Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

LDAP - User Password #1169

Open
maysv opened this issue Jun 7, 2017 · 8 comments

Comments

Projects
None yet
4 participants
@maysv
Copy link

commented Jun 7, 2017

I have successfully set up the LDAP connection. Everything works fine - great job! 馃槃

Why is there the function "Password", if actually the passwords are administered via the LDAP connection?
The user shouldn't be able to change his password via the zammad site. Is it possible to hide "Password" when the connection is set up with LDAP ?

Thanks!

@thorsteneckel

This comment has been minimized.

Copy link
Collaborator

commented Jun 7, 2017

Hi @maysv!

Currently Zammad checks multiple authentication backends including the local DB and LDAP if configured. The first check is the local DB so if the user changes or sets a local password it will work. If the entered password is wrong the LDAP will get checked, too.

If I get you right you wan't to disable the possibility to set a local PW in Zammad completely for LDAP users?

PS: Nice avatar 馃槑

@maysv

This comment has been minimized.

Copy link
Author

commented Jun 7, 2017

Hi @thorsteneckel!
Thanks for your response. Yes, is it possible to disable this?

PS: Nice avatar too 馃槅 馃槑

@thorsteneckel

This comment has been minimized.

Copy link
Collaborator

commented Jun 7, 2017

Sadly it's not. If the request for this feature is high enough we will implement it. This issue will be the place for requests and discussions. However we are always happy to receive pull requests 馃殌

@maysv

This comment has been minimized.

Copy link
Author

commented Jun 7, 2017

Oh ok - thats why I'm on github 馃槃 to create requests 馃殌
We have already test some ticketsystems,
but none of them are looking that good as zammad 馃槑 - I like it 馃憤

I hope that even more useful plugins come.

@thorsteneckel

This comment has been minimized.

Copy link
Collaborator

commented Jun 7, 2017

Oh I promise there will be 馃帰

@jacotec

This comment has been minimized.

Copy link

commented Jun 9, 2017

+1 for disabling the local password when a user is synced via LDAP! :-)

But: If a user drops out of the LDAP database there should be a "way back" to local auth. I.e. I'm using Zammad for a sports club - the trainers etc. are agents and maintained via LDAP, because they can write articles on the website, have access to a cloud service and Zammad. But if a guy drops the job he returns to a normal member and is not in LDAP anymore, so in this scenario he'll drop back to a customer in Zammad and should be able to use the local auth again.

@martinseener

This comment has been minimized.

Copy link

commented Oct 26, 2018

Hey. We would also like to have the option to disable password changes completely. For now we use a hacky workaround which disables the 3 password fields in the profile via CSS (not really disabled when someone knows how to reenable them, but good enough for us):

Create /opt/zammad/app/assets/stylesheets/custom/passwddisable.css with content .password_item {display:none;}.
Then run zammad run rake assets:precompile restart zammad, and the fields should be "gone".

Not a nice workaround though, but it helps until a real disable function is implemented.

@jacotec

This comment has been minimized.

Copy link

commented Oct 26, 2018

A fat +1 from my side!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can鈥檛 perform that action at this time.