osTicket 1.8.1 – How to configure the LDAP Authentication and Lookup plugin

With the release of osTicket version 1.8.1ST and of course the first three official plugins many people have been curious how to install them and configure them.  This is especially true of the auth-ldap plugin. I've written a lot of responses on the forums, and thought that it might be good to actually collect some of the better snippets and put them in one place.  So here is that place.  As a side note I run Active Directory so this article is probably slanted towards that usage.

  • Download the auth-ldap plugin from either github.com or osticket.com.  If you get it from github copy the ldap-auth directory into your /plugins directory.  If you get it from osticket.com put the auth-ldap.phar in /plugins/ldap-auth directory.
    note: I have seen several complaints about the .phar file on the forums and recommend that you simply get the latest version from github.
  • Log into your osTicket installation and go to Admin panel -> Manage -> Plugins.
  • Click "Add New Plugin" in the upper right.
  • Click the Install button to the left of "LDAP Authentication and Lookup".
  • Click on "LDAP Authentication and Look up".
  • Fill out the settings in a manner that reflects your AD/LDAP server.  Here's how I configured mine.

Default domain: is your FQDN for your domain.  In my configuration its corp.SHORTDOMAINNAME.local.

DNS Servers: your dns server.  I use the IP Address for ours.

LDAP Servers: I put two entries in here, but you really only need one.  I personally entered the ip address of my AD server, and the FQDN of my AD server. (The FQDN of your AD server should be SERVERNAME.corp.SHORTDOMAINNAME.local.

Use TLS: I did not check this.  You may have to depending on what version of AD your running.

Connection Information
Search User: a username that has look up rights in AD. I had to user SHORTDOMAINNAME\username here to get it to bind right.

Password: the accounts password.

Search Base: I don't think that this is necessary, but I was playing with it a little.  Currently I have this set to:
OU=All_Users,DC=corp,DC=SHORTDOMAINNAME,DC=local

LDAP Schema: I have selected "Microsoft Active Directory".

  • Click the Save Changes button.
  • Up top in the menu bar click "Plugins".

Tick the check box to the left of "LDAP Authentication and Lookup" and then click the Enable button.

  • Now that you have installed, configured, and enabled the plugin, you have to give your users permission to use the authentication backend.

    Go to Admin panel -> Staff -> Staff Members
    Click on the staff that you want to be able to login and change "Authentication Backend" to "Active Directory of LDAP".  Once you have done that scroll down and click "Save Changes".

    Note: Yes even though its already set to "- Use any available backend -" it does not properly try AD/LDAP first and then fall back to local authentication.

Troubleshooting Questions:

In this section you will find some of the questions that I have been asked and my replies. If you have more questions that are not covered here please feel free to post over on the osTicket forums.
 

Q: Does someone have an example of how they configured this plugin for AD and what they had installed on their Windows 2008 server?
A: I've provided as much as I can as to how I configured it.  What we have installed on our Windows 2008 server though doesn't seem like its particularly important however.

Q: if it isn't needed, why the error?
A: The search user account is only needed for the lookup portion of the plugin.  Authentication should work with out it.

Q: Anyway, I don't see any type-ahead or lookup happening when I create a new ticket and I *thought* I had this working in the old 1.6 installation I used to have (but I didn't upgrade it, I started from scratch).
A: There was no LDAP plugin for 1.6.  Plugins were just introduced in version 1.8.1.  There was a mod on the forum that you might have used, but it was written by a community member and not the osTicket devs.

Q: Are there any simple step by step instructions to configure this plugin or at least a screen shot of a typical installation you can share?
A: No, but I have just replied with some generic instructions that might get you going.  Unfortunately there are a lot of ways that your AD could be configured, and your organizational units can vary from everyone else's. 

 

Hosted osTicket is available – Supportsystem.com

I post a lot of information here about the Open Source project called osTicket. Much of which is my own hacking, information, FAQs that I have compiled from the forums, directions and howTo's to try to help the osTicket software community.  It is my hope that my posts help spread the word about osTicket, broaden the community, as well as help the members of the community.

Did you know that the company that supports the development of osTicket has a hosted version?  It's called supportsystem.com and for as little as $9 per agent per month you can have your very own mostly preconfigured personizable osTicket installation run on their servers with email integration.  To clarify a little an agent is your staff member who answers customer/client questions.  This hosted version enjoys the same features that you can currently enjoy in the free self hosted version of osTicket but with none of the headaches of self hosting or setup.  If you are looking for a customer client portal or just want to support an organization internally I urge you to check them out over at: http://supportsystem.com. It's also worth mentioning that they are currently offering a 30 day free trial with no Credit Card required, and no commitment!  Once your trial is over they will ask you for a credit card to to continue your paid plan, and you are always free to change and or downgrade your plan at any time.

~ ntozier


Disclaimer: I did not receive any financial compensation for the writing of this brief summary. I also receive no compensation of any kinda for referrals to their service or for new customers signing up. In the spirit of full disclosure they did fly me down to their corporate headquarters and put me up in September of last year to join in the first osticket dev conference.  I wrote a little about that experience here: http://tmib.net/reflections-weekend

 

BUGFIX: osTicket 1.8.1 – Opening tickets via email fails

Recently a lot of people who have upgraded to 1.8.1rc1 or 1.8.1ST have reported getting an error when an existing user (client) tries to open a ticket via email. Due to a small coding error the user_id is being stored as 0. This results in a screen that looks like:

And results in a PHP error of: Fatal error: Call to a member function getPhoneNumber() on a non-object in path\to\include\class.ticket.php on line 311.

This error is due to a problem when saving the user_id to the database for the new ticket. Here's how you fix it. edit include/class.ticket.php locate line 2287:

             .' ,user_id='.db_input($user->id)

change it to:

             .' ,user_id='.db_input($user->getId())

This will allow the system to properly save the user_id as it should. This change has already been applied to the github repository and future versions should not have this issue.

This change will not however fix existing tickets. To fix existing tickets you will either have to re-parse the emails, or manually alter the database. To manually alter your database (either via MySQL CLI or 3rd party MySQL GUI) you will need to identify who tried to open the ticket (email address) and look up their user_id in the database.  Here is the process:

  • Look up the email address (address column) in the ost_user_email table and note their user_id.
  • Open the ost_ticket table and find the ticket # of the broken ticket. 
  • Insert the user_id into the user_id column for that ticket.  

If you have multiple or a lot of tickets that are broken it is probably best that you reparse the original emails.

Enjoy!

osTicket 1.8.1 Released!

The good folks over at osTicket.com have just made the 1.8.1 Stable tag over on the github project.  This of course means that 1.8.1ST will be announced shortly.  Here is a brief over view of the new enhancements, bug fixes, etc.

 

Enhancements

  • Ticket filters support matching on email To and Cc fields (#529)
  • Microsoft® TNEF emails are supported (#555, 0890481, #567)
  • Popup summary and collaborator list on ticket queue page (#521)

Bugs

  • New ticket by staff adds recipient and staff context to email templates (#527)
  • Forbid password reset for non-local users (#570)
  • Allow an administrator to lift the force password change flag (#570)
  • Locks are released on logout (#522)
  • Text email footnotes are written as [title]#
  • Fix E_STRICT annoyance from class.config.php (#518)
  • Fix dashboard report timeframe for non-US date formats (#520)
  • Fix dashboard report ending "period" (#520)
  • Fixup Message-Id and Delivered-To for encapsulated messages (#528)
  • Fix several issues with display and download of attachments (#530)
  • Fix sending a reply email if requested not to (#531)
  • Much better compatibility implementation of the mbstring module (#517)
  • Consider the delivered-to header in finding the system email (#535)
  • Only consider collaborators if the receiving system email is identified (#537)
  • Do not consider delivered-to addresses as collaborators (#544)
  • Ticket variables are available in templates regardless of case (#545)
  • Allow advanced search on any priority regression (#547)
  • Assume iso-8859-1 MIME body encoding if not specified (#551)
  • Fix email address list parsing on bad MIME headers (#560)
  • Automatically detect file MIME type if not specified (ac42e62)
  • Fix login issue when upgrading from osTicket 1.6 (#571)
  • Add new features to the storage API to implement Amazon S3 (#515)
  • Fix attachment corruption on some documents like PDFs (#576)

Performance and Security

  • Reuse SMTP connections where possible (#462)
  • Enforce max file size for attachments sent via API (#568)
  • Support auditing login attempts (#559)
  • Avoid auth strikeouts when not attempting a login (#559, #523)

 

You can of course download it from github at: https://github.com/osTicket/osTicket-1.8/tree/v1.8.1

Additionally a new tag for 1.8.0.3 has also been made which means that they are planning a bug fix release for the 1.8.0.2, and a 1.7.6 tag for a bug fix release for that 1.7 tree also.

update @ 12:11pm EST the osTicket blog has a nice little announcement article at: http://osticket.com/blog/103

A peek at osTicket 1.8.1

The up coming osTicket 1.8.1 has a couple features that many in the community have been waiting for.. for a very long time.  One of those features is plugin support.  Similar to the way that  WordPress handles plugin you will be able to install plugins easily by simply unzipping the plugin and putting it in the plugin directory. There is a new menu in the Admin panel for installing and configuring plugins.  Of course what good would be a plugin system be if there were no plugins at launch?  So the devs have written three plugins that they are calling "Core Plugins".  These plugins are called: auth-ldap, auth-passthru, and storage-fs.

auth-ldap: provides STAFF authentication with an LDAP or Microsoft Active Directory server. [Note: there are plans to extend this to Client accounts also, but at launch this will only work for Staff.]

auth-passthru: Allows the HTTP server to perform user authentication.

storage-fs: Which allows attachment files to be stored in the file system (aka disk) instead of in the databse.

So tonight I installed the bleeding edge of the develop-next repository and installed the auth-ldap plugin.  Now before you go running out to do this please keep in mind that this software is not even official released yet so you shouldn't even think about using it for a production server.  Also I couldn't actually get the plugin to work… But here's your first peeks into the plugin system and the ldap plugin.

Go to admin panel -> Manage -> Plugins.
Where you will see a screen like this

click on "Add new plugin"

Click on Install to the left of LDAP Authentication and Lookup.

Click on LDAP Authentication and Lookup

configure it to match your settings.
click "Save Changes"

Click on Plugins again.
Click on the tick box, click on "Enable"