HelpSpot Help Desk Software | HelpSpot Blog | HelpSpot Support

Active Directory Integration


#1

Hi all,
I’m getting ready to test HelpSpot on one of our servers in an Active Directory environment. I had a quick question however. When creating a ticket, my boss wants to be able to select users from a drop down box. The users should be pulled from the active directory. Is this possible?

Thanks!


#2

Hi Ayaz,

HelpSpot can do that and more, but it’s not exactly as you describe. HelpSpot has a feature called Live Lookup, which can interact with any backend system, not just AD. Basically you write a small script which acts as an in between. HelpSpot passes in search information and you pass back XML after interacting with AD. So you could set it up so that if nothing is passed in all your AD information is passed back and displayed to the help desk staffer.

You can find the docs here:

http://www.userscape.com/helpdesk/index.php?pg=kb.page&id=6

If you run into trouble just let us know.


#3

Hi Ian,
Thanks for the quick reply. Unfortunately, I am having problems setting up HelpSpot to use Active Directory for authentication. I had a quick question…Do I have to create a user first in HelpSpot before he/she can login to HelpSpot authenticating against active directory?


#4

Yes, you need to first setup HelpSpot. Then you can login and add your AD username to your account (or others) under the ‘black box username’ field. After that’s done you can turn on black box authentication in Admin->Settings. Be sure you have your black box script set as described in:

http://www.userscape.com/helpdesk/index.php?pg=kb.page&id=138


#5

Oh I see…thats the problem I was having was that I thought that HelpSpot would automatically let them login once they were authenticated…I didn’t realize that I still needed to create them an account. Now its time to setup Live Lookup :slight_smile:

Thanks!


#6

Yep, because HelpSpot still needs to understand who the user is in the HelpSpot context so adding the AD username allows that to happen.

Let me know if you have any trouble with LL.


#7

Hi Ian,
I’ve made alot of progress on configuring Live Lookup. Basically, the script below will now return a user’s active directory information as XML when I hard code a user to look for but how can I configure it to interact with HelpSpot.

<?php // SECURITY: This prevents this script from being called from outside the context of HelpSpot //if (!defined('cBASEPATH')) die(); //Output the XML encoding header('Content-type: text/xml'); //include the class require_once("adLDAP.php"); //create the LDAP connection $adldap = new adLDAP(); //variables, change these :) $user="user"; $pass="password"; //some stuff to search for $lookup_user = "John"; //a user //$lookup_group = "Group"; //a group if ($adldap -> authenticate($user,$pass)){ echo '<?xml version="1.0" encoding="ISO-8859-1"'."?".">\n"; // User Information $info=$adldap->user_info($lookup_user,$fields); // echo "User Information:"; // echo ("
"); print_r($info); echo ("
\n"); echo ''; // /* if($info[count] != 0){ //Output each customer, these will be shown to the help desk user. The user can then pick the right one (if more than one returned). //The data can also be automatically inserted. for($loopcount = 0; $loopcount < $info[count]; $loopcount++) { echo' '.$info[$loopcount][samaccountname][0].' '.$info[$loopcount][givenname][0].' '.$info[$loopcount][sn][0].' '; } } echo ''; // */ } else { echo ("Authentication failed!"); } ?>

#8

btw: I’m using the adLDAP scripts functions that are found at http://adldap.sourceforge.net/ since that is suggested by HelpSpot. I’m not really a PHP programmer so I’ve been kind of cutting and pasting code to see what works :slight_smile:


#9

Sure thing Ayaz. HelpSpot passes in these 5 variables:

_GET['customer_id'] _GET[‘first_name’]
_GET['last_name'] _GET[‘email’]
$_GET[‘phone’]

So you can use them to search against your AD install using the adLDAP functions. Obviously it’s only passing your Live Lookup script the values it knows. So if you’ve only filled in the Customer ID field on the HelpSpot request page then all other variables would be empty except $_GET[‘customer_id’]

In v2 of HelpSpot more variables will be passed in such as the custom field values.


#10

Awesome! It worked! I’m sorry to keep bugging you with questions but do you have any suggestions on how to secure this script now? I don’t want people to be able to run it since it should only be run from within HelpSpot. I tried uncommenting

//if (!defined(‘cBASEPATH’)) die();

to see if it would still run but it didn’t…


#11

Actually that die line is only for the black box auth stuff, it won’t work for live lookup.

The best way to secure it is at the web server level. So tell your web server to not server the file unless the request is from the IP of the HelpSpot machine. Also you can/should run the request over HTTPS if available on your machine.


#12

Hi everyone,
We had a whale of a time getting AD Blackbox integration to work (none of us are php gurus here).

Just wanted to post here the simple solution that took us a few hours to find. We had to uncomment the line that includes the ldap extension in php.ini in the helpspot install folder.

I didn’t do the install and I don’t know if that was an option during the install process or not, but that finally allowed us to get blackbox working. Please consider adding that to your docs.

Thanks
Adam


#13

I also have a very nicely modified script for Live Lookup against a Windows Server 2003 AD (once you have LDAP working with PHP, which it looks like you finally do…I had to install the LDAP module on my VirtualAppliances.net LAMP server), based on the default one plus much experimentation, and it looks up using a wider variety of field combinations as well.

It needs to be cleaned up to make it more generic and less specific to our environment, but I can post it at some point. Requests for it may motivate me :slight_smile:


#14

Thanks Adam, we’ll get that extension added to the installer.