Used Zammad version: 3.6.x
Used Zammad installation source: (source, package, …) Ubuntu package
Operating system: Ubuntu 20.04
Browser + version: Firefox 85
Allow mapping the LDAP password to the zammad password attribute
The password attribute is not selectable when mapping LDAP
Steps to reproduce the behavior:
Attempt to configure LDAP.
I tried to setup zammad to authenticate with LDAP, however cannot seem to find how I could map LDAP’s user password value onto zammad’s Password attribute.
Would anyone who uses LDAP mind shedding some light onto this? I’m using openldap and keycloak to manage.
Thanks all :))
please take a look at this post:
Used Zammad version: 3.5.0
Used Zammad installation source: source
Operating system: Debian GNU/Linux 10
Browser + version: Google Chrome Version 86.0.4240.183 (Offizieller Build) (64-Bit)
we are using zammad with an active directory(AD). For ldap integration we map attribute userprinciplename to login. Now users can login with
firstname.lastname@example.org and their password.
What we would like to achieve is to cut off the domain part.
I found topic Change LDAP-Integration UID value
if this is not helpful, do a search on the forums:
there are several related entries there.
I had a look through the quoted thread but that applies to the login name. Is it possible to map the password as well?
I did have a look in the searches as well, but none of the threads concern passwords.
we did nothing to map the password. In fact, that attribute is not shown in the drop-down menu once you connec to the LDAP server…
Once you have the right filters in place, like these in our case:
…the rest will follow and users will be able to authenticate against LDAP / AD.
I would suggest to use an LDAP explorer tool to find out which atttributes you need and then make the necessary adjustments on Zammad.
The password is stored in the userpassword attribute in ldap. (storing them in plaintext is bad practice, but I am very new to LDAP and keycloak, and this is all internal and for now, simply a dry run, so it shouldn’t pose too much a problem). Please see attached:
Is that mapped to zammad? The password is managed by keycloak.
Okay let me jump in out of the order here real quick.
What ever you do
do not sync your user passwords from ldap.
It’s not just bad practise but also doesn’t make any sense because
LDAP syncy run every 60 minute only
this means: Changing your user password would draw your user account inaccessible for up to 60 Minutes
LDAP passwords are by default encrypted, Zammad has no logic for that encryption
Zammad will always authenticate against your LDAP server during your login - this means your LDAP server has to be available in that moment
Don’t sync LDAP passwords - you don’t need that any way.
Thanks. In this case, do you know how to integrate it with keycloak? Keycloak stores passwords in the userpassword. Regarding authenticating w/ LDAP, how is that set up?
Sorry for these potentially stupid questions, but I’m very new to LDAP.
Zammad is never interested in the user password of third parties - EVER.
As for keycloak authentication with Zammad, here’s a doc page that should help:
This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.