On Friday, March 26, 2004 8:54 AM
Thomas Nilsen <[EMAIL PROTECTED]> wrote:
> If I could only find the code which allows this agent registration, I
> could comment it out and the problem would be solved...
SyncLDAP2Database{} is from Kernel/System/User.pm, but you needn't
change s.th. there. The sub takes $Self->{UserSyncLDAPMap} from
Config.pm and synchs the user from LDAP to DB if the user isn't found in
the latter, but LDAP AUTH is activated. For sure the user must exist in
the LDAP database. In fact, LDAP AUTH is nothing more than Synching an
LDAP entry to the DB and authenticating against this entry.
So, to conclude - switching of the Sync will take away the ability to
log on as a new user, yes. But every user that you want to log on has to
exist in the DB prior to switching of the capability.
The trigger can be found in index.pl, line 197 (v 1.66):
if ($CommonObject{UserObject}->SyncLDAP2Database(User => $User)) {
You may easily switch off Synching by setting $Self->{UserSyncLDAPMap} =
{}; Now only the LDAP users already existing in the DB _and_ LDAP can
log in, no new entries will be created.
This is not the recommended approach, though!
There must be a way that you distinguish the administrator of your
groups by a common property. Aren't their account types different? Isn't
it even possible to create a new posix-conform group in AD?
hth,
Robert Kehl
--
((otrs.de)) :: OTRS GmbH :: Norsk-Data-Str. 1 :: 61352 Bad Homburg
http://www.otrs.de/ :: Tel. +49 (0)6172 4832388
_______________________________________________
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support oder Consulting f�r Ihr OTRS System?
=> http://www.otrs.de/
