osTicket / osTicket-plugins

Core plugins for osTicket (v1.8+)
GNU General Public License v2.0
151 stars 162 forks source link

auth-ldap, clients must login with full email #78

Open jakkul opened 9 years ago

jakkul commented 9 years ago

Hi!

What I'm using: OSTicket 1.9.12 Auth-LDAP 0.6.2 All on Debian wheezy. Samba 4 AD domain on Ubuntu 14.04 LTS.

What works: osTicket allows logging using login name for the staff using LDAP password authentication. You can also use your email from "mail" field in the Samba4 LDAP to login into the client issue reporting page.

What does not: Clients cannot login to the client issue reporting page using their normal login name. Only using whatever is put into "mail" LDAP field.

I've seen here, that there were problems with that and in #62 there was a patch that should solve this issue, but I'm not aware if this is already in the 0.6.2 package or not. Should I try to repackage it, or provide with a dump from ldapsearch with all the data that I have registered in LDAP from my test user?

jakkul commented 9 years ago

Sample user that I test this against: # test111, Users, biuro(cut)

dn: CN=test111,CN=Users,DC=biuro(cut) cn: test111 instanceType: 4 whenCreated: 20141110214923.0Z uSNCreated: 4577 name: test111 objectGUID:: HVDx9kHnq06DPZtiC6Fe0Q== badPwdCount: 0 codePage: 0 countryCode: 0 badPasswordTime: 0 lastLogon: 0 primaryGroupID: 513 objectSid:: AQUAAAAAAAUVAAAAu1Cu+hUTPvadCFZuCA0AAA== logonCount: 0 sAMAccountName: test111 sAMAccountType: 805306368 objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=biuro(cut) displayName: test111 homeDrive: H: scriptPath: logon.bat accountExpires: 137919572470000000 lastLogoff: 137919572470000000 logonHours:: //////////////////////////// userAccountControl: 512 uidNumber: 1168 objectClass: top objectClass: posixAccount objectClass: person objectClass: organizationalPerson objectClass: user unixHomeDirectory: /home/test111 loginShell: /bin/bash gidNumber: 513 msSFU30NisDomain: gpmv profilePath: \pdc\profiles\test111 homeDirectory: \pdc\katalogidomowe\test111 mail: jakkul+spam@(cut) pwdLastSet: 130846406880000000 lockoutTime: 0 whenChanged: 20150821142449.0Z uSNChanged: 241540 distinguishedName: CN=test111,CN=Users,DC=biuro(cut)

jakkul commented 9 years ago

ok, the patch from #62 is not in auth-ldap 0.6.2. I'll test it.

jakkul commented 9 years ago

OK, I've launched osticket 1.10-rc2 with auth-ldap head from git. #62 WORKS! I can login using test111 as login name as client.

(edit: i've previously reported a problem, but it was on my side).

jakkul commented 9 years ago

It works also on 1.9.12 with auth-ldap head from github. But in order for php make.php hydrate to work properly, you need the pull request 80.