Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion

osTicket v1.10 (stable) and Maintenance Release v1.9.15 are now available! Go get it now

[MOD] LDAP Authentication

123578

Comments

  • omgkenny;40624 said:
    1st. can i remove the ldap suffix request when edit the ldap connection??
    If your ldap authentication is something like [email]user@domain.com[/email] you'll need the suffix, otherwise you'd have to use rdn style binding. In any case, i'd just enter a suffix, it won't bug you.
    omgkenny;40624 said:

    2nd. the last code that you gave me is to do what actually? :confused:
    It enhances compatibility with osticket for client logins.
    omgkenny;40624 said:

    3rd. how can the user create the ticket as it request for User/E-Mail Address:
    Password/Ticket ID: ?? :confused:
    If you force clients to login they'd have to login even if they never created a ticket before. You can also use the autocomplete option with that.

    If you don't have that option, the users also can create tickets as a 'guest' or without to log in first (That's the green button on the left). That however can lead to some problems if the user types his/her email-address wrong. Tickets depend heavily on the email-address in osticket.
    omgkenny;40624 said:

    Sorry for all these questions. :o
    No worries.
  • I replaced that bit on line 59 of the login.php, alas it has not corrected my issue.
  • @mujizac
    Sorry that it didn't help. I assumed you have the same issue BAD had. I need more information to help you. For starters, when you login the first time the page should be login.php, is the login screen after that also login.php or a different one?
    Does this problem occur with all your users or only with specific ones?
    Please take a look in your osticket db if the email-addresses of those users have some capital letters in them.
    Do they have multiple tickets where the email-address differs in those tickets?

    Also take a look on the issue BAD had, maybe you'll find some pointers there.
  • Thane,

    I encountered these errors when running the ldap diagnostic :-
    Warning: ldap_search() [function.ldap-search]: Search: Bad search filter in /var/www/html/support2/include/class.ldap.php on line 192

    Warning: ldap_get_entries(): supplied argument is not a valid ldap result resource in /var/www/html/support2/include/class.ldap.php on line 193
    and these are the lines :-

    	$results = ldap_search($ldap, $rowset['ldap_domain'], $ldapFilter, $LDAPFieldsToFind);
    $info = ldap_get_entries($ldap, $results);


    Please advise.

    Thanks.
  • Hello omgkenny,
    The error
    omgkenny;40703 said:

    Warning: ldap_search() [function.ldap-search]: Search: Bad search filter in /var/www/html/support2/include/class.ldap.php on line 192
    tells you that the ldap filter has a syntax error. Check your ldap filter setting and correct it.
  • Thane;40705 said:
    Hello omgkenny,
    The error


    tells you that the ldap filter has a syntax error. Check your ldap filter setting and correct it.
    I see.

    Corrected the error and the LDAP diagnostic showed results.

    So, i've create an id.. to test.. using my own id... the password is differ from the ldap...

    so i've tried with the local password, it just log in into the system.. but when i log in using in the ldap password, i can't access it...

    looks like it do not even search into the ldap for the password given.. any idea?? or i just did something wrong again?
  • I've tried a couple different things, but nothing has seemed to help.
    I'm still at a point where any and all users cannot get past the login.php authentication page. If you put in a valid password, the page just refreshes without moving on. If you put in an invalid password, it will tell you that you have done so.

    Some of my user accounts do in fact have capital letters in their email, but not all, and I made test users that do not just to make sure that was not a factor.

    I checked in the database, these users don't exist yet, as they have never logged in before. If you have a specific table I should be looking in, let me know.
  • @omgkenny
    Please go into ldap diagnostic and check if the ldap fields you've entered return the expected values. You'll have to test the fields one by one. The email and username fields are important. Test that with the admin and a user of your choice.

    @mujizac
    Please do the same. Also, did you ever successfully log into scp using ldap credentials?
  • i have tested it.. but still the same...

    test with "uid" and "mail" both give same answer..

    but when i log in using the id i created "test" -- the user in ldap is [email]test@silk.my[/email]

    do i need to create [email]test@silk.my[/email] as well in the osticket users?

    because when log in into zimbra we do not need to key in "@silk.my"

    please advice

    thanks.
  • Thayne, I have been trying to integrate modv8 with osticket 1.7 and get a 500 server error when the code is pushed. I have been trying to get this to work for quite some time. You replied to a person in this thread who was having the same problem. I did not see a reply back from him. I have enabled the ldap extension (see attached image). With errors enabled I get the following errors below.
    Thane;39052 said:

    Please check if the ldap extension is enabled on that server. If that's the case please post the php error that you get.

    while on the localhost/ page I got these errors:
    Warning: include_once(/var/www/include/class.ldap.php): failed to open stream: No such file or directory in /var/www/include/class.staff.php on line 21

    Warning: include_once(): Failed opening '/var/www/include/class.ldap.php' for inclusion (include_path='./:/var/www/include/:/var/www/include/pear/') in /var/www/include/class.staff.php on line 21

    Warning: require_once(/var/www/include/class.ldap.php): failed to open stream: No such file or directory in /var/www/index.php on line 19

    Fatal error: require_once(): Failed opening required '/var/www/include/class.ldap.php' (include_path='./:/var/www/include/:/var/www/include/pear/') in /var/www/index.php on line 19


    While on the localhost/scp/login.php page I got these errors:
    Warning: include_once(/var/www/include/class.ldap.php): failed to open stream: No such file or directory in /var/www/include/class.staff.php on line 21

    Warning: include_once(): Failed opening '/var/www/include/class.ldap.php' for inclusion (include_path='./:/var/www/include/:/var/www/include/pear/') in /var/www/include/class.staff.php on line 21

    Fatal error: Class 'LDAP' not found in /var/www/include/class.staff.php on line 93

    I have tried doing adding the ldap mod on two different builds. ubuntu server 12.10, lamp-server with extensions: php5-ldap, php5-imap, php5-gd, php5-mcrypt installed. Any assistance you can provide would be greatly appreciated. Please let me know if there is any additional information that I can provide
  • @omgkenny

    You have to log in to ldap with user@domain.com (behind the scenes) anyway and the suffix field is for the @domain.com part. I add the suffix to the entered username in class.ldap.php. So if a user named "test" enters "test" in username and pw in password the code would log him in as "test@domain.com" and "pw" as his password.

    But you still need a ldap field where you get the username without that @domain.com or in your case @silk.my.
    Now, i've been reading up on zimbra a bit and in all the examples uid was used for that. I don't know why uid returns user@domain.com in your case. Maybe it's specific to a version or there is another ldap field which is zimbra-specific. I have far too little knowledge about zimbra to tell you the correct settings.

    I'll think about putting in a workaround for your case, but it would be better and cleaner to ger a username field from zimbra.

    @griffinaaronj

    Looks like osticket is missing the class.ldap.php in the include folder. I'd suggest redownloading v8 and reapplying it.

    Warning: include_once(/var/www/include/class.ldap.php): failed to open stream:
    No such file or directory in /var/www/include/class.staff.php on line 21

    Warning: include_once(): Failed opening '/var/www/include/class.ldap.php' for
    inclusion (include_path='./:/var/www/include/:/var/www/include/pear/') in
    /var/www/include/class.staff.php on line 21


    First warning: failed to open stream ... = could not open/find the file ...
    Second warning: failed opening ... = same thing but a bit more specific
  • Thanks Thane, I will try that out.
  • It works after applying it. Thanks for your help, I have been fighting this one for a while. I will now integrate it with our AD.

    Thanks again!
    Thane;40785 said:


    Looks like osticket is missing the class.ldap.php in the include folder. I'd suggest redownloading v8 and reapplying it.

  • it works when we change the ip to our ad server... but not everyone is on the ad server..

    the reason we are using ldap from zimbra is because wanted then to log in using their email id & password...

    any idea??
  • @omgkenny
    I'm sorry, i've misunderstood you. I thought you want to enter unsename+password just like in your zimbra.

    If your email content is the same as your uid content put uid as the username field and use the following filter:
    (&(uid=%USERNAME%))


    With that you'll have to create the scp users with a username, that is exactly the same as the uid content of that user. That is only needed for scp, clients will be created automatically when they open a ticket.
    Also, if you log them in with email/user@domain.com you'll have to leave suffix empty or else you'll get a [email]user@domain.com@domain.com[/email].
  • question

    hi,
    nice mod - but just wondering if it will work in my environment. we have a remoted hosted server with our website etc on it. I have setup and are using osticket on it. To enable your mod, I take it it would then need to communicate through our firewall from the outside with LDAP to our domain controller - is that correct, or will that setup not work?
  • @hepkat63

    Hello,
    Yes, you would have to punch a hole in your firewall and it would work then. But you should consider using ldaps instead of ldap for security reasons. Ldap sends the data more or less unencrypted. Ldaps is ssl encrypted but harder to configure. You also would have to configure openssl. And, since it's a remote webserver and users are logging in with ldap credentials, you should also force https for the ticketsystem.

    A forum member (CotterPin) in this thread already has this mod running with ldaps. You can look at our conversation to get an idea of requirements and settings.
  • thank you !
  • now what?

    Hi,
    Ok, I have downloaded your mod - put all the files where they are supposed to be and when I logon to admin panel, I get an extra menu item LDAP - which is good.
    I fill it out and then click ADD and I get a blank page. So, clearly I need to chmod a file (or two) somewhere? Is there actually any install instructions I can have - there wasn't one (that I saw) in the .zip file.
  • Unable to download from URL

    I tried to download the mod but the host appears to be down. Can someone repost this? I am need of this to implement for a project. Thanks!
  • blank page

    hi,
    still can't get this to get any further than the setup. I can fill in all the top part of the ldap settings - add ldap and it saves fine. as soon as i fill out the bottom part and 'save' - i get a blank page. no error, just blank? can you please advise?
  • @hepkat63

    Please check if the downloaded zip has the md5 hash CBCF07A5B862C698E4EA6C879E0CF642
    There is no need to chmod the files, the settings are saved in the mysql db. And regarding the installation instructions, yes there are none. You simply overwrite the osticket files with the files in the zip. Of course things may break if you have multiple mods that require changes in those files.

    @mips

    Strange, it should be up. Maybe i had connection errors at that time.
  • Got the download

    I happened to try yesterday and the connection was up and I downloaded the mod. Thanks a million!
  • Thanks for making this mod, it's super great.

    I'm having trouble getting SSO to work though. What exactly do I need to do to make it work? Right now I always just get taken to the login screen.
  • @keybroad
    You have to set your Webserver to authenticate the login.php, for example with NTLM or Kerberos. The webserver will pass the authenticated user to a $_SERVER Variable like 'AUTH_USER'. You have to type in the correct variable in the field PHP Server Auth Variable. That should be it.
  • Undefined function ldap_connect()

    Hi,

    I have this error message:
    Fatal error: Call to undefined function ldap_connect() in PATH/class.ldap.php on line 751

    Any help?

    Thanks.
  • @JK11
    Please make sure that you have the ldap extension enabled in your php.ini. It is required for this mod.
  • Thanks for answer. Problem solved.
  • Users cannot login

    I am trying to use your mod because it is exactly what I am looking for, but I am running into an authentication error (the message "authentication error - try again!") at the login page. I pass the 3 diagnostic tests successfully in the ldap diagnostic tool. I am using rdn for binding if that is of any consequence.

    I have now tried completely removing my database and entire osticket directory and re-installing osticket and creating a brand new database and after all that am now back to the same problem and error message. I'm really stuck here.

    Can you give me any tips? Thanks a ton.
  • @atreyu

    Which login page? Scp or the client-side one?
    Try to log in to scp with the admin user (using the ldap credentials), that you used for ldap access.
    Also please post the RDN that you've set and the content in CN.
Sign In or Register to comment.