On Thursday, March 25, 2004 2:43 PM
Thomas Nilsen <[EMAIL PROTECTED]> wrote:
> Auto registration might be the wrong term. But since we have set up
> AD as the main authentication source for both customers and agents,
> and using the same base dn, customers can then log on as agents as
> well by just entering their usernames/passwords twice. The first time
> they get the message: "Useraccount activated, retry.". Then they can
> log on to the agent front-end... They won't see any queues or
> anything, but we still don't want them to be able to register as
> agents.
Ah, I see. This is the synchronization from LDAP to DB. Kinda
auto-regging indeed, yes.
How to prevent this? Put your customers in their own group - it's that
simple. Do not use the same baseDN.
Example:
Assuming, your Agents are here:
ou=People,ou=Headquarter,dc=example,dc=com
Your Customers are here (or at least should be)
ou=Customers,ou=Headquarter,dc=example,dc=com
The BaseDN you used to be using is:
ou=Headquarter,dc=example,dc=com
Now, use this for the BaseDN when it comes to Customers:
ou=Customers,ou=Headquarter,dc=example,dc=com
And this one, when it comes to Agent AUTH:
ou=People,ou=Headquarter,dc=example,dc=com
If you have both your Agents and your Customers cluttered in:
ou=People,ou=Headquarter,dc=example,dc=com
Then it's time for a cleanup, I presume.
I believe there must be another way to logically distinguish your
Customers from your Agents in your AD, but I know too little of it,
sorry. If the above is no option at all, we'll dig further.
hth,
Robert Kehl
--
((otrs.de)) :: OTRS GmbH :: Norsk-Data-Str. 1 :: 61352 Bad Homburg
http://www.otrs.de/ :: Tel. +49 (0)6172 4832388
_______________________________________________
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support oder Consulting f�r Ihr OTRS System?
=> http://www.otrs.de/
