openldap authentication

[plegrand1]

Hello, first sorry for my poor english as i cant post on the osticket forum (i don't know why) i post here to expose my problem. I installed latest osticket and ldap authentication plugin from osticket site. i install it, and i cant make client ldap authentication works. i use already some application which use php/ldap without problem. i follow the instructions to install plugin and it seems to works to create new agent : when i put username, others fields are automatically filled from my ldap directory.

But when i want to authenticate client from ldap it doesn't works "Accès refusé" does client has to be already registered to authenticate against ldap ? Or may be i made a mistake in configuration ? I don't use AD but openldap

Here is my configuration : domain : mon-domaine.local dns : xxx.xxx.xxx.xxx servers : 192.168.151.234 tls : 0 bind_dn : bind_pw : search_base : ou=people,dc=ma-base,dc=fr schema : {"2307":"Posix Account (rfc 2307)"} auth-staff : 1 auth-client : 1

It doesn't works even if i use good bind_dn and bind_pw (my ldap server allow anonymous) Thanks for your help

[ntozier]

You can't post to the forums because your reason for joining the forums was "---". I've approved your forum account now, but in the future you might want to actually populate the field with something meaningful.

[plegrand1]

but have you got an idea about my problem ? Thanks for the forum

[ntozier]

You have not provided enough information for us to troubleshoot this. osticket version? ldap plugin version? have you checked firewalls? (such as SELinux on both servers?) does your webserver have permission to connect to your ldap server?

[ghost]

Hey Everyone,

I'm not able to bind to an OpenLdap - keep getting invalid user/pass message. My openldap is using kerb5 for passwords - any issues with this?

osticket version: 1.9.12 ldap plugin: latest from osticket and latest php-ldap from the repo - Centos 7 firewalls are configured properly not sure what you mean by this - as php-ldap would be doing the bind and not something else. if you're asking about selinux, it's in permissive mode.

[plegrand1]

Hello, here is more information about my installation

Debian stable

OsTicket v1.9.12 (19292ad) — Up to date Authentication :: LDAP and Active Directory Latest Stable Release, v0.6.2 Released April, 10th, 2015

Logiciel serveur Web Apache/2.4.10 (Debian) Version de MySQL 5.5.44 Version PHP 5.6.13-0+deb8u1 Php5-ldap Version 5.6.13+dfsg-0+deb8u1 - Enabled

No firewall between the osticket server and the ldap server

My openldap server works fine. php5-ldap extension is enabled and i can use it for other application than osticket on the same web server against the same ldap server

On osticket the plugin is enabled, configured and i can use it to add agent : when i put username, others fields are automatically filled from my ldap directory.

Then i'm trying to make works "client authentication", and it does not works : "access denied"

Here is the configuration i use

domain : mon-domaine.local dns : xxx.xxx.xxx.xxx servers : 192.168.151.234 tls : 0 bind_dn : bind_pw : search_base : ou=people,dc=ma-base,dc=fr schema : {"2307":"Posix Account (rfc 2307)"} auth-staff : 1 auth-client : 1

same result with or without bind_dn / bind_pw

Nothing in apache logs

I enabled debug level on osticket and here is message i can see : Tentative de connexion échouée (utilisateur) Jeton CSRF non valide CSRFToken

Thanks for your help

[mercury00]

I would love if there was some information about how to configure this for authenticating with openldap users. We also auth with kerberos and not ldap, but use ldap for username lookup and transparent passthough of password verification. This plugin seems to want an AD server, which we don't have. We're using osticket on linux.

[marcosrjalves]

I'm having the same problem. Agents can authenticate... but clients don't, with posix account. The MS AD would do trick, but our default ldap system is openldap, on debian server.

[jianfzhu]

staff ldap login ok, user ldap login access denied. i have same issue. how to fix it? @rodrigojalves