Enforce LDAP only login and registration

[viniciusferrao]

Hello, I'm running osTicket with the LDAP backend plugin for agents and clients. I've got a local administrator account for the "just in case" scenario when the LDAP server is down, and everyone else on the LDAP server.

I was playing with the Admin Panel on Settings -> Users, with the options: Registration Required and Registration Method to achieve what I would like to. But I was unable to do this.

At this moment I'm running with Registration Required enabled and Public Registration enabled. This is required to create users accounts that exists on LDAP server but not yet on osTicket. If I change from Public Registration to Private Registration, which disables the "Create a New Account" button on the user page I'm unable to login on osTicket even if the user exists on LDAP but not yet on osTicket.

So the only option is to leave Registration Required enabled and Public Registration enabled; but I get the "create new account" button which I don't care.

It would be a good change to be able to manage this within the plugin. For now I'm using an workarround, I removed the following line on include/client/login.inc.php:

[gormster]

+1. This seems like a no-brainer - I've got LDAP for login, and that's how my users are registered. No-one else can create an account and no-one else can log in.

[Chefkeks]

Since our setup is running for years now, I'm not 100% sure if that exactly was our issue back in the days too, but I think so. We solved it by combining the LDAP plugin with the HTTP Passthru Authentication plugin. So every AD user is being created thru SSO once he/she creates a ticket. Just make sure that every user has a phone number or change the phone number from required to optional under Admin Panel > Manage > Forms > Contact Information > Phone Number
Hope that is an option/workaround for you too as the one with removing code from the login.inc.php is not really update safe - unless you've a good documentation which reminds you to re-apply it ;)

[Richiricheh]

Since our setup is running for years now, I'm not 100% sure if that exactly was our issue back in the days too, but I think so. We solved it by combining the LDAP plugin with the HTTP Passthru Authentication plugin. So every AD user is being created thru SSO once he/she creates a ticket. Just make sure that every user has a phone number or change the phone number from required to optional under Admin Panel > Manage > Forms > Contact Information > Phone Number
Hope that is an option/workaround for you too as the one with removing code from the login.inc.php is not really update safe - unless you've a good documentation which reminds you to re-apply it ;)

Right but that means that you're also allowing Public Registration I have to agree with the OP here. Having the plugin manage the auth and how the auth functions is not a bad idea. This way the auth and plugins are defining how the ticketing tool is performing.