about my installationDebian stableOsTicket v1.9.12 (19292ad) — Up to dateAuthentication :: LDAP and Active Directory Latest Stable Release, v0.6.2 Released April, 10th, 2015Logiciel serveur Web Apache/2.4.10 (Debian)Version de MySQL 5.5.44Version PHP 5.6.13-0+deb8u1Php5-ldap Version 5.6.13+dfsg-0+deb8u1 - EnabledNo firewall between the osticket server and the ldap serverMy openldap server works fine.php5-ldap extension is enabled and i can use it for other application than osticket on the same web server against the same ldap serverOn osticket the plugin is enabled, configured and i can use it to add agent : when i put username, others fields are automatically filled from my ldap directory.Then i'm trying to make works "client authentication", and it does not works : "access denied"Here is the configuration i usedomain : mon-domaine.localdns : xxx.xxx.xxx.xxxservers : 192.168.151.234tls : 0bind_dn :bind_pw :search_base : ou=people,dc=ma-base,dc=frschema : {"2307":"Posix Account (rfc 2307)"}auth-staff : 1auth-client : 1same result with or without bind_dn / bind_pwNothing in apache logsI enabled debug level on osticket and here is message i can see :Tentative de connexion échouée (utilisateur)Jeton CSRF non valide __CSRFToken__Thanks for your help

Chefkeks

Repeating one question:- What registration method for clients are you using? (Admin Panel > Settings > Access)Additionally:- Beside the info pulling when creating an agent account, does agent login (once you created the account) work?

plegrand

it's my first question in my first post : "does client has to be already registered to authenticate against ldap ?"I thought that client could authenticate without being registered Beside the info pulling when creating an agent account, does agent login (once you created the account) work? : No

Chefkeks

Ok, so do I understand you correct that neither agent nor client login works, but information can be pulled correctly when creating an account?The registration method (public / private / disabled) just configures if clients can register an account themselves (public) or agents need to register the account (private) or that the registration is disabled.So it's necessary to check what method is used (I'd recommend public for testing/troubleshooting) since based on the method the authentication may fail since the clients are simply not allowed to register.

plegrand

Ok, so do I understand you correct that neither agent nor client login

works, but information can be pulled correctly when creating an account? YesBut my question is : does client have to be registered to authenticate against ldap directory ?

Chefkeks

Q: But my question is : does client have to be registered to authenticate against ldap directory ?A: I don't know. I'd test with 2 accounts - 1 registered in osTicket and 1 not registered in osTicket.

plegrand

and did it works ?

ntozier

Well once you try... you can tell us. :)My installation is older (1.9.7) but they clients have to have a registered account to auth.

plegrand

i already try and it did not works...i 'm going to find other solution

plegrand

Ok, so do I understand you correct that neither agent nor client login

works, but information can be pulled correctly when creating an account?YesThe

registration method (public / private / disabled) just configures if

clients can register an account themselves (public) or agents need to

it's necessary to check what method is used (I'd recommend public for

testing/troubleshooting) since based on the method the authentication

may fail since the clients are simply not allowed to register.I made the test with public registration, then i thought that user could authenticate against openldap directory and then create accountBut it doesn't works

plegrand

It seems i will not have answer about my problem.May be my question is not very clear.Any way it seems that glpi permit what i want to do .

ntozier

Or maybe when i said "My installation is older (1.9.7) but they clients have to have a registered account to auth." on Oct 16th nothing has changed.