Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion

osTicket v1.10 (stable) and Maintenance Release v1.9.15 are now available! Go get it now

[resolved] Fill "notes" in user contact forms with Description Attribute in LDAP

edited February 2016 in General Discussions
Hi,

Do you know if there is a way to fill Notes in user form with "Description" attribute in LDAP direstory?

thanks by advance.

Proc

Comments

  • moved thread to general discussion.
    @Chefkeks has posted about this sort of thing, he might be able to point you in the right direction.
  • We found our own way to do so.

    In summary, we have written a small php script to write the data from LDAP (Active Directory) to osTicket once every night (via Cron). You can find the files of this "osTicket addon" here:

    Just grab it from there and test it out.
    Let me know when you have additional questions.

    Cheers,
    Michael
  • Hi,

    Thx for your answer, I'll try your solution ASAP and keep you informed.

    Bye

    Proc.
  • edited January 2016
    Hi Chefkeks,

    First of all thank you then...

    Unfortunately,

    I have not been able to make it works.
    First of all I had modify SMTP.php and LDAP.php to include path to PEAR.php which is not in the default include path.Then script ran normally so that's not a problem anymore.

    Then I saw in you requirement that sAMAccountName has to be the same as user name in os ticket.
    Unforunately for me I'm not using a Microsoft AD but an OpenLDAP.

    Is there a workarround for this requirement? (My users authenticate with their mail)
  • Since I've never used openLDAP really I think the easiest workaround is to replace all these "sAMAccountName" in my code with the attribute name you need them to be synced (e.g. "mail").

    Not sure if this will work, but I guess it will. Btw. please always make a backup when playing around with such 3rd party scripts.
  • Ok as my users can be authenticated with their ldap mail or uid attribute, I tried to replace all samaccount with first uid and then mail but it did not work:

    I always get this(using uid) :

    [2016-01-28 @ 15:35:42] Modifiying now the following osTicket user: Francois Martin
    [2016-01-28 @ 15:35:42] User information from LDAP: 'uid'= ; 'cn'= ; 'description'= ; 'businessCategory'= ;
    [2016-01-28 @ 15:35:42] osTicket User: Francois Martin not existing in LDAP. Skipping this user...

    or (using mail)

    [2016-01-28 @ 14:17:08] Modifiying now the following osTicket user: Francois.Martin@post.com
    [2016-01-28 @ 14:17:08] User information from LDAP: 'mail'= ; 'cn'= ; 'telephonenumber'= ; 'mobile'= ; 'description'= ; 'businessCategory'= ;
    [2016-01-28 @ 14:17:08] osTicket User: Francois.Martin@post.com not existing in LDAP. Skipping this user...

    I saw that MS AD use CN as RDN whereas I used UID as RDN, I thought that was one of my problem but creating a user with CN as RDN did not helped.

    If you have any other idea, I take it ;-)
  • edited January 2016
    Currently not, but I'll try to look at the code again to tomorrow as well as how our internal log from the osTicket add-on looks like.

    When I remember correctly where in your log it says "osTicket user: Francois Martin" in our log is just the sAMAccountName at that place, so e.g. "osTicket user: francois_martin" or "osTicket user: fm" (depends on how the login name is being defined/generated in the LDAP/AD environment).

    That samaccountname is then mapped to the login name/username in osTicket which needs to be the same. So what have you set as username for users and/or agents in osTicket? Is it really "Francois Martin" or "Francois.Martin@post.com" or something else?

    Anyway I try to look at the code tomorrow and hope to see what needs to be changed to get this running properly with the mail attribute ;)

    Cheers,
    Michael
  • Hi Michael,

    Many thanks for what you are doing. Looking forward your answer. By my side
    I'll rewrite my user injection in openldap to be as close as I can to the microsoft ldap schema.
    (This osticket platform is brand new not yet running offically, so I can do what I want right now ;-))

    Proc.
  • So, after taking a look at the code, I guess the reason why it's not working could be the HIDDEN ldap filter which I use in the config.php.

    Try changing it from
    public $ldap_filter = '(&(sAMAccountType=805306368)(!(userAccountControl=514))(!(userAccountControl=66050))(mail=*))';
    to
    public $ldap_filter = 'mail=*';
    so all accounts with the mail attribute set are included. I guess that nearly all your accounts have been excluded from the ldap result. Btw. you can see how many accounts are found/included by the log (see the bold part):

    [2016-01-28 @ 22:34:02] Logging started...

    [2016-01-28 @ 22:34:02]
    -----------------

    [2016-01-28 @ 22:34:02] Found 197 ldap entries!

    [2016-01-28 @ 22:34:05] Number of osTicket


  • Beside, there is another part in the config.php which you might need to change. I have defined attributes which are always required:

    public $ldap_attributes = array('samaccountname','cn','telephonenumber','mobile');

    My suggestion is to change samaccountname to mail or uid, so:

    public $ldap_attributes = array('mail','cn','telephonenumber','mobile');


    Please also note that we developed this initially for our own internal use case and never really tested it on other environments, so I hope you can get this running since we only use MS Active Directory here and not openldap.


    Cheers,

    Michael

  • edited January 2016
    Hi it's guetting better and better!!!

    I had thought about the ldap filter, but I feared about the implications in changing it.
    Now with :

    public $ldap_filter = 'mail=*';
    and

    public $ldap_attributes = array('mail','cn','description','businessCategory')

    Your scripts work!!! I Had my entries updated. I don't yet know why I don't get the business

    Category updated but I think it's just a question of time!!


    Thank you! I let you know when everything is finished and post what I have changed to make it works with openldap.


    [edit] Got it!! had to put "businesscategory" instead of "businessCategory"
  • Yeah! Great to hear you got it working (:
  • So I restarted from the Begining and this is what I've done once your zip deflated:

    -Copied it in /var/www/html/

    -Run : sudo chown -R www-data:www-data /var/www/html/"ldap uder info folder"

    -Edited /var/www/html/"ldap uder info folder"/Net/SMTP.php and add before the first runonce :
                set_include_path('.:/usr/share/php:/var/www/html/"your os ticket folder"/include/pear/');

    -Edited /var/www/html/"ldap user info folder"/Net/LDAP2.php and add before the first runonce :
                set_include_path('.:/usr/share/php:/var/www/html/"your os ticket folder"/include/pear/');

    -Edited /var/www/html/"ldap user info folder"/config.php (in red):

    public $debug = "true";
    public $logpath = "/var/www/html/"ldap user info folder/";
    public $logfilename = "ost_update_user_info.log"; 
    public $loglastexec = "ost_last_exec_user_info.log";

    //osTicket MySQL Database
    public $mysql_host = "localhost";
    public $mysql_db = "osticket db";
    public $mysql_user = "Mysql user";
    public $mysql_pw = "password";

       
    // Net LDAP2 Connection
    public $ldap_host = 'Ldap host IP';
    public $ldap_port = '389'; // OpenLdap Use 389 tcp port as default
    public $ldap_binddn = 'cn=admin,dc=nodomain'; //** Check your config for this
    public $ldap_bindpw = 'your password'; //** Check your config for this
    public $ldap_basedn = 'ou=Customers,ou=users,dc=nodomain'; //** Check your config for this
    public $ldap_tls = 'false'; // I don't use tls depend on your config

    public $ldap_attributes = array('mail','cn','description','businesscategory'); //Required Attributes
    public $ldap_filter = 'mail=*'; //hide from config_ui to guarantee functionality

    -Edited
    /var/www/html/"ldap user info folder"/udpate_user_info.php: replace all 'sAMAccountName' with with 'mail' (but you can use any attribute that match the osticket usernames.

    With this everyhting works but the mail, but it's really not mandatory for me.(-:

    once again : Thank you!
  • Just One more request:

    Do you know how to execute the script each time a user register?

    Many thanks.

    Proc
  • edited January 2016
    Don't know how this can be executed based on user registration, but we added a cron job in our environment to update all users at least once a day. For the cron job you can use/need to specify the "update_user_info.php" which basically can run without any further input since all the configuration stuff is stored in the config.php ;)

    Cheers
    Michael
  • Hi,

    I forget the idea to run it when a user register, this need too much investigation.
    I'll run it on scp/login.php loading. will be easier.
    In fact almost done, but I have a permission denied, don't yet know why but I don't it'll very hard to
    find the solution.

    Have a nice week-end.
  • I edit login.php with this (@start):

    chdir('/var/www/html/support/lui');
    shell_exec('php ./update_user_info.php');
    chdir('/var/www/html/support/scp');

    And it does the trick, like this each time an admin will check a ticket, the add-on infos will be updated before the agent login.

    Can someone tag this discussion as [solved] please, I tried to do it myself but it seems that I do not have
    the rights to.

    Thx

    Proc.
  • Great!
    Thanks for adding in the info how to execute the script before login.

    Closing as resolved.
This discussion has been closed.