Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion

osTicket v1.10 (stable) and Maintenance Release v1.9.15 are now available! Go get it now

OS Ticket integration with MS Active Directory

Hello every one, I have OS Ticket installed version 1.6.0 on Debian latest version with Apache 2.x. I have the computer authenticating to the MS AD successfully.

Apache authentication is working too. However when I try to use my username and password in OS Ticket it does not work. I have tried it with username, domain\username.

I have used the guidelines here: http://osticket.com/forums/showthread.php?t=3312

That apparently does not work, is there any one who has been successful achieving this?

Am I supposed to put a value in there, see bold section:

if (!@ldap_bind( $ds, $domain."\\".$this->username, $password) )

Comments

  • The only things you need to change are as follows.

    $ds=ldap_connect('ldap://mydc.mydomain.com')
    - (ldap://mydc.mydomain.com) Needs to be FQDN of one of your Domain controllers.

    AND

    $domain=\"mydomain\"; 
    - (mydomain) Needs just your domain name.

    P.s Suggest you use the code further down the page that has fallback to the mySQL db on failure.
  • Os Ticket Active Directory Authentication Help

    Tried that but still no use, won't work.
    kirbykia;25693 said:
    The only things you need to change are as follows.

    $ds=ldap_connect('ldap://mydc.mydomain.com')
    - (ldap://mydc.mydomain.com) Needs to be FQDN of one of your Domain controllers.

    AND

    $domain=\"mydomain\"; 
    - (mydomain) Needs just your domain name.

    P.s Suggest you use the code further down the page that has fallback to the mySQL db on failure.
  • This worked

    I used the how-to here and it worked on the first try without any issues. I'm using Ubuntu with Apache2 going to Windows Server 2008 R2 AD.

    http://www.bauer-power.net/2010/04/how-to-make-osticket-160-authenticate.html
  • Active directory offsite

    What if your Active directory server is not on the same network as your website. We host our website with a 3rd party host to make sure it never goes down, but active directory server is on site. Is there a way to make them connect.
  • In short, yes. The setup would be essentially the same. You would need to use the IP of the server or the FQDN.

    You would need to make sure that the server can reach the AD server. You would need to make sure that the ldap server allows the connection. You would need to make sure that any firewalls didn't prevent connections.
  • Any one with any kind of success and update on this? I installed it on another system that has Debian running and it is part of the domain and I have another web based product running on it and successfully authenticating to the Active Directory, but this one still not working.

    Other than editing class.staff.php is there a place where I will also need to configure the DN's and stuff?
  • HI All,

    I tried the same piece of code,
    $ds=ldap_connect('ldap://gul.repin.com');
    $domain="repin";
    if (!@ldap_bind( $ds, $domain."\\".$this->username, $password) ) {
    Auth failed!
    return(FALSE);
    return (strlen($this->passwd) && strcmp($this->passwd, MD5($password))==0)?(TRUE):(FALSE);
    }
    else{
    Auth succeeded!
    return(TRUE);
    }

    End Changes
    }

    but this code works only with the administrator user, whereas not with the other users.
  • My Changes to Get osTicket working with AD

    First: test my ldap connection with osticket:
    1. make a php file (ex. test.php) and include content
    2. if it works, then you'll see the logged in message

    <?php

    \\format i used = 'microsoft.com'

    $ldap = ldap_connect('your_domain_name');

    //format = domain\username (ex. 'microsoft\bgates')
    $username='ad username';
    $password='ad password';

    if($bind = ldap_bind($ldap, $username,$password ))
    echo 'logged in';
    else
    echo 'fail';
    echo '<br/>done';
    ?>

    Second: My changes and examples in bold for class.staff.php. The addition in change one was the major stopper because my username was not passing thru the scp login screen.
    Two changes:
    1. add $this->username in function load()
    2. make 2 simple changes for AD connection


    1.****************************************** 1.
    function load($var='') {


    $this->ht=db_fetch_array($res);
    $this->id = $this->ht['staff_id'];
    $this->username = $this->ht['username'];
    $this->teams = $this->ht['teams'] = array();
    $this->group = $this->dept = null;
    $this->departments = $this->stats = array();

    }

    2.****************************************** 2.
    function getInfo() {
    return $this->udata;
    }


    /*compares user password*/
    function check_passwd($password, $autoupdate=true) {

    /*bcrypt based password match*/
    if(Passwd::cmp($password, $this->getPasswd()))
    return true;



    // Change made for LDAP Auth based on -> http://osticket.com/forums/showthread.php?t=3312
    // Change this line to the FQDN of your domain controller


    $ds=ldap_connect('microsoft.com') or die("Couldn't connect to AD!");
    // Change this line to the name of your Active Directory domain
    if ($ds) {
    $domain="microsoft"."\\"; $ldapbind = ldap_bind($ds);

    if (!@ldap_bind( $ds, $domain.$this->username, $password))
    {

    //just to show the passed values if your AD login is not working - delete after
    print $domain;
    print $this->username;
    print $password;

    // Auth failed! lets try at osTicket database
    return (strlen($this->passwd) && strcmp($this->passwd, MD5($password))==0)?(TRUE):(FALSE);
    // return(FALSE);
    }
    else{// Auth succeeded!
    return(TRUE);
    }
    // End Changes
    }
    }


    // //Fall back to MD5
    // if(!$password || strcmp($this->getPasswd(), MD5($password))) return false;
    //
    // //Password is a MD5 hash: rehash it (if enabled) otherwise force passwd change.
    // $sql='UPDATE '.STAFF_TABLE.' SET passwd='.db_input(Passwd::hash($password)).' WHERE staff_id='.db_input($this->getId());
    // if(!$autoupdate || !db_query($sql)) $this->forcePasswdRest();
    // return true;}
  • Thanks
    racoonracer;35967 said:

    $this->username = $this->ht['username'];
    This line made all the difference with Windows Server 2003. Thank you.
Sign In or Register to comment.