[otrs] Multiple LDAP Authentication Sources
Hello all, I am in the process of setting up OTRS for my organization. We provide tech support to about 20 different organizations and are currently using WebHelpdesk as our helpdesk solution with each customer organization connected to WebHelpdesk with LDAP sync. We would like to accomplish the same thing with OTRS allowing users within the different organizations to login to OTRS with their local AD account. In order to improve the speed of OTRS, I have set up a separate service that syncs AD user information from the various organizations with the OTRS user database. That way OTRS is relying on its own database for user information and it doesn't have to go out over an LDAP connection. I have then set up LDAP authentication so the user is authenticated with AD and the user information is already in the OTRS database. This has been working successfully with the first 10 organizations, but as soon as a user from the 11th organization tries to authenticate, it fails. I know there is hard limit of 10 set for LDAP back ends so I'm assuming that same limit is also on LDAP authentication back ends which is causing the failure. I'm also seeing in the system logs that the 10th organization is the last one OTRS attempts to authenticate against. My question is, does anyone know of a way to override that limit of 10? I've already come up with a successful workaround for the slowness caused by multiple LDAP customer data back ends and we're okay with slower login times due to multiple LDAP authentication sources. Our real goal is a seamless experience for our customers. Any help is much appreciated! Best regards, Nick - OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Re: [otrs] Multiple LDAP Authentication Sources
If you're already copying AD information into a local database, why not sync it to different branches of a pair of local LDAP servers using slapd, and have two sources that start at a common branch and search downward? That would give you only 2 sources to check (a primary and a backup), but all the data in one (replicated) place. You might have to deal with userid collisions, though (ie two jsmiths). Another option would be to set up OTRS to use Apache authentication and use something like CoSign to get a credential and pass it to OTRS for authentication. That would work for OTRS and a lot of other things too (single sign on = goodness). CoSign can handle an arbitrarily large number of authentication sources. OTRS would still need the user details and authorizations for different OTRS functions in its database, but then you could use your existing code to prepopulate that. From: otrs-boun...@otrs.org [mailto:otrs-boun...@otrs.org] On Behalf Of Nick Lapp Sent: Sunday, October 14, 2012 5:43 PM To: 'otrs@otrs.org' Subject: [otrs] Multiple LDAP Authentication Sources Hello all, I am in the process of setting up OTRS for my organization. We provide tech support to about 20 different organizations and are currently using WebHelpdesk as our helpdesk solution with each customer organization connected to WebHelpdesk with LDAP sync. We would like to accomplish the same thing with OTRS allowing users within the different organizations to login to OTRS with their local AD account. In order to improve the speed of OTRS, I have set up a separate service that syncs AD user information from the various organizations with the OTRS user database. That way OTRS is relying on its own database for user information and it doesn't have to go out over an LDAP connection. I have then set up LDAP authentication so the user is authenticated with AD and the user information is already in the OTRS database. This has been working successfully with the first 10 organizations, but as soon as a user from the 11th organization tries to authenticate, it fails. I know there is hard limit of 10 set for LDAP back ends so I'm assuming that same limit is also on LDAP authentication back ends which is causing the failure. I'm also seeing in the system logs that the 10th organization is the last one OTRS attempts to authenticate against. My question is, does anyone know of a way to override that limit of 10? I've already come up with a successful workaround for the slowness caused by multiple LDAP customer data back ends and we're okay with slower login times due to multiple LDAP authentication sources. Our real goal is a seamless experience for our customers. Any help is much appreciated! Best regards, Nick - OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Re: [otrs] Multiple LDAP Authentication Sources
Increase the value in CustomerAuth.pm for my $Count ( '', 1 .. 10 ) and for ( '', 1 .. 10 ) Change 10 to 99 or 1000 if you want. Note that '' (no index) is also valid. On Sun, Oct 14, 2012 at 5:42 PM, Nick Lapp nick.l...@imesd.k12.or.uswrote: Hello all, ** ** I am in the process of setting up OTRS for my organization. We provide tech support to about 20 different organizations and are currently using WebHelpdesk as our helpdesk solution with each customer organization connected to WebHelpdesk with LDAP sync. We would like to accomplish the same thing with OTRS allowing users within the different organizations to login to OTRS with their local AD account. ** ** In order to improve the speed of OTRS, I have set up a separate service that syncs AD user information from the various organizations with the OTRS user database. That way OTRS is relying on its own database for user information and it doesn’t have to go out over an LDAP connection. I have then set up LDAP authentication so the user is authenticated with AD and the user information is already in the OTRS database. This has been working successfully with the first 10 organizations, but as soon as a user from the 11th organization tries to authenticate, it fails. I know there is hard limit of 10 set for LDAP back ends so I’m assuming that same limit is also on LDAP authentication back ends which is causing the failure. I’m also seeing in the system logs that the 10th organization is the last one OTRS attempts to authenticate against. ** ** My question is, does anyone know of a way to override that limit of 10? I’ve already come up with a successful workaround for the slowness caused by multiple LDAP customer data back ends and we’re okay with slower login times due to multiple LDAP authentication sources. Our real goal is a seamless experience for our customers. Any help is much appreciated! ** ** Best regards, ** ** Nick - OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs - OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
