New subject: Limit Agent user registration

25 Mar 2004

      The problems with AD is that group memberships doesn't comply with the standard LDAP posix group structure. Group members in AD are listed with a serial number type entry - which doesn't directly reflect the users.. and I haven't quite figured out that it actually does reflect..

What I was thinking of was just commenting out the code that allows "self registration" on the login page... if i knew where it is... ;-)

Regards, Thomas
...
-----Original Message-----
From: Robert Kehl [mailto:robert.kehl@otrs.de]
Sent: Friday, March 19, 2004 3:35 PM
To: User questions and discussions about OTRS.
Subject: Re: [otrs] Limit Agent user registration
On Friday, March 19, 2004 11:04 AM
Thomas Nilsen  wrote:
...
How can I disable this feature, and only allow already "approved"
users access. By "approved", I mean users which I manually add to the
system_user table. It's not pretty, but it works for us.
You're looking for this feature:
# Check if the user is allowed to auth in a posixGroup
   # (e. g. user needs to be in a group xyz to use otrs)
   $Self->{'Customer::AuthModule::LDAP::GroupDN'} =
'cn=otrsallow,ou=posixGroups,dc=example,dc=com';
   $Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'memberUid';
   # for ldap posixGroups objectclass (just uid)
#    $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID';
   # for non ldap posixGroups objectclass (full user dn)
   $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN';
The corresponding LDIF:
version: 1
# LDIF Export for: cn=otrsallow,ou=posixGroups,dc=example,dc=com
# Generated by phpLDAPadmin on March 19, 2004 3:31 pm
# Server: example.com (ldap.example.com)
# Search Scope: base
# Total entries: 1
# Entry 1: cn=otrsallow,ou=posixGroups,dc=example,dc=com
dn: cn=otrsallow,ou=posixGroups,dc=example,dc=com
cn: otrsallow
gidNumber: 2000
objectClass: posixgroup
objectClass: top
memberUid: customerA
memberUid: customerB
memberUid: customerC
You want to adapt the above to suit your ADS, possibly use
sAMAccountName somewhere...
hth,
Robert Kehl
--
((otrs.de)) :: OTRS GmbH :: Norsk-Data-Str. 1 :: 61352 Bad Homburg
        http://www.otrs.de/ :: Tel. +49 (0)6172 4832388
_______________________________________________
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support oder Consulting für Ihr OTRS System?
=> http://www.otrs.de/
DISCLAIMER:
This message contains information that may be privileged or confidential and is the property of the Roxar Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorised to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.

RE: [otrs] Limit Agent user registration

Thomas Nilsen

Robert Kehl

tags

participants (2)