One of the more common areas of question for folks going through the initial Web Help Desk setup has been LDAP / Active Directory configuration. Usually this is due to unfamiliarity with LDAP syntax, and once we know what we are looking for, the rest of the configuration is a snap. This post is intended to help you setup Web Help Desk to interface with your Active Directory, but could easily be abstracted to work with any LDAP application that you would want to use AD with.
One of the great things about Web Help Desk is the fact that it is cross-platform and can be used in virtually any environment. LDAP is the OS-agnostic protocol of choice for this circumstance, and provides the ability to authenticate and import client information into Web Help Desk. While this makes Web Help Desk very flexible, LDAP certainly can cause questions for folks who are used to a Microsoft-centric environment and may not be used to peculiar LDAP syntax.
ACTIVE DIRECTORY > LDAP
Active Directory is a Microsoft implementation of LDAP and supports a super-set of LDAP features. In addition to providing the functionality required to run your Windows domain, it also provides native LDAP functionality. And this is where it gets fun. Even for those that are used to LDAP syntax, there will be a moment of reflection when it comes to configuring search criteria for Active Directory. Fear not, for it is actually quite simple once you know what you are looking for.
BASE DN? WHAT IS THAT?
So likely in your Active Directory setup, you have one or more ways of organizing your users into an OU structure, or perhaps you are using the default “Users” container. The base DN specifies in LDAP parlance where those user objects live. The syntax is straightforward and will look similar to: ou=Users,dc=domain,dc=com. A good tool for determining the base DN for your environment is Microsoft’s AD Explorer: http://technet.microsoft.com/en-us/sysinternals/bb963907.aspx For example, if my AD domain were “solarwinds.com” and I had all of the users I wanted to have access to Web Help Desk in my “Developers” OU, my base DN would be: “ou=Developers,dc=solarwinds,dc=com”
For your typical AD deployment, just using the domain name in the format: dc=domain,dc=com should work just fine.
Typically LDAP queries can be performed anonymously, but here AD is a little different as well. A valid AD account with the ability to read LDAP info (“Domain User” privileges are fine) is required to “bind” to the LDAP server. It is usually good to have the UPN suffix of the user name match the dc values of the base DN (@solarwinds.com in the above example) If you don’t know what this means, don’t worry as you probably aren’t in an environment with multiple suffixes. (If you are interested, look here: http://technet.microsoft.com/en-us/library/cc772007.aspx) Toss these user credentials (ex. robhock@solarwinds. com) into the Connection Account field with the relevant password, and Web Help Desk should be talking to your AD. Feel free to import custom fields by modifying the Attributes Mapping values. The defaults work just fine for AD, but some environments may have extra fields they want to import.
And that is it- if you haven’t checked out Web Help Desk yet please visit www.webhelpdesk.com and take it for a spin.