Hi, I don’t see any options for “pre-filtering” the LDAP server list either. That would be a nice feature I guess, but as Gerald says, only if a domain name was available at (all) login times.
One thought that comes to mind, though, would be to actually do an LDAP filter so that the search would be “empty” and would continue to the next server much faster (maybe). You’d have to actually use the email as login I guess, but that’s how I understand you’re using it. So for LDAP server 1, you’d have: (&(samAccountType=805306368(|(mail=*domain1.com)(proxyAddresses=*:*domain1.com))(!(userAccountControl:1.2.840.113556.1.4.803:=2))) And for LDAP server 2: (&(samAccountType=805306368(|(mail=*domain2.com)(proxyAddresses=*:*domain2.com))(!(userAccountControl:1.2.840.113556.1.4.803:=2))) The thought here is that the shorter the list of users to check (in this case empty), the faster it continues. The LDAP filters above are MS/AD specific, and probably needs a sanity check too, I have *not* tested them. (and may even be more effective in another order, I don’t know) For failover of the LDAP servers, I’ve been using simple DNS round robin, but I like the solution that Gerald links to. -- /S From: otrs-boun...@otrs.org [mailto:otrs-boun...@otrs.org] On Behalf Of Gerald Young Sent: 8. september 2014 12:37 To: User questions and discussions about OTRS. Subject: Re: [otrs] LDAP Authentication There isn't any provision for that because unless you're using domain names in the username, how would you know? As for unavailable LDAP, that's a problem in general. If there are fallback servers for ldap in a given domain, you might be able to provide a list: http://forums.otterhub.org/viewtopic.php?f=61&t=19509#p76628 On Wed, Sep 3, 2014 at 8:13 PM, Nick Lapp <nick.l...@imesd.k12.or.us<mailto:nick.l...@imesd.k12.or.us>> wrote: I have a list of possible LDAP servers in my Config.pm that customers may authenticate against. Is it possible in the Config.pm file to target which LDAP server to use based off of the customers email domain with which they use to login? Currently OTRS has to iterate through each LDAP server which slows the process down and causes a hang if any of the LDAP servers are unavailable. Nick --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
