Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion

osTicket v1.10 (stable) and Maintenance Release v1.9.15 are now available! Go get it now

How to configure the LDAP Authentication and Lookup plugin

I did a fresh install of 1.8.1 and installed the LDAP Auth and Lookup plugin.  The install went smoothly but I am stuck on the configuration.  Not being familiar with AD, what should I use for the "Search Base" entry.  Does someone have an example of how they configured this plugin for AD and what they had installed on their Windows 2008 server?  When I configure the plugin and save it, I see "LDAP configuration updated successfully" but I also see an error under the LDAP Servers that says: "Unable to find LDAP servers for this domain." It ALSO says nothing needs to be entered there if AD is configured (if it isn't needed, why the error?)  Anyway, I don't see any type-ahead or lookup happening when I create a new ticket and I *thought* I had this working in the old 1.6 installation I used to have (but I didn't upgrade it, I started from scratch).

Are there any simple step by step instructions to configure this plugin or at least a screen shot of a typical installation you can share?  Thanks

Comments

  • Log in and go to Admin panel -> Manage -> Plugins.
    Click Add New Plugin
    Click the Install button to the left of "LDAP Authentication and Lookup".
    Click on LDAP Authentication and Look up.
    Fill out the settings in a manner that reflects your AD server.  Here's how I comfigured mine.

    Default domain: is your FQDN for your domain.  In my configuration its corp.SHORTDOMAINNAME.local.

    DNS Servers: your dns server.  I use the IP Address for ours.

    LDAP Servers: I put two entries in here, but you really only need one.  I personally entered the ip address of my AD server, and the FQDN of my AD server. (The FQDN of your AD server should be SERVERNAME.corp.SHORTDOMAINNAME.local.

    Use TLS: I did not check this.  You may have to depending on what version of AD your running.

    Connection Information
    Search User: a username that has look up rights in AD. I had to user SHORTDOMAINNAME\username here to get it to bind right.

    Password: the accounts password.

    Search Base: I don't think that this is neessary, but I was playing with it a little.  Currently I have this set to:
    OU=All_Users,DC=corp,DC=SHORTDOMAINNAME,DC=local

    LDAP Schema: Microsoft Active Directory

    Click Save Changes.

    Up top in the menu bar click Plugins.
    Tick the check box to the left of "LDAP Authentication and Lookup" and then click the Enable button.


    To answer your questions directly:

    Q: Does someone have an example of how they configured this plugin for AD and what they had installed on their Windows 2008 server?

    A: I've provided as much as I can as to how I configured it.  What we have installed on our Windows 2008 server though doesn't seem like its particularly important however.

    Q: if it isn't needed, why the error?

    A: The search user account is only needed for the lookup portion of the plugin.  Authentication should work with out it.

    Q:
    Anyway, I don't see any type-ahead or lookup happening when I create a new ticket and I *thought* I had this working in the old 1.6 installation I used to have (but I didn't upgrade it, I started from scratch).

    A: There was no LDAP plugin for 1.6.  Plugins were just introduced in version 1.8.1.  There was a mod on the forum that you might have used, but it was written by a community member and not the osTicket devs.

    Q:
    Are there any simple step by step instructions to configure this plugin or at least a screen shot of a typical installation you can share? 

    A: No, but I have just replied with some generic instructions that might get you going.  Unfortunately there are a lot of ways that your AD could be configured, and your organizational units can vary from everyone else's. 
  • edited February 2014
    EDIT / UPDATE:
    Forget about the issue, we found the solution... Really stupid thing... The plugin was still disabled -_- ... We enabled it and it's now working.


    We successfully configured the AD/LDAP Plugin here, but it does not seem to work (at least here)...

    We used the same configuration as before with Developer Preview release of 1.8.1 but it does not give us any output when we e.g. add a collaborator or a new staff member. Only things changed are osTicket and ldap.phar versions. But to make sure ldap bind / search is basically working we tested it via ldapsearch command directly from our linux server and everything's fine. No idea why we do not get it working with osTicket and the ldap plugin. So one simple question:

    Did you @ntozier get it working? (osTicket v1.8.1 and LDAP.phar v0.3)

    Thanks in advance,
    Chefkeks
  • Yop !

    So on my side, I install the plugin and configure it as below:

    Default domain: xxxxx.com.
    DNS servers: ip address of our main DNS server

    LDAP servers: xxxx.domainname.com (I also tried with the ip address)

    Search user: domainname.com\administrator
    Password: administrator password

    Search base: CN=Users,DC=domainname,DC=COM

    And when I try to save I obtain on the top of the page: LDAP extension is not available

    Very strange, any idea?


  • oups for the search user I set: domainname\administrator
  • Delete my answer or close this topic, I open a new one in the right part of the forum.
  • edited February 2014
    I've set this up as well without issues, but I wanted to know if there is a way to configure staff to use this? Thanks :)

    EDIT: I want users to be able to auth against AD, etc. Should've been more clear.
  • Staff are the only ones who can use it.  Clients (users) cannot.
  • Is there documentation on setting up staff to be able to login with this? That would be ideal. Thanks :)
  • step 1 - install and configure the ldap plugin.
    step 2 - edit the staff member and give them permission to use ldap auth.
  • Well, that was too easy :) Thanks :P
  • Very welcome. :)
This discussion has been closed.