Hello,

I have a problem with the plugin.

Authentication is ok if I put in "Search Base: CN=Users,DC=domainname,DC=com" but if I put CN=groupname,CN=Users,DC=domainname,DC=com nothing about users member of this group.

Please help us to help you by reading and following the posting guidelines located in this thread: Please read before requesting assistance.  The more information you give us the better we will be able to assist you. Thank you.Environment details?versions of stuff?With out knowing what your AD/LDAP schema looks like I'm not sure that anyone can assist you.My Search base is: OU=AllUsers,DC=corp,DC=contoso,DC=local

Sorry,osticket is the last version : 1.10.1the plugin ad is the last too.Ok, for example :I create a group "hotline" with description : CN=hotline,DC=domainname,DC=comI create 2 users in "users" : test1 and test2 like : CN=test1,CN=Users,DC=domainename,DC=comI put test1 and test2 in group "hotline"If I put in "search base" :CN=Users,DC=mazet,DC=frAuthentification is ok with users "test1" et "test2" but all users will be access to osticket and I don't know that.If I want that only users who are in group "hotline" have access to osticket, what is the "search base" to write ?I tried :CN=hotline,DC=domainname,DC=comBut it doesn't work

I think that putting users in groups doesn't limit anything... In Active Directory terms you would need to create an organization unit (OU), and add users to that.So for example if you have: Allusers (lots of users here)and also under Allusers you have an OU called Osticket Users.  (anyone you want to use osTicket would go here)Then you would setup your search base in osTicket like:OU=osTicketUsers,OU=AllUsers,DC=corp,DC=contoso,DC=localIf you think of it like a directory structure it might help. It's my understanding (which may be incorrect as I'm not super versed in LDAP/AD is that an OU is used to describe an Organizational Unit such as a Department inside a larger organization. 

ok,but I have a lot of OU and users in that OU (1 OU by city) and I can't move users. I have 2 or 3 users that are in al lot of OU, that will have to access to osticket. So most simple for me would be to create new group and not New OU, impossible ! :-/

I dont know about other LDAP implementations... but users cannot exist in more than one OU at a time in Active Directory.

15 days later

I didn't arrive to filter bu group...So I create manually users that I want authorize first, then choose active directory authentication.I forbid non created users on osticket.It's not the ideal but it's sufficient for me.

Write a Reply...