On Thursday, March 25, 2004 2:43 PM
Thomas Nilsen
Auto registration might be the wrong term. But since we have set up AD as the main authentication source for both customers and agents, and using the same base dn, customers can then log on as agents as well by just entering their usernames/passwords twice. The first time they get the message: "Useraccount activated, retry.". Then they can log on to the agent front-end... They won't see any queues or anything, but we still don't want them to be able to register as agents.
Ah, I see. This is the synchronization from LDAP to DB. Kinda auto-regging indeed, yes. How to prevent this? Put your customers in their own group - it's that simple. Do not use the same baseDN. Example: Assuming, your Agents are here: ou=People,ou=Headquarter,dc=example,dc=com Your Customers are here (or at least should be) ou=Customers,ou=Headquarter,dc=example,dc=com The BaseDN you used to be using is: ou=Headquarter,dc=example,dc=com Now, use this for the BaseDN when it comes to Customers: ou=Customers,ou=Headquarter,dc=example,dc=com And this one, when it comes to Agent AUTH: ou=People,ou=Headquarter,dc=example,dc=com If you have both your Agents and your Customers cluttered in: ou=People,ou=Headquarter,dc=example,dc=com Then it's time for a cleanup, I presume. I believe there must be another way to logically distinguish your Customers from your Agents in your AD, but I know too little of it, sorry. If the above is no option at all, we'll dig further. hth, Robert Kehl -- ((otrs.de)) :: OTRS GmbH :: Norsk-Data-Str. 1 :: 61352 Bad Homburg http://www.otrs.de/ :: Tel. +49 (0)6172 4832388