Active directory integration

[samatheson]

The settings that we had to use were as follows:

Active Directory Host: IP of server
Port (Default: 389): 389
Base DN : DC=domain,DC=ending (aka it would be like DC=google,DC=com)
RDN : DOMAIN\username (aka GOOGLE\jsmith)
Password: user password

and don't forget to set the LoginShare to MS Active Directory under the Templates - Edit Template Group (Settings)

Hope this helps.

[chimborazo]

Thanks samatheson for your replay,

but I don't think this will work, we do not have an AD Domain. We are using a full linux environment.

hs

[chimborazo]

In our OpenLDAP schema, the user's login name is stored in the "login" field. I think we need to tell Kayako to use that field, but I did not see a setting to do that in the Active Directory template.

Also we don't really understand the DOMAIN\ part of the RDN. Our base DN is in the form "o=Org Name". We put in an RDN of simply "cn=User Name,ou=Sub Domain,o=Org Name" which is an acount that can read the directory. Should that be good enough?

[chimborazo]

Since nobody is answering and kayako is not really helpfull on this, I want to post something else:
The log file shows me:

05 Apr 2006 06:02:58 PM: Connecting to LDAP Server: 10.129.130.2:389
05 Apr 2006 06:02:58 PM: Connected!
05 Apr 2006 06:02:58 PM: Binded to: cn=Adminusername, PASS: password
05 Apr 2006 06:02:58 PM: No results found for the user search: hschirma@company.org

I really have the impression that this is a field matching on where the mailaddress, username, password is stored. As we do not have an Active Directory domain. We use open LDAP.
we do not have
"samaccountname", "proxyAddresses", "distinguishedname", "displayname"
but we do have:
mail, cn, login, display-name
What code and where do I need to change the activedirectory.login.php file?

Thanks

[AKL-MFCU]

Quote:

Originally Posted by Hybrid

Code:

04 Dec 2005 10:21:32 PM: Connecting to LDAP Server: 172.16.0.1:389
04 Dec 2005 10:21:32 PM: Connected!
04 Dec 2005 10:21:32 PM: Binded to: CN=administrator, CN=Users, DC=STBEDES, DC=internal, PASS: ******
04 Dec 2005 10:21:32 PM: Starting the validation process
04 Dec 2005 10:21:32 PM: Connecting to LDAP Server (AGAIN): 172.16.0.1:389
04 Dec 2005 10:21:32 PM: Connected!
04 Dec 2005 10:21:32 PM: User Binded to: CN=administrator, CN=Users, DC=STBEDES, DC=internal, PASS: ******
04 Dec 2005 10:21:32 PM: Registering User:

This seems to be as far as it gets, as you can see it gets stuck on registering user.

The DB username has full access to the DB so that cant be the problem or does Kayako not store usernames there?

Anyone?

Where did you get this information? I don't see anything happening like this when i attempt to login. Are you looking on the sql interface or the kayako app?

[chimborazo]

Hi AKL-MFCU not sure if I understood your question. But I got a unencoded activedirectory.login.php file from Varun. I replaced the file with the original file. This file writes a addebug.txt into the cache directory and thats where I got the information from. does this answer your question?

By the way, finally after diging tinto the file that varun send me and changing a few values, we could make the openLDAP authentication work. But I must say that kayako was not really helpful on this. Before I bouth this package I asked about openLDAP authentication and they just wrote back that it would work.
I spent almost a week on doing this. But now I am happy.

cheers

chimborazo

[AKL-MFCU]

Yeah, thats what i was wondering about. I have to go through mine and see if that debug part was put into mine. If you don't mind, could you copy and paste what he had put down to put it into a debug file? I have a complete license with unencoded files, just need to find out some debugging info. I am currently running php 5 something and just enabled the ldap extension, yet am having a huge problem getting it to run against our active directory. I think maybe i am missing something or possibly don't have the ldap info compiled into our php. I enabled it's flag inside of the extension settings, let me know if there is something else I have to download or compile. I'll send you my phpinfo if you want, just write me your e-mail address.

We are running a win2k3 environment with AD so i figured the LDAP is already compiled especially since when i joined the company the security engineer had already created a ldap user.

[AKL-MFCU]

Is it going to be asking for their username/password in the sense of what they would use for logging into windows or does it need to be in the format domain\username
or username@domain
or is it their e-mail?

Just don't want them to be getting confused once i actually find out how to get this working.

[AKL-MFCU]

Finally fixed my loginshare issues and got it to start working just fine. It was strange, but we needed to use both pre-2000 naming scheme as well as the standard scheme for 2003. Thanks to you guys laying so much info out, its really been a great help in getting that part of the ball rolling!

Quick question, is anyone else having problems with users who have internal e-mail addresses only and don't have external e-mails? This would be referring to people who use kayako for their internal help desk only. Because if kayako pulls the account info, it will take something like kayakotest@fakedomain.local and interpret it as blank for the person's e-mail in the manage users section, but if i even add it back as that, it will tell me that its an "invalid e-mail address" even though if i change it to anything besides .local it will work (they won't get the e-mail, it'll just act like it worked.) The serious problem about this is, if im using ad intergration, and our users don't have external e-mail addresses, it won't let them submit tickets because it says a field has not been filled. Any ideas?

[sjvtech]

I'm still trying out this product, using the 7 day trial. I was a little leary about trying to impliment a PHP/MySQL install on our Windows 2003 network so I though maybe the hosted option would be better.

So I setup the 7 day trial to see how the software worked. The first thing I tried was the active directory integration to see how it worked and I get this error

Fatal error: Call to undefined function: ldap_connect() in /var/www/vhosts/alancolema7851xc.kayakotrial.com/httpdocs/includes/LoginShare/activedirectory.login.php on line 40

Which from reviewing all of the help offered all over the forums and what not, seems to indicate that PHP is not compiled correctly to allow ldap connections...

So does this mean that if we do a hosted install of eSupport... that we can't do LDAP integration... or is this a limitation of the trial... or something we can request or what??

[samatheson]

Their servers need to have the php4-ldap (or php5-ldap as it may be) module installed. Not sure why they don't have it, but they should put it on there if you ask.

You could always do what we did, just install SUSE on a box and put it on there. (We also have a windows 2003 network) It sets up easily enough, and the setup of the eSupport software is easier, in my opinion at least. Need to make sure that the right php modules are installed, but it's easy to do with suse's YAST client.

And, we had issues with permissions and IIS (who doesn't, right?) and eSupport; the server randomly changes random file/folder permissions. Not plesant to troubleshoot.

[sjvtech]

The fact that I don't even know what SUSE is tells me that I really shouldn't be messing around with trying to load this...

We're a small non-profit with one web server. We don't have the money to buy a new server, and I"m not sure I want to screw up our one and only web server by trying to load PHP/MySQL on it unless there is some PHENOMINALLY EASY fool-proof, point and click and it does it all automatically way to do it on a Win2003 server which won't screw it up.

[samatheson]

Fair enough.

Suse is a linux distro, but it has a very usable and intuitive graphic interface.

Honestly, I don't know of anyone personally who has done a 'seemless' php/mysql install on IIS. In your case you're better off going with the hosted option. Shoot an email to kayako though about the AD integration/php-LDAP module, they should have it.

[AKL-MFCU]

Quote:

Originally Posted by sjvtech

The fact that I don't even know what SUSE is tells me that I really shouldn't be messing around with trying to load this...

We're a small non-profit with one web server. We don't have the money to buy a new server, and I"m not sure I want to screw up our one and only web server by trying to load PHP/MySQL on it unless there is some PHENOMINALLY EASY fool-proof, point and click and it does it all automatically way to do it on a Win2003 server which won't screw it up.

No, there isn't a foolproof way. The only thing they have to do is compile the php.ini file with ldap support which means just removing the ; in front of the ldapsupportenabled extensions part in the php.ini file. If you are hosting through kayako, they should be able to do this quickly and is a wonder they haven't already. However, if you are hosting through another company, you might want to ask them to compile php with ldap support.

[cgolight]

Honestly, if your helpdesk is externally hosted and the server can hit your domain controller to authenticate to active directory, you've got bigger problems.