i got more questions to ask.. :
1st. can i remove the ldap suffix request when edit the ldap connection??
2nd. the last code that you gave me is to do what actually? :
3rd. how can the user create the ticket as it request for User/E-Mail Address:
Password/Ticket ID: ?? :
Sorry for all these questions.
1st. can i remove the ldap suffix request when edit the ldap connection??
If your ldap authentication is something like user@domain.com you'll need the suffix, otherwise you'd have to use rdn style binding. In any case, i'd just enter a suffix, it won't bug you.
2nd. the last code that you gave me is to do what actually? :
It enhances compatibility with osticket for client logins.
3rd. how can the user create the ticket as it request for User/E-Mail Address:
Password/Ticket ID: ?? :
If you force clients to login they'd have to login even if they never created a ticket before. You can also use the autocomplete option with that.
If you don't have that option, the users also can create tickets as a 'guest' or without to log in first (That's the green button on the left). That however can lead to some problems if the user types his/her email-address wrong. Tickets depend heavily on the email-address in osticket.
Sorry for all these questions.
No worries.
I replaced that bit on line 59 of the login.php, alas it has not corrected my issue.
@[deleted]
Sorry that it didn't help. I assumed you have the same issue BAD had. I need more information to help you. For starters, when you login the first time the page should be login.php, is the login screen after that also login.php or a different one?
Does this problem occur with all your users or only with specific ones?
Please take a look in your osticket db if the email-addresses of those users have some capital letters in them.
Do they have multiple tickets where the email-address differs in those tickets?
Also take a look on the issue BAD had, maybe you'll find some pointers there.
Thane,
I encountered these errors when running the ldap diagnostic :-
Warning: ldap_search() : Search: Bad search filter in /var/www/html/support2/include/class.ldap.php on line 192
Warning: ldap_get_entries(): supplied argument is not a valid ldap result resource in /var/www/html/support2/include/class.ldap.php on line 193
and these are the lines :-
$results = ldap_search($ldap, $rowset, $ldapFilter, $LDAPFieldsToFind);
$info = ldap_get_entries($ldap, $results);
Please advise.
Thanks.
Hello omgkenny,
The error
Warning: ldap_search() : Search: Bad search filter in /var/www/html/support2/include/class.ldap.php on line 192
tells you that the ldap filter has a syntax error. Check your ldap filter setting and correct it.
Hello omgkenny,The error
tells you that the ldap filter has a syntax error. Check your ldap filter setting and correct it.
I see.
Corrected the error and the LDAP diagnostic showed results.
So, i've create an id.. to test.. using my own id... the password is differ from the ldap...
so i've tried with the local password, it just log in into the system.. but when i log in using in the ldap password, i can't access it...
looks like it do not even search into the ldap for the password given.. any idea?? or i just did something wrong again?
I've tried a couple different things, but nothing has seemed to help.
I'm still at a point where any and all users cannot get past the login.php authentication page. If you put in a valid password, the page just refreshes without moving on. If you put in an invalid password, it will tell you that you have done so.
Some of my user accounts do in fact have capital letters in their email, but not all, and I made test users that do not just to make sure that was not a factor.
I checked in the database, these users don't exist yet, as they have never logged in before. If you have a specific table I should be looking in, let me know.
@[deleted]
Please go into ldap diagnostic and check if the ldap fields you've entered return the expected values. You'll have to test the fields one by one. The email and username fields are important. Test that with the admin and a user of your choice.
@[deleted]
Please do the same. Also, did you ever successfully log into scp using ldap credentials?
i have tested it.. but still the same...
test with "uid" and "mail" both give same answer..
but when i log in using the id i created "test" -- the user in ldap is test@silk.my
do i need to create test@silk.my as well in the osticket users?
because when log in into zimbra we do not need to key in "@silk.my"
please advice
thanks.
Thayne, I have been trying to integrate modv8 with osticket 1.7 and get a 500 server error when the code is pushed. I have been trying to get this to work for quite some time. You replied to a person in this thread who was having the same problem. I did not see a reply back from him. I have enabled the ldap extension (see attached image). With errors enabled I get the following errors below.
Please check if the ldap extension is enabled on that server. If that's the case please post the php error that you get.
while on the localhost/ page I got these errors:
Warning: include_once(/var/www/include/class.ldap.php): failed to open stream: No such file or directory in /var/www/include/class.staff.php on line 21
Warning: include_once(): Failed opening '/var/www/include/class.ldap.php' for inclusion (include_path='./:/var/www/include/:/var/www/include/pear/') in /var/www/include/class.staff.php on line 21
Warning: require_once(/var/www/include/class.ldap.php): failed to open stream: No such file or directory in /var/www/index.php on line 19
Fatal error: require_once(): Failed opening required '/var/www/include/class.ldap.php' (include_path='./:/var/www/include/:/var/www/include/pear/') in /var/www/index.php on line 19
While on the localhost/scp/login.php page I got these errors:
Warning: include_once(/var/www/include/class.ldap.php): failed to open stream: No such file or directory in /var/www/include/class.staff.php on line 21
Warning: include_once(): Failed opening '/var/www/include/class.ldap.php' for inclusion (include_path='./:/var/www/include/:/var/www/include/pear/') in /var/www/include/class.staff.php on line 21
Fatal error: Class 'LDAP' not found in /var/www/include/class.staff.php on line 93
I have tried doing adding the ldap mod on two different builds. ubuntu server 12.10, lamp-server with extensions: php5-ldap, php5-imap, php5-gd, php5-mcrypt installed. Any assistance you can provide would be greatly appreciated. Please let me know if there is any additional information that I can provide
@[deleted]
You have to log in to ldap with user@domain.com (behind the scenes) anyway and the suffix field is for the @[deleted] part. I add the suffix to the entered username in class.ldap.php. So if a user named "test" enters "test" in username and pw in password the code would log him in as "test@domain.com" and "pw" as his password.
But you still need a ldap field where you get the username without that @[deleted] or in your case @[deleted]
Now, i've been reading up on zimbra a bit and in all the examples uid was used for that. I don't know why uid returns user@domain.com in your case. Maybe it's specific to a version or there is another ldap field which is zimbra-specific. I have far too little knowledge about zimbra to tell you the correct settings.
I'll think about putting in a workaround for your case, but it would be better and cleaner to ger a username field from zimbra.
@[deleted]
Looks like osticket is missing the class.ldap.php in the include folder. I'd suggest redownloading v8 and reapplying it.
Warning: include_once(/var/www/include/class.ldap.php): failed to open stream:
No such file or directory in /var/www/include/class.staff.php on line 21
Warning: include_once(): Failed opening '/var/www/include/class.ldap.php' for
inclusion (include_path='./:/var/www/include/:/var/www/include/pear/') in
/var/www/include/class.staff.php on line 21
First warning: failed to open stream ... = could not open/find the file ...
Second warning: failed opening ... = same thing but a bit more specific
Thanks Thane, I will try that out.
It works after applying it. Thanks for your help, I have been fighting this one for a while. I will now integrate it with our AD.
Thanks again!
Looks like osticket is missing the class.ldap.php in the include folder. I'd suggest redownloading v8 and reapplying it.
it works when we change the ip to our ad server... but not everyone is on the ad server..
the reason we are using ldap from zimbra is because wanted then to log in using their email id & password...
any idea??
@[deleted]
I'm sorry, i've misunderstood you. I thought you want to enter unsename+password just like in your zimbra.
If your email content is the same as your uid content put uid as the username field and use the following filter:
(&(uid=%USERNAME%))
With that you'll have to create the scp users with a username, that is exactly the same as the uid content of that user. That is only needed for scp, clients will be created automatically when they open a ticket.
Also, if you log them in with email/user@domain.com you'll have to leave suffix empty or else you'll get a user@domain.com@domain.com.
question
hi,
nice mod - but just wondering if it will work in my environment. we have a remoted hosted server with our website etc on it. I have setup and are using osticket on it. To enable your mod, I take it it would then need to communicate through our firewall from the outside with LDAP to our domain controller - is that correct, or will that setup not work?
@[deleted]
Hello,
Yes, you would have to punch a hole in your firewall and it would work then. But you should consider using ldaps instead of ldap for security reasons. Ldap sends the data more or less unencrypted. Ldaps is ssl encrypted but harder to configure. You also would have to configure openssl. And, since it's a remote webserver and users are logging in with ldap credentials, you should also force https for the ticketsystem.
A forum member (CotterPin) in this thread already has this mod running with ldaps. You can look at our conversation to get an idea of requirements and settings.
thank you !
now what?
Hi,
Ok, I have downloaded your mod - put all the files where they are supposed to be and when I logon to admin panel, I get an extra menu item LDAP - which is good.
I fill it out and then click ADD and I get a blank page. So, clearly I need to chmod a file (or two) somewhere? Is there actually any install instructions I can have - there wasn't one (that I saw) in the .zip file.
Unable to download from URL
I tried to download the mod but the host appears to be down. Can someone repost this? I am need of this to implement for a project. Thanks!
blank page
hi,
still can't get this to get any further than the setup. I can fill in all the top part of the ldap settings - add ldap and it saves fine. as soon as i fill out the bottom part and 'save' - i get a blank page. no error, just blank? can you please advise?
@[deleted]
Please check if the downloaded zip has the md5 hash CBCF07A5B862C698E4EA6C879E0CF642
There is no need to chmod the files, the settings are saved in the mysql db. And regarding the installation instructions, yes there are none. You simply overwrite the osticket files with the files in the zip. Of course things may break if you have multiple mods that require changes in those files.
@[deleted]
Strange, it should be up. Maybe i had connection errors at that time.
Got the download
I happened to try yesterday and the connection was up and I downloaded the mod. Thanks a million!
Thanks for making this mod, it's super great.
I'm having trouble getting SSO to work though. What exactly do I need to do to make it work? Right now I always just get taken to the login screen.
@[deleted]
You have to set your Webserver to authenticate the login.php, for example with NTLM or Kerberos. The webserver will pass the authenticated user to a $_SERVER Variable like 'AUTH_USER'. You have to type in the correct variable in the field PHP Server Auth Variable. That should be it.
Undefined function ldap_connect()
Hi,
I have this error message:
Fatal error: Call to undefined function ldap_connect() in PATH/class.ldap.php on line 751
Any help?
Thanks.
@[deleted]
Please make sure that you have the ldap extension enabled in your php.ini. It is required for this mod.
Thanks for answer. Problem solved.
Users cannot login
I am trying to use your mod because it is exactly what I am looking for, but I am running into an authentication error (the message "authentication error - try again!") at the login page. I pass the 3 diagnostic tests successfully in the ldap diagnostic tool. I am using rdn for binding if that is of any consequence.
I have now tried completely removing my database and entire osticket directory and re-installing osticket and creating a brand new database and after all that am now back to the same problem and error message. I'm really stuck here.
Can you give me any tips? Thanks a ton.
@[deleted]
Which login page? Scp or the client-side one?
Try to log in to scp with the admin user (using the ldap credentials), that you used for ldap access.
Also please post the RDN that you've set and the content in CN.
Testing
@[deleted]
I have tried logging into both the client and the staff side with no luck unless I use the password I set on install for my admin user.
RDN Scheme:
cn=%CN%,ou=proxies,dc=my,dc=domain
LDAP Admins CN is set to 'mycn' which fills in correctly in the RDN scheme on the diagnostics page.
Here are my diagnostic results
Result: Leave empty to use the Administrator in LDAP Settings
calling ldap_connect with: "ldaps://myauth.mydomain.edu"
setting LDAP_OPT_PROTOCOL_VERSION to 3 and LDAP_OPT_REFERRALS to 0
using rdn for binding
binding to ldap with "cn=mycn,ou=proxies,dc=my,dc=domain" and his password
using the filter: "(&(uid=myuser))"
calling ldap_search with the domain: "ou=people,ou=primary,ou=eid,dc=my,dc=domain", the Filter: "(&(uid=myuser))" and the Attributes: "array("givenname")"
LDAP returned field data: "FirstName"
Debug of function ldapGetEmail():
getting the email of user: "myuser"
using rdn for binding
binding to ldap with "cn=mycn,ou=myou,dc=my,dc=domain" and his password
calling ldap_search with the domain: "ou=people,ou=primary,ou=eid,dc=my,dc=domain", the Filter: "(&(uid=myuser))" and the Attributes: "array("mail")"
LDAP returned field data: "myuser@my.domain"
Debug of function ldapGetUsernameFromEmail():
getting the user of email: "myuser@my.domain"
using rdn for binding
binding to ldap with "cn=mycn,ou=myou,dc=my,dc=domain" and his password
calling ldap_search with the domain: "ou=people,ou=primary,ou=eid,dc=my,dc=domain", the Filter: "(&(mail=myuser@my.domain))" and the Attributes: "array("uid")"
LDAP returned field data: "myuser"
@[deleted]
Try a rdn that contains uid=%UID% like uid=%UID%,cn=mycn,ou=proxies,dc=my,dc=domain, as it's set now you don't provide a user to bind.
If set correctly the diagnostic page will show something like uid=admin,cn=mycn,ou=proxies,dc=my,dc=domain.
Note: %UID% is caps sensitive.
LDAP connection problem
Hi all,
We have problem with LDAP connection. We used LDAP Diagnostic and We got this result:
Result: Leave empty to use the Administrator in LDAP Settings
calling ldap_connect with: "my ip address" and port "my port"
setting LDAP_OPT_PROTOCOL_VERSION to 3 and LDAP_OPT_REFERRALS to 0
using rdn for binding
binding to ldap with "uid=administrator,dc=my domain,dc=sk" and his password
Invalid credentials
errno: 49
Cannot authenticate with LDAP server.
PHP error:
Warning: ldap_bind() : Unable to bind to server: Invalid credentials in PATH\include\class.ldap.php on line 111
We are using Active Directory 2003, is necessary configure it??
We also have multiple organizational units with users that are within other OU with users. What should our OU=xxx looks like, is it enough to specify only top level OU or do I have to specify them all?
Can someone post his LDAP configuration as an example?
Thanks for any help.
RDN Problem
@[deleted] - I think I discovered the problem. I'm trying to use an LDAP server that requires RDN binds. I worked with the admin on campus that's responsible for LDAP and we looked through the logs. When the diagnostic is run - everything works great - the admin base DN connects and the password stored in the admin panel LDAP authenticates.
However, from the client login screen (submitting a ticket for the first time as a new user with authentication required) - the connection string looks exactly identical to the one that is successful, but the log shows that the password is wrong, so I started wondering where is this other password for the admin user coming from?
I tried, just for fun, using the LDAP super user password on the login screen with a standard user account name - and voila - a new user that had never logged in before had their account created, name and email were grabbed fine, and everything worked.
So the problem is - with RDN enabled - the initial bind is set to use the password that the user enters on the login page, with the RDN admin user account scheme, instead of the password stored in the LDAP settings for the mod. Login is failing because it's trying to bind as the admin with the current users password entered in the login form instead of the actual admin password.
I'm going to look into the code, but I wanted to post this as quickly as I found out.
Thanks.
@atreyuTry a rdn that contains uid=%UID% like uid=%UID%,cn=mycn,ou=proxies,dc=my,dc=domain, as it's set now you don't provide a user to bind.
If set correctly the diagnostic page will show something like uid=admin,cn=mycn,ou=proxies,dc=my,dc=domain.
Note: %UID% is caps sensitive.
@[deleted]
for an ad you don't need to use rdn, you can set rdn to off and use the filter in the example:
(&(sAMAccountName=%USERNAME%))
I've added rdn for those cases, where you can't bind with a filter.
@[deleted]
That's actually as intended. After all you want to authenticate the user. Otherwise you could type anything and log in as admin.
Hello,
I can't seem to get this to work. I am not familiar with php or LDAP binding, but maybe someone can point me in the right direction.
I successfully installed the mod and I can see the LDAP page. I add the LDAP info however when I enable the settings and save I get the following error.
Fatal error: Call to undefined function ldap_connect() in /var/www/html/osticket/upload/include/class.ldap.php on line 751
Here is the line 751
$ldap = ldap_connect($vars, $vars);
At first I thought it could be failing because of another mods i had installed, so I scrapped it and installed a clean ostickets, but still no luck.
I also don't think its the AD, because I can connect to it with Softerra.
It could be something I entered, but I am not sure, like I said I am not to familiar with ldap binding. Here is what I got.
http://i.imgur.com/g8pxnYG.jpg(http://i.imgur.com/g8pxnYG.jpg)
Thanks
@[deleted]
Please make sure that you have the ldap extension enabled in your php.ini. It is required for this mod.
@[deleted]
I was having a similar problem. I could not get it to work with out RDN bind, however, when attempting to log in via other users, I couldn't log in and the LDAP admin account would become locked (we have lockout set after 3 failed attempts in AD). When I were to use the LDAP admin password, regardless of the username, it would log me in. I thought RDN binding was my issue, however, i stumbled upon another thought.
Our domain is setup like: w2k.domain.com however, users log in via w2k\username and our addresses username@domain.com.
I was originally trying the suffux @[deleted] and it would not work. When I tried @[deleted] everything worked perfectly fine. I do not have RDN bind enabled now also. Try that out and disable RDN bind.
@[deleted]
Thank you once again for this mod. I am trying to get SSO working. I tried the example auth variables but it doesn't seem to work with that. I am trying to figure out how our domain was set up with auth variables. There has not been much documentation as to how our infrastructure was setup and nobody really knows much.
