Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion

osTicket v1.10 (stable) and Maintenance Release v1.9.15 are now available! Go get it now

[1.9 RC] Client AD Access

Ok, So loving that this is finally a feature (and was the one thing I was waiting for before we migrate from OTRS), and I am running this on a test install that has been upgraded from 1.8.2 however I can't seem to login as a client using AD credentials, the ldap plugin is setup correctly as it works fine for my staff account, and the tickbox to enable ldap for client access is also ticked and I have tried various username formats (username, domain\username and UPN), but none seem to work.

What's the correct procedure for getting this working beyond putting in correct LDAP details and ticking the box to enable ldap for client logins too?

Tagged:
«1

Comments

  • Do you have user registration set to Public? What's sort of error you're getting?
  • Yep, registration is set to Public, the only error when logging in with an AD account is access denied and a Failed Login attempt log entry is generated (which contains the password that was attempted which I'm not sure is a great thing to do from a security perspective).
  • Are you using AD account username or email to login? We only support username at the moment.

    PS: We're aware of the clear password being logged on invalid login and will be addressing it.
  • I've tried both the UPN and SamAccountName and not had any luck, this is largely a fresh setup so I'm assuming there is no other things I need to do to get the client logins working other than the LDAP details and enabling ldap client logs in the plugin, there shouldn't be any need to create user accounts for AD users should there?
  • SamAccoutName should work. What do you have as Registration Method in Admin Panel > Settings > Access?
  • edited April 2014
    >SamAccoutName should work. What do you have as Registration Method in Admin Panel > Settings > Access?
    Currently Public - Anyone can Register
  • We're also having the same issue as Nick-C.
    New fresh install, using XAMPP web server and manually updated to latest PHP version. Admins can LDAP authenticate, but end users are unable to.
  • We're looking into the issue - although we can't replicate the issue locally. Anyone willing to schedule a goto meeting either today or tomorrow? We're in CDT timezone.
  • I am hopefully free tomorrow, on BST here so if I am right the only time I'm free is 0900 - 1100 CDT (which works out to 1500 - 1700 BST)
  • @NickC - email help at osticket.com and we'll schedule a conference call. Be sure to mention this thread.
  • No problem, email sent :)
  • We here are also interested in this issue, having also a lot of trouble getting ldap client auth to work (as already written in the avid users forum). Unfortunately our time zone is CEST, which is +7h... :( ... But since NickC seems to have the same problems as we have here, hope your goto meeting will be a success. Would be great to finally see this issue fixed :)
  • Also interested in this issue.
    And I have something more: I have the ost_client table loaded with internal clients (really don't remember how I did it, as there are all the users from Active Directory even if they never opened a ticket - maybe some old customization). All of them are guests.
    Is there a way to register all these users ?
    I want each user to login with user+password to get access to all his/her tickets, but I don't wan't the "you have to register" trouble.

  • For all interested in the issue: This and other issues are fixed with the new ldap.phar.
  • where can I get it ?

    At Downloads, still says "Latest Stable Release, v0.4 Released March 3rd, 2014" and development repo is 2 month old.

    Thx
  • where can I get it ? At Downloads, still says "Latest Stable Release, v0.4 Released March 3rd, 2014" and development repo is 2 month old. Thx
    It's not been released yet as the devs only found out what was going wrong on friday afternoon, I have a working version of the files that the devs were able to put together while working with me to debug the plugin but I don't really want to release it as it isn't my code and may contain other problems (as we only really did basic testing on it confirming that AD accounts could now login and create tickets).

    I would imagine an official update to the plugin will come soon so others can test and confirm the fix is working correctly.
  • @wykzl & @NickC - We actually have an updated plugin, with the fix, available in download edge page. 
  • @wykzl & @NickC - We actually have an updated plugin, with the fix, available in download edge page. 
    Ah, didn't realise it had been updated there as the dates hadn't changed, even better then! :)
  • Ok - now I can login with client user with AD authentication.
    Thanks
  • HI,

    i get a white page (Error 500) after the User login.

  • @TSchellhorn did you grab the new version?
  • I am using Latest Stable Release (v0.5), Updated May 5th, 2014

    The problem was that i also have to configure LDAP.


  • Hi everyone,

    Since my English is very bad, this text is translated electronically.

    I have the following problem with the LDAP implementation. Installation and Activation go smoothly. After entering the data (domain , DNS, etc. ) are two messages.

    1. " LDAP extension is not available "

    2 " LDAP extension is not available. Please install or enable the ` php -ldap ` extension on
          your   web server ". 

    See Attachment please.

     The entry " extension = php_ldap.dll " in the php.ini file is enabled. What else can be the cause of the error ?

     I hope you can help me.

     system:

    Windows Server 2008r2

    Xampp

    osTicket 1.9rc

    LDAP Version 0.5

    Apache 2.4.9

    php 5.5.11

     

    Greetings

    Gerald

    @TSchellhorn;
    i´ve this Problem with version 0.4. and ost 1.8.1 and 1.9, but i don´t no why.
  • sorry, i´am to fast. Here the attachment
    ldap-problem.PNG
    754 x 310 - 38K
  • edited May 2014
    gerald2, we had the same, do the following to fix it.
    - edit php.ini in xampp CP, uncomment 'extension=php_imap.dll' (not explicitly needed for LDAP) & 'extension=php_ldap.dll' line
    - copy \php\libsasl.dll to \apache\bin\libsasl.dll (inside the XAMPP install folder)
    - (re)Start apache2 service to take effect.
  • amazing, a little solution for a great Problem^^

    Thank you very mutch veehexx.
  • oh, 'php_imap.dll' isnt explicitly needed for LDAP, it's just we wanted imap support so put it on the same line in our notes, which i C&P'ed here.
  • I meant by "little solution " the copy of the file libsasl.dll.
    The problem with the picking up of mail via IMAP I was able to solve thanks to the forum :-)
  • Is it possible to achieve SSO for clients?

    I know there is an HTTP passthru auth plugin and this works for Staff SSO (when their auth method is change from LDAP to HTTP). But cant find anything for clients, does anyone have any ideas/solutions?

    Using 1.9 on windows server with IIS.
Sign In or Register to comment.