1:00 AM
El DiPablo
Back in September of last year I wrote up an article on how to get osTicket to authenticate with Active Directory. That article was based on version 1.6 RC5. It actually worked very well for my company. Users could simply login to the staff panel with their domain\username credentials.
Well, we started getting weird database errors recently, so I thought it might be good to move away from the RC5 version, and move to the final release. Well, if you read the comments at the bottom of my previous article you will know that my customizations didn’t carry over to the final release. That is ok though, because I found an even better and easier way to get osTicket to authenticate with AD. I got it working in about 2 minutes in Ubuntu Server 10.04.
First you will need one little perquisite package, php5-ldap. Just run the following:
>sudo apt-get install php5-ldap
Next you will want to manually create a user with a username that matches active directory. For instance is your AD username is jsmith create a user in osTicket called jsmith and give it a temporary password of 123456 (Doesn't matter because osTicket will look to AD right?)
Once that is installed, edit include/class.staff.php:
>sudo nano include/class.staff.php
Replace the following code:
/*compares user password*/
function check_passwd($password){
return (strlen($this->passwd) && strcmp($this->passwd, MD5($password))==0)?(TRUE):(FALSE);
}
With:
/*compares user password*/
function check_passwd($password){
// Change made for LDAP Auth based on -> http://osticket.com/forums/showthread.php?t=3312
// Change this line to the FQDN of your domain controller
$ds=ldap_connect('mydc.mydomain.local') or die("Couldn't connect to AD!");
// Change this line to the name of your Active Directory domain
if ($ds) {
$domain="mydomain";
$ldapbind = ldap_bind($ds);
if (!@ldap_bind( $ds, $domain."\\".$this->username, $password) ) {
// Auth failed! lets try at osTicket database
return (strlen($this->passwd) && strcmp($this->passwd, MD5($password))==0)?(TRUE):(FALSE);
// return(FALSE);
}
else{
// Auth succeeded!
return(TRUE);
}
// End Changes
}
}
After you do that change the items in red to match your environment then restart Apache:
>sudo /etc/init.d/apache2 restart
Bam! You now have Microsoft Active Directory authentication, and you don’t have to specify a domain name at login either!
If you are looking for additional functionality, check out the osTicket Forums, there are a lot of cool customizations I am sure you will find useful!
