Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion

osTicket v1.10 (stable) and Maintenance Release v1.9.15 are now available! Go get it now

[MOD] LDAP Authentication

245678

Comments

  • Hi Thane,

    thank you for this great job.

    Due to a problem with SSO module in my AD, I just modify the login.php line 32

    From:
    $tmp_email=$_SERVER['PHP_AUTH_USER'];
    To:
    $tmp_email=LDAP::ldapGetEmail($_SERVER['PHP_AUTH_USER']);
    And now it work perfectly with me.
    Regards,
  • LDAP Connection failed

    I installed the mod and provided the info for a connection but when I run the diagnostics it says LDAP Connection failed.

    Here are the details:

    Result: Leave empty to use the Administrator in LDAP Settings
    calling ldap_connect with: "hh-dc1.hhinc.org" and port "389"
    setting LDAP_OPT_PROTOCOL_VERSION to 3 and LDAP_OPT_REFERRALS to 0
    binding to ldap with username "admin@hhinc.org" and his password
    calling ldap_search with the domain: "CN=AllUsers,DC=hhinc,DC=org", the Filter: "(&(objectCategory=person)(sAMAccountName=admin))" and the Attributes: "array("givenName")"


    I've tried changing the domain to different values but get the same results.

    Thanks,

    Augustus
  • Augustus;38440 said:
    I installed the mod and provided the info for a connection but when I run the diagnostics it says LDAP Connection failed.

    Here are the details:

    Result: Leave empty to use the Administrator in LDAP Settings
    calling ldap_connect with: "hh-dc1.hhinc.org" and port "389"
    setting LDAP_OPT_PROTOCOL_VERSION to 3 and LDAP_OPT_REFERRALS to 0
    binding to ldap with username "admin@hhinc.org" and his password
    calling ldap_search with the domain: "CN=AllUsers,DC=hhinc,DC=org", the Filter: "(&(objectCategory=person)(sAMAccountName=admin))" and the Attributes: "array("givenName")"


    I've tried changing the domain to different values but get the same results.

    Thanks,

    Augustus
    if you get to calling ldap_search with the domain: "CN=AllUsers,DC=hhinc,DC=org", the Filter: "(&(objectCategory=person)(sAMAccountName=admin))" and the Attributes: "array("givenName")" without an error, binding should be ok. The error in your case can be one of the following:
    • your LDAP doesn't like the field 'givenName', which is unlikely
    • your ldap doesn't like the Filter, which is more likely the case
    The filter is hardcoded in all current versions, if it's the cause of your error you'll have to wait for v5. I think i'll get that done tomorrow. I'd suggest you test your settings with another program. CotterPin suggested some in earlier posts.
  • @wbart
    Hello wbart,

    please check if the V5 works for you.

    @CotterPin

    Hello CotterPin,

    could you also check if the customizable filter works for you. Also thanks for the extensive testing.
  • Thane;38465 said:

    @CotterPin

    Hello CotterPin,

    could you also check if the customizable filter works for you. Also thanks for the extensive testing.
    Thane,
    No worries, it's the least I could do for the extensive mod work. :) Looks like I've got it working with V5, but it appears that our corporate LDAP won't let me read the givenName attribute. I can only pull down the cn (Full Name) or sn (Last Name). Is there a way I can use the cn attribute for client tickets?
  • CotterPin;38480 said:
    Thane,
    No worries, it's the least I could do for the extensive mod work. :) Looks like I've got it working with V5, but it appears that our corporate LDAP won't let me read the givenName attribute. I can only pull down the cn (Full Name) or sn (Last Name). Is there a way I can use the cn attribute for client tickets?
    Hello CotterPin,

    "givenName" returns nothing for me. I have to write in in all lowercase ('givenname') to make it work. Ldap seems very picky with the attributes. Another nice example is samaccaountname. I have to write 'sAMAccountName' to get the filter working. However if i want the content of samaccountname i have to use the attribute 'samaccountname'. So try 'givenname'. If that also doesn't work for you I'll have to patch the class.ldap.php a bit.
  • Thane;38481 said:
    Hello CotterPin,

    "givenName" returns nothing for me. I have to write in in all lowercase ('givenname') to make it work. Ldap seems very picky with the attributes. Another nice example is samaccaountname. I have to write 'sAMAccountName' to get the filter working. However if i want the content of samaccountname i have to use the attribute 'samaccountname'. So try 'givenname'. If that also doesn't work for you I'll have to patch the class.ldap.php a bit.
    Ok, that worked. I now am able to use the LDAP Diagnostic to verify that I am using the correct filter for First and Last Names. However, client login is not working with the V5 mod. It leaves me as a Guest User, even after clicking "Log In". Clicking "Log In" takes me to the Check Ticket Status dialog for the Guest User.
  • CotterPin;38493 said:
    Ok, that worked. I now am able to use the LDAP Diagnostic to verify that I am using the correct filter for First and Last Names. However, client login is not working with the V5 mod. It leaves me as a Guest User, even after clicking "Log In". Clicking "Log In" takes me to the Check Ticket Status dialog for the Guest User.
    I've removed part of the sso stuff. It was V4-specific and partially hardcoded. I'll add a slightly better configurable Sso in V6, maybe even later today (pretty shure that i'll get that done today). Sorry, i forgot to mention that.
  • @CotterPin
    Ok, SSO is done. You'll have to set use SSO and your PHP_AUTH_USER in the LDAP Settings. Hopefully your setup will completely work with that. I've tested it with a Samba4 server with ldaps enabled, with osticket hosted on a IIS7.
  • How if I have multi domain ?

    Thank you very much Thane,
    Your mod help me very much .
    But how if I have multi domain ? Ex: I have 2 user jack and john , jack have UserPrincipalName (UPN) [email]jack@test.net[/email] , johns' is [email]john@test.org[/email] . My internal domain is test.com
    How should I create LDAP connections ?

    LDAP Domain : dc=test,dc=com
    LDAP Suffix : @test.net , @test.org or @test.net ; @test.org ... ?
    LDAP Controller : ad01.test.com

    It don't allow me to create 2 LDAP connections with same LDAP Domain and LDAP Controller
  • How if I have multi domain ?

    Thank you very much Thane,
    Your mod help me very much but how if I have muti-domain ?
    Ex : I have 2 users jack and john , jack has UserPrincipalName (UPN) [email]jack@test.net[/email] , and johns' is [email]john@test.org[/email] , my local domain is test.com

    How should I create LDAP connections ?

    LDAP Domain : dc=test,dc=com
    LDAP Suffix : @test.net ; test.org or @test.net , test.org ... ?
    LDAP Controller : ad01.test.com


    It don't allow me to create 2 LDAP connections with same LDAP Domain and Controller
  • Thane;38518 said:

    Ok, SSO is done. You'll have to set use SSO and your PHP_AUTH_USER in the LDAP Settings. Hopefully your setup will completely work with that. I've tested it with a Samba4 server with ldaps enabled, with osticket hosted on a IIS7.
    Looks like we're getting close. SSO works for users that already have tickets in the database. However, if I get a new user to login, Full Name is still blank on the Open a New Ticket dialog. I've double checked the user through the LDAP diagnostic, and it is successfully returning givenname and sn from LDAP. These are the fields I've populated in the LDAP config as First Name and Last Name. I looked in the database, and it does create a blank record with subject "ldap_temporary":
    ticket_id: 2055
    ticketID: 646229
    dept_id: 1
    sla_id: 1
    priority_id: 1
    topic_id: 1
    staff_id: 0
    team_id: 0
    email: [email]
    name:
    subject: ldap_temporary
    helptopic: NULL
    phone:
    phone_ext:
    ip_address:
    status: closed
    source: Other
    isoverdue: 0
    isanswered: 0
    duedate: NULL
    reopened: NULL
    closed: NULL
    lastmessage: NULL
    lastresponse: NULL
    created: 0000-00-00 00:00:00
    updated: 0000-00-00 00:00:00
  • Filter help
    Thane;38441 said:
    if you get to calling ldap_search with the domain: "CN=AllUsers,DC=hhinc,DC=org", the Filter: "(&(objectCategory=person)(sAMAccountName=admin))" and the Attributes: "array("givenName")" without an error, binding should be ok. The error in your case can be one of the following:
    • your LDAP doesn't like the field 'givenName', which is unlikely
    • your ldap doesn't like the Filter, which is more likely the case
    The filter is hardcoded in all current versions, if it's the cause of your error you'll have to wait for v5. I think i'll get that done tomorrow. I'd suggest you test your settings with another program. CotterPin suggested some in earlier posts.

    I installed V5 and still can't connect. Can you provide me with a few different filter commands? I'm a bit new to the filters.
  • Augustus;38619 said:
    I installed V5 and still can't connect. Can you provide me with a few different filter commands? I'm a bit new to the filters.
    I'd suggest using V6. For the LDAP Filter, I use:
    (&(uid=%USERNAME%))
    So when users login, I want LDAP to use what's in the uid field for the user name in osTicket. It is helpful to connect to your LDAP with an LDAP explorer and map out which field is which. I use JXplorer for this, and to ensure I have the correct fields for the rest of the LDAP configuration as well. Then I use the LDAP Diagnostic tool to ensure it's getting the field correctly - I found that though my LDAP Explorer said "givenName", it actually needed "givenname" (as suggested by Thane).
  • @CotterPin
    I've noticed that both phone fields are empty too. The cause is probably the ldapGetUsernameFromEmail function. So i've added diagnostic messages to this and the ldapGetEmail function. Please Download the V7 and check Ldap Diagnostic again.

    My diagnostic output is:

    calling ldap_connect with: \"ldaps://192.168.178.40:636\"
    setting LDAP_OPT_PROTOCOL_VERSION to 3 and LDAP_OPT_REFERRALS to 0
    binding to ldap with \"administrator@vpg.local\" and his password
    using the filter: \"(&(sAMAccountName=ostclient))\"
    calling ldap_search with the domain: \"DC=vpg,DC=local\", the Filter: \"(&(sAMAccountName=ostclient))\" and the Attributes: \"array(\"cn\")\"
    LDAP returned field data: \"ost client\"


    Debug of function ldapGetEmail():

    getting the email of user: \"ostclient\"
    binding to ldap with \"administrator@vpg.local\" and his password
    calling ldap_search with the domain: \"DC=vpg,DC=local\", the Filter: \"(&(sAMAccountName=ostclient))\" and the Attributes: \"array(\"mail\")\"
    LDAP returned field data: \"ost.client@vpg.de\"


    Debug of function ldapGetUsernameFromEmail():

    getting the user of email: \"ost.client@vpg.de\"
    binding to ldap with \"administrator@vpg.local\" and his password
    calling ldap_search with the domain: \"DC=vpg,DC=local\", the Filter: \"(&(mail=ost.client@vpg.de))\" and the Attributes: \"array(\"samaccountname\")\"
    LDAP returned field data: \"ostclient\"
  • Thane;38629 said:
    @CotterPin
    I've noticed that both phone fields are empty too. The cause is probably the ldapGetUsernameFromEmail function. So i've added diagnostic messages to this and the ldapGetEmail function. Please Download the V7 and check Ldap Diagnostic again.
    It appears to be binding to both LDAP entries - domain.com and lex.adapps.domain.com are different LDAP domains. Anyway, here's my diagnostic output for [email]user@domain.com[/email]:

    Result: Leave empty to use the Administrator in LDAP Settings
    calling ldap_connect with: \"ldaps://ldap.domain.com:636\"
    setting LDAP_OPT_PROTOCOL_VERSION to 3 and LDAP_OPT_REFERRALS to 0
    binding to ldap with \"cn=ESCEAUTH,ou=Applications,o=domain.com\" and his password
    using the filter: \"(&(uid=user@domain.com))\"
    calling ldap_search with the domain: \"o=domain.com\", the Filter: \"(&(uid=user@domain.com))\" and the Attributes: \"array(\"givenname\")\"
    LDAP returned field data: \"FirstName\"


    Debug of function ldapGetEmail():

    getting the email of user: \"user@domain.com\"
    binding to ldap with \"cn=ESCEAUTH,ou=Applications,o=domain.com\" and his password
    calling ldap_search with the domain: \"o=domain.com\", the Filter: \"(&(uid=user@domain.com))\" and the Attributes: \"array(\"uid\")\"
    LDAP returned field data: \"user@domain.com\"


    Debug of function ldapGetEmail():

    getting the email of user: \"user@domain.com\"
    binding to ldap with \"admin@lex.adapps.domain.com\" and his password
    calling ldap_search with the domain: \"DC=lex,DC=adapps,DC=domain,DC=com\", the Filter: \"(&(sAMAccountName=user@domain.com))\" and the Attributes: \"array(\"mail\")\"
    LDAP returned nothing...


    Debug of function ldapGetUsernameFromEmail():

    getting the user of email: \"user@domain.com\"
    binding to ldap with \"cn=ESCEAUTH,ou=Applications,o=domain.com\" and his password
    calling ldap_search with the domain: \"o=domain.com\", the Filter: \"(&(uid=user@domain.com))\" and the Attributes: \"array(\"uid\")\"
    LDAP returned field data: \"user@domain.com\"


    Debug of function ldapGetUsernameFromEmail():

    getting the user of email: \"user@domain.com\"
    binding to ldap with \"admin@lex.adapps.domain.com\" and his password
    calling ldap_search with the domain: \"DC=lex,DC=adapps,DC=domain,DC=com\", the Filter: \"(&(mail=user@domain.com))\" and the Attributes: \"array(\"sAMAccountName\")\"
    LDAP returned nothing...
  • CotterPin;38630 said:
    It appears to be binding to both LDAP entries - domain.com and lex.adapps.domain.com are different LDAP domains. Anyway, here's my diagnostic output for [email]user@domain.com[/email]:

    Result: Leave empty to use the Administrator in LDAP Settings
    calling ldap_connect with: \"ldaps://ldap.domain.com:636\"
    setting LDAP_OPT_PROTOCOL_VERSION to 3 and LDAP_OPT_REFERRALS to 0
    binding to ldap with \"cn=ESCEAUTH,ou=Applications,o=domain.com\" and his password
    using the filter: \"(&(uid=user@domain.com))\"
    calling ldap_search with the domain: \"o=domain.com\", the Filter: \"(&(uid=user@domain.com))\" and the Attributes: \"array(\"givenname\")\"
    LDAP returned field data: \"FirstName\"


    Debug of function ldapGetEmail():

    getting the email of user: \"user@domain.com\"
    binding to ldap with \"cn=ESCEAUTH,ou=Applications,o=domain.com\" and his password
    calling ldap_search with the domain: \"o=domain.com\", the Filter: \"(&(uid=user@domain.com))\" and the Attributes: \"array(\"uid\")\"
    LDAP returned field data: \"user@domain.com\"


    Debug of function ldapGetEmail():

    getting the email of user: \"user@domain.com\"
    binding to ldap with \"admin@lex.adapps.domain.com\" and his password
    calling ldap_search with the domain: \"DC=lex,DC=adapps,DC=domain,DC=com\", the Filter: \"(&(sAMAccountName=user@domain.com))\" and the Attributes: \"array(\"mail\")\"
    LDAP returned nothing...


    Debug of function ldapGetUsernameFromEmail():

    getting the user of email: \"user@domain.com\"
    binding to ldap with \"cn=ESCEAUTH,ou=Applications,o=domain.com\" and his password
    calling ldap_search with the domain: \"o=domain.com\", the Filter: \"(&(uid=user@domain.com))\" and the Attributes: \"array(\"uid\")\"
    LDAP returned field data: \"user@domain.com\"


    Debug of function ldapGetUsernameFromEmail():

    getting the user of email: \"user@domain.com\"
    binding to ldap with \"admin@lex.adapps.domain.com\" and his password
    calling ldap_search with the domain: \"DC=lex,DC=adapps,DC=domain,DC=com\", the Filter: \"(&(mail=user@domain.com))\" and the Attributes: \"array(\"sAMAccountName\")\"
    LDAP returned nothing...
    The normal binding is in a while loop and tries all of your ldap entries. Thats why authentication with not trusted domains is possible. Though it creates a bit of overhead. I'll think of a way to remove the overhead later, i have to optimize the code anyway.

    Regarding the error, i didn't expect a username@domain to return from ldapGetUsernameFromEmail. Do your users in the domain.com enter their email address/user@domain or just the username?
  • @CotterPin

    please try using this class.ldap.php. It breaks out of the while loops when it gets results. It may be that the second run overwrites the first. That shouldn't happen with this class.ldap.php.

    Download: class.ldap.php_cotterpin_test.zip
  • Thane;38633 said:
    The normal binding is in a while loop and tries all of your ldap entries. Thats why authentication with not trusted domains is possible. Though it creates a bit of overhead. I'll think of a way to remove the overhead later, i have to optimize the code anyway.

    Regarding the error, i didn't expect a username@domain to return from ldapGetUsernameFromEmail. Do your users in the domain.com enter their email address/user@domain or just the username?
    Sorry I wasn't clearer about that before -- the confusion comes from having two different domains to work with. In our local domain (for Staff), they use a user name as expected. However, our corporate domain (I obfuscated with domain.com) uses email as uid, so we authenticate to almost everything with our email address as user name. So in this case, I'm using uid for both user name and email, as reflected in the debug.

    So for clarity, here's what we've got:
    uid = user name
    uid = email address
    cn = full name
    givenname = first name
    sn = last name
    Thane said:

    please try using this class.ldap.php. It breaks out of the while loops when it gets results. It may be that the second run overwrites the first. That shouldn't happen with this class.ldap.php.
    Yep, that works:
    Result:   Leave empty to use the Administrator in LDAP Settings
    calling ldap_connect with: \"ldaps://ldap.domain.com:636\"
    setting LDAP_OPT_PROTOCOL_VERSION to 3 and LDAP_OPT_REFERRALS to 0
    binding to ldap with \"cn=ESCEAUTH,ou=Applications,o=domain.com\" and his password
    using the filter: \"(&(uid=user@domain.com))\"
    calling ldap_search with the domain: \"o=domain.com\", the Filter: \"(&(uid=user@domain.com))\" and the Attributes: \"array(\"givenname\")\"
    LDAP returned field data: \"Firstname\"


    Debug of function ldapGetEmail():

    getting the email of user: \"user@domain.com\"
    binding to ldap with \"cn=ESCEAUTH,ou=Applications,o=domain.com\" and his password
    calling ldap_search with the domain: \"o=domain.com\", the Filter: \"(&(uid=user@domain.com))\" and the Attributes: \"array(\"uid\")\"
    LDAP returned field data: \"user@domain.com\"


    Debug of function ldapGetUsernameFromEmail():

    getting the user of email: \"user@domain.com\"
    binding to ldap with \"cn=ESCEAUTH,ou=Applications,o=domain.com\" and his password
    calling ldap_search with the domain: \"o=domain.com\", the Filter: \"(&(uid=user@domain.com))\" and the Attributes: \"array(\"uid\")\"
    LDAP returned field data: \"user@domain.com\"
  • CotterPin;38640 said:
    Sorry I wasn't clearer about that before -- the confusion comes from having two different domains to work with. In our local domain (for Staff), they use a user name as expected. However, our corporate domain (I obfuscated with domain.com) uses email as uid, so we authenticate to almost everything with our email address as user name. So in this case, I'm using uid for both user name and email, as reflected in the debug.

    So for clarity, here's what we've got:
    uid = user name
    uid = email address
    cn = full name
    givenname = first name
    sn = last name



    Yep, that works:
    Result:   Leave empty to use the Administrator in LDAP Settings
    calling ldap_connect with: \"ldaps://ldap.domain.com:636\"
    setting LDAP_OPT_PROTOCOL_VERSION to 3 and LDAP_OPT_REFERRALS to 0
    binding to ldap with \"cn=ESCEAUTH,ou=Applications,o=domain.com\" and his password
    using the filter: \"(&(uid=user@domain.com))\"
    calling ldap_search with the domain: \"o=domain.com\", the Filter: \"(&(uid=user@domain.com))\" and the Attributes: \"array(\"givenname\")\"
    LDAP returned field data: \"Firstname\"


    Debug of function ldapGetEmail():

    getting the email of user: \"user@domain.com\"
    binding to ldap with \"cn=ESCEAUTH,ou=Applications,o=domain.com\" and his password
    calling ldap_search with the domain: \"o=domain.com\", the Filter: \"(&(uid=user@domain.com))\" and the Attributes: \"array(\"uid\")\"
    LDAP returned field data: \"user@domain.com\"


    Debug of function ldapGetUsernameFromEmail():

    getting the user of email: \"user@domain.com\"
    binding to ldap with \"cn=ESCEAUTH,ou=Applications,o=domain.com\" and his password
    calling ldap_search with the domain: \"o=domain.com\", the Filter: \"(&(uid=user@domain.com))\" and the Attributes: \"array(\"uid\")\"
    LDAP returned field data: \"user@domain.com\"
    Ok, i was considering that i have to strip the @domain for the other functions. But it should work as it is now. Do new users get the fields filled now?
  • Thane;38647 said:
    Ok, i was considering that i have to strip the @domain for the other functions. But it should work as it is now. Do new users get the fields filled now?
    Yes, the users can login, and the fields populate. Mostly. It appears we have two cases:
    [LIST=1]
    [*]If the user already has tickets in the database, the Open New Ticket dialog works fine, and they can create a new ticket and view their other tickets.
    [*]If the user does not have tickets in the database, it shows them logged in with 0 tickets. Whey they try to create a new one, only the Email Address field populates. Full Name is blank, and they get the error "Missing or invalid data - check the errors and try again" when they try to create one.
    [/LIST]
    Also, the ldap_temporary database record is only created if they create the ticket while not logged in (guest). I'm thinking that's by design, but wanted to mention it for clarity.
  • CotterPin;38653 said:

    If the user already has tickets in the database, the Open New Ticket dialog works fine, and they can create a new ticket and view their other tickets.
    In that case osTicket is filling the fields. It does that by itself if it has the data.
    CotterPin;38653 said:
    If the user does not have tickets in the database, it shows them logged in with 0 tickets. Whey they try to create a new one, only the Email Address field populates. Full Name is blank, and they get the error "Missing or invalid data - check the errors and try again" when they try to create one.
    That could be because of the ldap_temporary tickets. They won't show on the interface (i've filtered them out), but they count in the system. If they don't have any info of the user osTicket won't fill the fields when the user tries to open a new ticket. In that case you'll have to delete the ldap_temporary ticket from that user in the database, or just delete all of them at once.
    CotterPin;38653 said:

    Also, the ldap_temporary database record is only created if they create the ticket while not logged in (guest). I'm thinking that's by design, but wanted to mention it for clarity.
    That is bad. The only time ldap_temporary tickets are created is when the user logs in. And also only if the user in question didn't create any tickets yet. I use those tickets as a safe way to transport the user info. As mentioned above, this ldap mod actually doesn't fill any fields. Osticket does that and i merely use/misuse that feature.

    What actually should happen, and does in my vm testsetup as well as my company is the following.
    [LIST=1]
    [*]A guest can create tickets without logging in, that is if you don't force clients to log in. But he has to fill the fields by himself, as osticket doesn't know him.
    [*]If a user logs in instead of using the username+pw that the user typed in to log into osticket, the ldap mod uses that to try and log the user into an ldap session. And if a valid ldap session could be created the ldap mod closes that session, then uses the admin credentials to fetch the email of the user. At this point i assume you have the client autofill feature on. The mod checks if he already has tickets, if thats the case 3. happens, else 4 happens
    [*]The mail of the user and a ticketid of the user are userd to log him into osticket. The user will then be redirected to the overview of his tickets and can create new tickets (see 5.), look at his tickets or log out.
    [*]The ldap mod creates a new ticket for this user with all the info the ldap mod can get (first name + last name, phone, phone_ext), then fetches the ticket_id of that new ticket, creates a new session for that user as if he logged in with email+ticketid and finally redirects him to open.php (the create ticket page). Then happens 5.
    [*]Osticket sees that this is a user with a valid session (requires a ticket) and tries to autofill the fields with the known info in the tickets of the user. Then step 6.
    [*]osticket creates a new ticket for that user. On creation of the new ticket the ldap mod checks, if the user has any tickets with the subject ldap_temporary and deletes them. At this point they are not needed anymore.
    [/LIST]

    So you could check if the users with unfilled fields have an empty ldap_temporary ticket. If thats the case, delete those tickets. Then try again. I don't know why guests get those tickets too, the creation happens in the login.php. I'll check that tomorrow.
  • Thane;38655 said:
    So you could check if the users with unfilled fields have an empty ldap_temporary ticket. If thats the case, delete those tickets. Then try again.
    That was it. The ldap_temporary ticket that was in the database for that user did not show up in the osTicket interface, only through a MySQL query. I deleted that record, and now the user's fields fully populate in the Open New Ticket dialog, and tickets are creating successfully. Success! :D

    Thane, many many thanks for all your work on this!
  • CotterPin;38657 said:
    That was it. The ldap_temporary ticket that was in the database for that user did not show up in the osTicket interface, only through a MySQL query. I deleted that record, and now the user's fields fully populate in the Open New Ticket dialog, and tickets are creating successfully. Success! :D

    Thane, many many thanks for all your work on this!
    many thanks to you to, you've done some extensive testing there!

    If you like I'll add a special thanks section in the first post with you in it, you've earned it.
  • Thane;38658 said:
    many thanks to you to, you've done some extensive testing there!

    If you like I'll add a special thanks section in the first post with you in it, you've earned it.
    No worries, I was happy to do it. As I see it, I learned some things about php and I got a great custom mod out of the deal! :D
  • I'm having a problem getting the auto-complete feature to work.

    I don't really need people to login using their Active Directory account, just want the fields to filled out based on what they type in for their email address.


    I did the ldap test and it gives me information for all 3 tests.

    I'm sure I'm probably doing something stupid.
  • programmerbob;38877 said:
    I'm having a problem getting the auto-complete feature to work.

    I don't really need people to login using their Active Directory account, just want the fields to filled out based on what they type in for their email address.


    I did the ldap test and it gives me information for all 3 tests.

    I'm sure I'm probably doing something stupid.
    The ldap login is required to get autocomplete working. Else the mod won't know who the user is.

    I need a bit more information to help you.
    What exactly isn't working for you? What settings did you use? What does the Diagnostic page return?
  • Oh nevermind, it's working now.
  • How to use MOD

    Hi,

    I have installed OSTicket on my local computer for testing purposes before getting deployed on the company server.

    To use this MOD for testing purposes, do I need to install OSTicket on Server?

    Also to use this, all I have to do is to copy files from zip file to my source location?

    Looks like I am missing a table ost_ldap_config?

    Should it be created automatically?

    Thanks
  • rishidawar;38969 said:
    Hi,

    I have installed OSTicket on my local computer for testing purposes before getting deployed on the company server.

    To use this MOD for testing purposes, do I need to install OSTicket on Server?
    All you need is a Webserver and a Server providing LDAP. That can be a testing environment. Or you could install this on a Testwebserver and provide the LDAP Server you already use. They only need to be in the same domain if you want to test SSO.
    rishidawar;38969 said:

    Also to use this, all I have to do is to copy files from zip file to my source location?
    If you don't have any other mods that require changes of the zipped files that should be all you have to do.
    rishidawar;38969 said:

    Looks like I am missing a table ost_ldap_config?

    Should it be created automatically?

    Thanks
    Normally the ldap table should be created automatically, yes.
    Where did you encounter that error? Seems I've forgotten checking that on that page. If you log into SCP it should be created.
Sign In or Register to comment.