How to configure LDAP fresh install server Ubuntu

ramrajone · Oct 23, 2018

franxu
Default Domain should be your FQDN
You don't need to put port number after the IP address for LDAP server
Also, you need to enter the DNS server IP address

franxu · Oct 23, 2018

ramrajone
Ok.
- I put my fqdn and not work yet.
- I check in my ldap server the fqdn with command:
hostname --fqdn
- I put dns server too

I have doubts with the field "Search Base" but I do not think it's the problem that it does not connect to the server, right?

ramrajone · Oct 23, 2018

franxu
Did you remove the port number after the IP address?

Search Base is after you are connected, when you looking for user info

franxu · Oct 23, 2018

ramrajone
Yes, i remove port. I show yo the config again:
In the terminal i have ping with the server ldap

ntozier · Oct 23, 2018

Here are my working settings. I didn't see where you said what ldap server specifics you had (AD, etc).

Default Domain: corp.DOMAIN.local
DNS Servers: ip of my dns server

LDAP Servers: ip address of my primary dc
Use TLS: checked

Search User: DOMAIN\username.
Password: my password
Search Base: OU=All_Users,DC=corp,DC=DOMAIN,DC=local
LDAP Schema: Microsoft Active Directory

My only other suggestion is that you make sure that the user that you are using has privileges to bind to the server.

franxu · Oct 23, 2018

ntozier

The plugin configuration has been filled correctly and has not given me an error!, and the fields are no longer deleted if I go back in to see their configuration. The problem is when I want to login with the credentials I use ldap I get the error http 500
i mean, i near to the problem, but this is new. The settings are ok like my other server with ldap auth.

ntozier · Oct 23, 2018

http 500 is pretty generic error. You would have to consult your PHP and Apache error logs to see what the error being logged is.

ramrajone · Oct 23, 2018

franxu

Instead of auto detect can set it manually to MS Active Directory:

Also, you might want to try: domainName\UserName
Search User:
Bind DN (distinguished name) to bind to the LDAP server as in order to perform searches

franxu · Oct 23, 2018

ntozier
error.log on nginx:
Stack trace:
#0 phar:///var/www/osticket/upload/include/plugins/auth-ldap.phar/authentication.php(190): LDAPAuthentication->getSchema(NULL)
#1 phar:///var/www/osticket/upload/include/plugins/auth-ldap.phar/authentication.php(427): LDAPAuthentication->authenticate('PRIVATE INFO USER', 'PRIVATE INFO PASSWORD')
#2 /var/www/osticket/upload/include/class.auth.php(235): StaffLDAPAuthentication->authenticate('PRIVATE INFO USER', 'PRIVATE INFO PASSWORD')
#3 /var/www/osticket/upload/scp/login.php(47): AuthenticationBackend::process('PRIVATE INFO USER', 'PRIVATE INFO PASSWORD', Array)
#4 {main}
thrown in phar:///var/www/osticket/upload/include/plugins/auth-ldap.phar/authentication.php on line 259" while reading response header from upstream, client: 192.168.xxx.xx, server: 192.168.xxx.xxx, request: "POST /scp/login.php HTTP/1.1", upstream: "fastcgi://unix:/run/php/php7.0-fpm.sock:", host: "192.168.xxx.xxx", referrer: "http://192.168.xxx.xxx/scp/login.php"

ntozier · Oct 23, 2018

You do realize that nginx is not a support webserver for osTicket right?

franxu · Oct 23, 2018

ntozier
why not?
I saw users in the forum using osticket with nginx. So that is the problem? Should I use apache?

ntozier · Oct 23, 2018

It does not work out of the box and requires a bunch of configuration changes to make it work. there are a number of threads over on github [if you want to continue using it] that you will need to read through and make configuration changes.

You should use Apache or IIS since we support both.