Book:OTRS 3.0 - Admin Manual/Chapter 11/3

OTRS offers the option to authenticate agents and customers against different backends.

DB (Default)
The backend to authenticate agents which is used by default is the OTRS database. Agents can be added and edited via the agent management interface in the Admin page (see Example 11-6 below).

LDAP
If an LDAP directory has all your agent data stored, you can use the LDAP module to authenticate your users in OTRS (see Example 11-7 below). This module has only read access to the LDAP tree, which means that you cannot edit your user data via the agent management interface.

The configuration parameters shown in Script 11.8 can be used to synchronize the user data from your LDAP directory into your local OTRS database. This reduces the number of requests to your LDAP server and speeds up the authentication with OTRS. The data synchronization is done when the agent authenticates the first time. Although the data can be syncronized into the local OTRS database, the LDAP directory is the last instance for the authentication, so an inactive user in the LDAP tree can't authenticate to OTRS, even when the account data is already stored in the OTRS database. The agent data in the LDAP directory can't be edited via the web interface of OTRS, so the data has to be managed directly in the LDAP tree.

HTTPBasicAuth for Agents
If you want to implement a "single sign on" solution for all your agents, you can use HTTP basic authentication (for all your systems) and the HTTPBasicAuth module for OTRS (see Example 11-8 below).

Radius
The configuration parameters shown in Example 11-9 can be used to authenticate agents against a Radius server.

Database (Default)
The default user authentication backend for customers in OTRS is the OTRS database. With this backend, all customer data can be edited via the web interface of OTRS (see Example 11-10 below).

LDAP
If you have an LDAP directory with all your customer data, you can use the LDAP module to authenticate your customers to OTRS (see Example 11-11 below). Because this module has only read-access to the LDAP backend, it is not possible to edit the customer data via the OTRS web interface.

HTTPBasicAuth for customers
If you want to implement a "single sign on" solution for all your customer users, you can use HTTPBasic authentication (for all your systems) and use the HTTPBasicAuth module with OTRS (no login is needed with OTRS any more). See Example 11-12 below.

Radius
The settings shown in Example 11-13 can be used to authenticate your customers against a Radius server.