Rory wrote:
2009/8/5 Mauricio Tavares <[email protected]>:
So, otrs is only using ldap to check the passwords? Is the
access/ownership info (i.e. who belongs to which group and can do what kind
of harm) stored in the local DB then? I guess it has to since the
documentation states otrs only does read only access to ldap.
Effectively yes, its just checking the passwords.
I'm not too sure about groups, I havn't gone so far as to mess with
that yet but I have seen some config entries that relate to groups. I
think you can pull a users group info from ldap but you cannot make
changes to the ldap groups from otrs.
I have no problems if otrs cannot edit ldap. What I would like is to be
able to define which group someone belongs to in ldap and then otrs will
see the groups memberships and then grant the said user rights according
to the memberships.
I don't think otrs is as strict when it comes to using the DB or ldap
for groups tho.
Hope so.
After reading it, I began to wonder if it meant that once it gathers
the data it will use the local DB entirely instead of ldap. If that is the
case, wouldn't it mean that it should be able to lookup user info on both
local db and ldap at the same time?
This line from the doc makes me believe its still checking the ldap
directory to authenticate even tho it has all the details in the DB;
"Allthough the data can be synched into the local OTRS database the
LDAP directory is the last instance for the authentification, so a
inactive user in the LDAP tree can't authenticate to OTRS even when
the account data are allready stored in the OTRS database."
So as I understand it, the sync will pull user details from ldap if a
user tries to login who is not in the local db but is in the ldap
directory. Once it has sync'd to the local db it will then verify only
the users password against the ldap directory and not the entire user
data, so less ldap queries.
Well, what I have found so far (I might be wrong) is that the user has
to be in the local db; the password can be kept in ldap but you have to
create an user in otrs. What I did was after setting ldap up, I tried to
login as one of the users from the ldap group (cn=users) I gave otrs as
the GroupDN. It cheerfully ignored that user. THen I created an user
with the same username inside otrs but did not give a password. I was
able to login as the said user.
My ideas on this are all open to questioning tho as I don't know this for fact.
Do you think I do? =) I am still figuring this program out.
Rory
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/
