Active directory integration

[jamesM]

I have one user who just can not login to to the SupportSuite every one else in the company can login with out any problems is there any way to trace out the active directory login I was thinking could I setup auditing on the AD or is there any thing I can echo out in the script ?

My second question is if I am useing active directory users who recived updates on there tickets through email have a link in the email to open the support request to check the status is there any way to auto log them in direct from the URL ?

[AKL-MFCU]

I have had this happen before to me because they either sent an e-mail into the staff item which registered them and it caused conflicts when they tried to sign in (deleting the user and then having them log in will make it work just fine). almost 99% of the time this is the case, have them sign in after you delete them and see if it works. If it doesn't, I would suggest looking at their active directory user account and see how they are different from the others- especially if they aren't in the same tree in AD as the rest of the users in the forest.

[AKL-MFCU]

as for question#2 there is a person who has set it up to do an autologin feature from the e-mail that sends them the username and password within the link. Search the forums for autologin and you will probabbly find it. I believe its a "how to" which could be another term you can search by.

[thor]

Quote:

Originally Posted by jamesM

I have one user who just can not login to to the SupportSuite every one else in the company can login with out any problems is there any way to trace out the active directory login I was thinking could I setup auditing on the AD or is there any thing I can echo out in the script ?

My second question is if I am useing active directory users who recived updates on there tickets through email have a link in the email to open the support request to check the status is there any way to auto log them in direct from the URL ?

Check the swusers table and look at loginapi_moduleid. As AKL-MFCU said, the user might have registered via email which would have them configured using a different login module.

[jamesM]

Thank you AKL-MFCU and thor for your reply :-)
I throught you might have got it with the swusers table but I checked and that user is not listed in that table :-(

One thing I have noticed is that this users account in A/D is setup a little funny

His user logon name is different to his user logon name (pre-windows 2000)

is his login name taken from the pre windows 2000 login ?

Thanks for the hint about the "how to" I had read that but could not get it working with the latest build I will have a play around with it a little more but I seem to remember some one saying that it was broken with the latest build maybe thats way I could not get it working.

[AKL-MFCU]

i would recommend trying to look at when this ad user was created. If it was that long ago that it was when the system was using a pre-win2k module and everyone else is afterwards, i would recommend just rebuilding the user account in ad under a new user and removing the old one. Just make sure you move the exchange boxes to the new one before deleting the old one so not to lose any connections and e-mails (if you use exchange). i think i had conflict with one account like that but i just recreated it and it went away.

As for the autologin being broken on the new version i have heard rumours but i don't use it myself. It won't take too long before someone figures out the new syntax for it- personally i would like kayako to code it in manually with an encrypted username and password put into the fields.

[jamesM]

Thanks for the ideas AKL-MFCU I will see it as a A/D issue and play with that.

The auto login option would be nice if kayako picked it up and ran with it but I think we would need more people to push for it.

One thing I was trying to work out is if a user sends a email to log a support call and then tries to click on the auto login option and can then see any updates on the call what would happen if next time the user tries to login from the web and log another support call will his history of the first call be shown ?

[AKL-MFCU]

the history wont be removed as long as the ticket isnt deleted and the database isn't cleaned up. I experienced it myself when i deleted a user from the users area because they first only e-mailed instead of normal login process and when they logged in, everything acted normal and their history was still there.

It would be for autologin for most, but security isn't bad especially with the chances that someone was "carbon copied" on the e-mail, so they shouldn't get the autologin process for someone else's info. But again, thats just a big paranoia thing i do.

[tdrinkhill]

I'm trying to get ldap working in PHP, but am just having no success at all. I've followed the steps that have been mentioned several times in this thread - editing the PHP.INI file and copying the two dlls into the System32 folder, but my PHPInfo.php page still doesn't have an entry for LDAP.

Could someone please give me some advice as to what else I could try?

Thanks,


Tim

[AKL-MFCU]

im assuming you are using iis6 or some other hosting method, in which you will have to restart iis in order for any changes to take effect. It reloads php based on restart not during any live connections. Also verify that the location of your php.ini file is what iis is pointing to.

[tdrinkhill]

Quote:

Originally Posted by AKL-MFCU

im assuming you are using iis6 or some other hosting method, in which you will have to restart iis in order for any changes to take effect. It reloads php based on restart not during any live connections. Also verify that the location of your php.ini file is what iis is pointing to.

Sorry, yes - it's Windows 2003 and IIS 6. php itself is running fine (as is eSupport, aside from LDAP integration) and IIS seems to be pointing to the php.ini file okay too, as when I make changes to it, my PHPInfo.php page shows these alterations (after I run iisreset /stop and then net start w3svc).

Is there anything else I should be doing? I'm a total php newbie

[AKL-MFCU]

Quote:

Originally Posted by tdrinkhill

Sorry, yes - it's Windows 2003 and IIS 6. php itself is running fine (as is eSupport, aside from LDAP integration) and IIS seems to be pointing to the php.ini file okay too, as when I make changes to it, my PHPInfo.php page shows these alterations (after I run iisreset /stop and then net start w3svc).

Is there anything else I should be doing? I'm a total php newbie

So you are saying that when you restart it its showing the alterations so now its saying ldap is enabled? Let me know. If you want me to set it up you can message me and we can set up a time when i can remote in and configure it to work. Thanks! Best way to also make sure you are working with the right php.ini file is to log into supportsuite admin, and do the diagnostics at the bottom and look at phpinfo file there- look for its "directory location"

[tdrinkhill]

Quote:

Originally Posted by AKL-MFCU

So you are saying that when you restart it its showing the alterations so now its saying ldap is enabled?

Sorry, no - I'm saying that if, for example, I change the extension path setting in the php.ini file, it's reflected in the phpinfo page after a restart, but there's no LDAP section there (I'll PM you a link to the page so you can see it).

I checked in the admin section, btw, and it's definitely pointing to the correct one - c:\windows\php.ini.

When I Google "php" and "ldap", I get lots of links about having to build php with LDAP support enabled - is this something i need to do? Am I using the correct version of php? I just downloaded v4.4.2 from php.net and installed that.

Thanks for the help!

[jamesM]

Here is how I got it working on windows you download the zip version of php for windows and extract the files to a temp folder you will find I think in the ext or extension folder all the dll's copy these to you local install of php extension folder and check your php.ini and enable the ldap extension

run php from the command line and make sure it runs with out any problems as I did find at one stage I had the extension folder set wrong and php.exe when ran would come up with an error. If all works create a phpinfo() file and have a look to see if ldap support is there.

If that does not work I will email you my php.ini and my extension folder.

[bowerjb]

I would like to know if anyone has any idea if Kayako is planning on allowing Staff and Admin accounts to authenticate to Active Directory. Authenticating general users is working great for us but it would sure be nice to allow the same for Staff and Admins.

Thanks!