Hope someone got a good solution for this. As we are using the same Active Directory LDAP tree to authenticate both agents and customers, any "customer" can register and log in to the agent front-end. They wouldn't be able to do much apart from registering new tickets, but it still is a feature we would like to disable for normal customers. How can I disable this feature, and only allow already "approved" users access. By "approved", I mean users which I manually add to the system_user table. It's not pretty, but it works for us. Regards, Thomas Nilsen Svg Support Tel: +47 55 59 95 05 - Mob: +47 916 98 229 DISCLAIMER: This message contains information that may be privileged or confidential and is the property of the Roxar Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorised to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
On Friday, March 19, 2004 11:04 AM
Thomas Nilsen
How can I disable this feature, and only allow already "approved" users access. By "approved", I mean users which I manually add to the system_user table. It's not pretty, but it works for us.
You're looking for this feature: # Check if the user is allowed to auth in a posixGroup # (e. g. user needs to be in a group xyz to use otrs) $Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'cn=otrsallow,ou=posixGroups,dc=example,dc=com'; $Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'memberUid'; # for ldap posixGroups objectclass (just uid) # $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID'; # for non ldap posixGroups objectclass (full user dn) $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN'; The corresponding LDIF: version: 1 # LDIF Export for: cn=otrsallow,ou=posixGroups,dc=example,dc=com # Generated by phpLDAPadmin on March 19, 2004 3:31 pm # Server: example.com (ldap.example.com) # Search Scope: base # Total entries: 1 # Entry 1: cn=otrsallow,ou=posixGroups,dc=example,dc=com dn: cn=otrsallow,ou=posixGroups,dc=example,dc=com cn: otrsallow gidNumber: 2000 objectClass: posixgroup objectClass: top memberUid: customerA memberUid: customerB memberUid: customerC You want to adapt the above to suit your ADS, possibly use sAMAccountName somewhere... hth, Robert Kehl -- ((otrs.de)) :: OTRS GmbH :: Norsk-Data-Str. 1 :: 61352 Bad Homburg http://www.otrs.de/ :: Tel. +49 (0)6172 4832388
participants (2)
-
Robert Kehl -
Thomas Nilsen