Cannot connect to multi domain

[rocklee44]

Hi all, Here my case: Centos 8.5 , osTicket v1.15.2 , Apache/2.4.37 , MySQL Version 8.0.26 , PHP Version 7.4.29 , plugin LDAP Authentication and Lookup version 0.6.3 : connecting to domainA.com, I added agents (IT members) manually , set "Authentication Backend" to "LDAP Authentication" , it works fine.

Now I want to add more agents (IT members) from domainB.com (different forest) , so I try plugin Multi LDAP Authentication and Lookup version 1.5.8 , after installing it , I disable plugin LDAP Authentication and Lookup , enable Multi LDAP Authentication and Lookup This is my configuration I don't know what to do with "Search User" , how can I input 2 DN of search users for domainA & domainB here ? The documentation not mention about it. But it says "this data is not necessary if your server allows anonymous searches" , so I guess , I have to enable anonymous searches in all domains that I want to use , right ? So I input DN of search user at domainA and enable anonymous searches in domainB After all, I can login agents in domainA to osTicket but cannot login agents in domainB to osTicket http://helpdesk.domainA.com/scp Please give some advice, thank you very much.

[philbertphotos]

1. BaseDN does not have and OU hence the issue its only DC=domain, D=com
2. This may be causing all you issues actually.

[rocklee44]

I have changed BaseDN to OU=OUofUSERatDomainA,DC=domainA,DC=com;OU=OUofUSERatDomainB,DC=domainB,DC=com But still, agents of domain B cannot login.

[philbertphotos]

@rocklee44 you need to add the base DN for domain B also make sure you add the semicolon

[rocklee44]

I did But still, agents of domain B cannot login.

[philbertphotos]

Do you see the difference?? In my BASE there is no OU= in it why because its not valid.

[philbertphotos]

OU can never be part of the base DN is not how ldap work and your screenshot shows that is what you are using.

[rocklee44]

Here my new configuration Still same error I can login agents in domainA to osTicket but cannot login agents in domainB to osTicket I have tested with config including only individual domainB and it also works fine (agents in domainB can login to osTicket)

[philbertphotos]

On Domain B does the log keep showing invalid or cant connect to LDAP server?

[philbertphotos]

Ok I see the problem... I did something DUMB in the programing. In servers remove the ";" and do a carriage return instead and make sure once sever is below the other. Example" 192.168.0.1 192.168.0.2 "

In the code it seems that I did something different there to split the servers.

[rocklee44]

Still "cant connect to LDAP server" As you can see , agent "jack.chuong" at domainA login successfully agent "ESET" at domainB login fail.

[rocklee44]

I have just edited servers and tested again, agent at domainB can login successfully, thank you very much.

[philbertphotos]

@rocklee44 GREAT I will make an update in code to support both delimiters to avoid others doing this in the future.

[philbertphotos]

Well based on the image i know why. You need a carriage return not a space. Just press enter in the space between each server will update the code later to correct this “bug”

Sent from my iPhone

On Sep 22, 2022, at 12:13 AM, rocklee44 @.***> wrote:

 Hi, It suddenly doesn't work today , I have check "LDAP Servers" part, this is it

I have tried : input server of domainA IP address --> enter --> input server of domainA IP address --> save But it will always return "x.x.x.x y.y.y.y"

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you modified the open/close state.