Thanks Eric and Thomas for your inputs and Tyler for your help in setting this thing up. I am also looking into this direction and lets see what can be done. If I am able to find some unique solution you guys should see a new message with documentation about how to go about doing it. Maybe someone can post it in the FAQ section of the site later.
Once again thank you for your help, Cheers, Nik ----- Original Message ----- From: "Thomas Nilsen" <[EMAIL PROTECTED]> To: "User questions and discussions about OTRS." <[EMAIL PROTECTED]> Sent: Tuesday, April 27, 2004 6:34 AM Subject: RE: [otrs] LDAP and active directory authentication problems Since OTRS 1.2 supports basic http auth, one should be able to write a new login front-end that uses the Apache AuthenNTLM module. The problem is that the username returned by apache is based on "domainname\username", hence the need for a new login front-end that modifies the username before sending it to the login function of otrs. Another problem with the AuthenNTLM is that it sometimes locks up when using POST. Where we use this module, we have set up a sublevel folder for /auth/ which does the authentication, and then pass the username on to the actual application via a session variables (PHP) or redirect. However, I have not yet had time to look at setting this authentication scheme up with OTRS... Thomas >-----Original Message----- >From: Erik Mathis [mailto:[EMAIL PROTECTED] >Sent: Monday, April 26, 2004 10:38 AM >To: User questions and discussions about OTRS. >Subject: Re: [otrs] LDAP and active directory authentication problems >> >>>Now that everything is working, I have one more question. >>>Will I be able to do Integrated Windows authentication using >>>Apache or will I have to port OTRS over to IIS for it ? >>> >>> >> >>I know you can do "single sign on" using HTTP basic auth, but >it appears >>that it compares the username logged onto a system against a >list of user's >>stored in apache (skips LDAP altogether). So, I don't think >that is exactly >>what you are after. I'd actually like to know more about >this too. Perhaps >>a cron could export LDAP user accounts into an Apache auth >file from time to >>time? >> >> >> > Using Pam and Winbind you should be able to this. >You will have to load the Auth_pam mod for apache. > >Also with winbind you can create a passwd type file of user names and >just have a cronjob with a simple perl or shell script to spit out a >.htaccess file if you don't want to mess with PAM. > > DISCLAIMER: This message contains information that may be privileged or confidential and is the property of the Roxar Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorised to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. _______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? =http://www.otrs.de/ _______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? => http://www.otrs.de/
