Would you like to learn how to configure the OTRS LDAP authentication on Active Directory? In this tutorial, we are going to show you how to authenticate OTRS users using the Active Directory from Microsoft Windows and the LDAP protocol.

• Ubuntu 20
• Ubuntu 19
• Ubuntu 18
• OTRS 6.0.29

OTRS – Related Tutorial:

On this page, we offer quick access to a list of tutorials related to OTRS.

Tutorial Windows – Domain Controller Firewall

• IP – 192.168.15.10
• Operacional System – WINDOWS 2012 R2
• Hostname – TECH-DC01

First, we need to create a Firewall rule on the Windows domain controller.

This firewall rule will allow the OTRS server to query the Active directory.

On the domain controller, open the application named Windows Firewall with Advanced Security

Create a new Inbound firewall rule.

zabbix active directory

Select the PORT option.

Select the TCP option.

Select the Specific local ports option.

Enter the TCP port 389.

zabbix windows firewall port ldap

Select the Allow the connection option.

zabbix windows firewall allow connection

Check the DOMAIN option.

Check the PRIVATE option.

Check the PUBLIC option.

Enter a description to the firewall rule.

windows firewall active directory

Congratulations, you have created the required firewall rule.

This rule will allow the OTRS server to query the Active Directory database.

Tutorial Windows – Domain Account Creation

Next, we need to create at least 2 accounts on the Active Directory database.

The USER01 account will be used to login on OTRS as an agent.

The BIND account will be used to query the Active Directory database.

On the domain controller, open the application named: Active Directory Users and Computers

Create a new account inside the Users container.

Zabbix active directory account

Create a new account named: USER01

Password configured to USER01: 123qwe..

This account will be used to authenticate on the OTRS web interface.

Ldap User01
zabbix active directory admin properties

Important! An agent account must have the email address specified.

OTRS LDAP Authentication

Create a new account named: bind

Password configured to the BIND user: kamisama123..

This account will be used to query the information stored on the Active Directory database.

active directory bind account
zabbix active directory ldap bind properties

Congratulations, you have created the required Active Directory accounts.

Tutorial Windows – Domain Group Creation

Next, we need to create a group on the Active Directory.

On the domain controller, open the application named: Active Directory Users and Computers

Create a new group inside the Users container.

Radius Active directory group

Create a new group named: OTRS-AGENTS.

Members of this group will be allowed to authenticate on OTRS as agents.

LDAP Authentication OTRS

Important! Add the account USER01 as a member of the OTRS-AGENTS group.

OTRS LDAP Active directory

Congratulations, you have created the required Active Directory group.

OTRS – LDAP Authentication on the Active Directory

Edit the OTRS configuration file.

Copy to Clipboard

Locate the following area.

Copy to Clipboard

Below this area, insert the LDAP authentication configuration.

Copy to Clipboard

First, we configured OTRS to authenticate on the Active Directory using LDAP.

Copy to Clipboard

Second, we configured OTRS to create a local account every time a user successfully authenticates using an Active Directory account.

Copy to Clipboard

In our example, members of the OTRS-AGENTS group will be allowed to login as agents on ORTS.

You need to change the bind credentials to reflect your Network environment.

You need to change the domain information to reflect your Network environment.

Tutorial OTRS – LDAP Authentication

Open your browser and enter the IP address of your web server plus /otrs/.

In our example, the following URL was entered in the Browser:

• http://192.168.15.20/otrs/

The OTRS web interface should be presented.

OTRS login

On the login screen, use the Active Directory account

• Username: user01
• Password: Enter the Active Directory password.

After a successful login, you will be sent to the OTRS Dashboard.

OTRS Authentication Active Directory

Congratulations! You configured the OTRS authentication to use the Active Directory.