Hello,

I've set up OSticket 1.14.3 on Ubuntu 20.04 with PHP 7.4 & MySQL 8.0.
I'm having a hard time to get the LDAP plugin to work to authenticate the clients. I've used the following settings in LDAP plugin:

  • Default domain: company.com
  • DNS server : <IP domain controller>
  • LDAP servers: <IP domain controller> (without :port)
  • Use TLS : yes
  • Search User: CN=<NAME>;OU=Users,OU=affiliate,DC=company,DC=com
  • password: pw of search user
  • Search base: OU=Users,OU=affiliate,DC=company,DC=com
  • LDAP schema = LDAP
  • staff & client authentication both checked

HTTP passthru plugin is also enabled.

When I try to log in with my LDAP user, I get the following event log in my domain controller:

An account was successfully logged on.

Subject:
Security ID: SYSTEM
Account Name: <HOSTNAME DOMAIN CONTROLLER>$
Account Domain: <COMPANY>
Logon ID: 0x3E7

Logon Information:
Logon Type: 3
Restricted Admin Mode: -
Virtual Account: No
Elevated Token: Yes

Impersonation Level: Impersonation

New Logon:
Security ID: COMPANY\LDAP USERNAME
Account Name: LDAP USERNAME
Account Domain: VYNCKE
Logon ID: 0x7993604C
Linked Logon ID: 0x0
Network Account Name: -
Network Account Domain: -
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x238
Process Name: C:\Windows\System32\lsass.exe

Network Information:
Workstation Name: HOSTNAME DOMAIN CONTROLLER
Source Network Address: IP OSTICKET
Source Port: 34602

Detailed Authentication Information:
Logon Process: Advapi

Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

Immediately followed by the following event:

An account was logged off.

Subject:
Security ID: COMPANY\LDAP USERNAME
Account Name: LDAP USERNAME
Account Domain: COMPANY
Logon ID: 0x7993604C

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer

In OSticket I receive an Access Deniederror

How can I resolve this error? I've installed all necessary php modules etc.:

    wouterve Search User: CN=<NAME>;OU=Users,OU=affiliate,DC=company,DC=com

    Try changing this to the username.
    DOMAIN\username

        ntozier
        Thanks! That did the trick.

        I also needed to change the following setting:

        admin panel -> settings -> users -> registration method = Public Anyone can register

        Otherwise I received the following error:

        Access Denied. Contact your help desk administrator to have an account registrered for you

        kr
        Wouter

          Glad to assist. Shall I mark this as resolved and close the thread?

          One more question: does registration method needs to be =Public or can you use LDAP with another registration method?

          kr
          Wouter

          Well I am pretty sure that if you disable it and import your users from your LDAP server, and/or run a plugin (like the 2rd party adSync plugin from software-mods) that it would work okay.

          Hello,
          thanks for your suggestion. I think I'll leave it this way for now maybe in the future I'll use the adSync plugin.
          You may set this thread as resolved.

          Thanks for your help

          Wouter

          ntozier changed the title to [resolved] Troubles getting LDAP plugin to work.
          Write a Reply...