On Friday, March 19, 2004 11:04 AM
Thomas Nilsen <[EMAIL PROTECTED]> wrote:
> How can I disable this feature, and only allow already "approved"
> users access. By "approved", I mean users which I manually add to the
> system_user table. It's not pretty, but it works for us.
You're looking for this feature:
# Check if the user is allowed to auth in a posixGroup
# (e. g. user needs to be in a group xyz to use otrs)
$Self->{'Customer::AuthModule::LDAP::GroupDN'} =
'cn=otrsallow,ou=posixGroups,dc=example,dc=com';
$Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'memberUid';
# for ldap posixGroups objectclass (just uid)
# $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'UID';
# for non ldap posixGroups objectclass (full user dn)
$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN';
The corresponding LDIF:
version: 1
# LDIF Export for: cn=otrsallow,ou=posixGroups,dc=example,dc=com
# Generated by phpLDAPadmin on March 19, 2004 3:31 pm
# Server: example.com (ldap.example.com)
# Search Scope: base
# Total entries: 1
# Entry 1: cn=otrsallow,ou=posixGroups,dc=example,dc=com
dn: cn=otrsallow,ou=posixGroups,dc=example,dc=com
cn: otrsallow
gidNumber: 2000
objectClass: posixgroup
objectClass: top
memberUid: customerA
memberUid: customerB
memberUid: customerC
You want to adapt the above to suit your ADS, possibly use
sAMAccountName somewhere...
hth,
Robert Kehl
--
((otrs.de)) :: OTRS GmbH :: Norsk-Data-Str. 1 :: 61352 Bad Homburg
http://www.otrs.de/ :: Tel. +49 (0)6172 4832388
_______________________________________________
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support oder Consulting f�r Ihr OTRS System?
=> http://www.otrs.de/
