Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion

osTicket v1.10 (stable) and Maintenance Release v1.9.15 are now available! Go get it now

[resolved] Difference between Client & Staff Authentication in LDAP Authentication and Lookup

Please let me know different between Client and Staff authentication in LDAP. I'm using osTicket (v1.9.5.1)


Thanks,
Mohan K.

Comments

  • Clients are clients.  Staff are Agents.
    I have no idea what your trying to actually ask.
  • As per your explanation; 

    1. Client (end users) should be able to open new tickets.
    2. Staff – should be able to close, assign or re-assign and open new tickets. In OS ticket called “Agents” – “Root Admin = (Staff = Agent)

    1.      Other admins of to be created as “Agent” because root admin is only have access to “Admin Panel” and configuration of OSTickets, Is right?

    2.      How could disable “Account Registration” form for clients, who are authenticate with AD or LDAP and able open new ticket without prompting below window?


  • edited January 2015
    I do not see any image attached, try to re-upload it please.

    Regarding Agents and Admins you are correct.
    Agents have access to the agent panel to close, assign etc. tickets, Admins have access to the admin panel to configure osTicket help topics, filters, forms, etc. AND also to the agent panel to work on tickets for their department - but you can also split that, so that the admins are not seeing any tickets (use the group permissions therefore).

    When you have only AD / LDAP end users, you can e.g. export them from your AD/LDAP and import them into osTicket via CSV import. Since when you disable the account registration no client will be able to register and they would then already need an account to sign in, so you need to import them first.

    Another possibility is to leave everything open and use the http-passthru auth plugin in addition to the ldap auth plugin to sign in users. We use it that way and simply created some redirect rules, so they are automatically signed in and not asked for any username, password etc. or so. For this (little tricky) method, see the following discussion: http://osticket.com/forum/discussion/79083/http-passthru#latest
  • Thanks for the advice, could you please explain me how to export from AD in CSV format (Win Server 2008) and import them into OSTICKET by step by guide.
    Thanks,
    Mohan K.
  • 1. Google how to export users from AD in CSV, follow instructions.
      https://www.google.com/#q=how+to+export+users+from+active+directory

    2. Log into osTicket as an admin.
      A. Click on Users tab.
      B. Click on Import.
      C. Click upload
        a. confirm that your CSV has the expected format. (hint its on the screen)
        b. if it isn't, edit it to make it match the expected format.
      D. Click Choose File.
      E. Click on the file.  Click Open.
      F.  Click Import Users.
  • I've created "CSV" file for "Sameera Nanayakkara" (AD User) & uploaded to OSTickets successfully then logged the user into portal first time (OST) by using username / password which associate with "Sameera Nanayakkara" in Active Directory. Again user prompted to "User Registration Form".
    1. Is it possible to bypass registration form for AD users, when they are log into very first time into user portal?
    2. Are there specific fields to be added to CSV file, which link with AD? (I've attached my sample file herewith)
    Thanks,
    Mohan K.
      
    Upload file to OSTicket.txt
    80B
  • Regarding 1.
    Register them right after the import.

    Regarding 2.
    No, not yet. Only the name and the phone number.

    I know I repeat myself, but another possibility is the use of the http auth plugin in addition to the ldap plugin:
    Another possibility is to leave everything open and use the http-passthru auth plugin in addition to the ldap auth plugin to sign in users. We use it that way and simply created some redirect rules, so they are automatically signed in and not asked for any username, password etc. or so. For this (little tricky) method, see the following discussion: http://osticket.com/forum/discussion/79083/http-passthru#latest
  • Hi, I've already enabled http-passthru but I'm struggling in configure my apache  web server (XAMPP). Could you please explain step by step in detail?

    My Configuration as follows.
    1. Windows 7 Professional
    2. OSTickets: v1.9.5.1 (1faad22)
    3. Apache/2.4.10 (Win32) 
    4. OpenSSL/1.0.1i 
    5. PHP/5.5.19
    6. MySQL Version - 5.6.21
    Thanks,
    Mohan K.
     
  • Struggled with that a bit too. I used the following guide to get Apache SSO working on my webserver (Linux / openSuse, not Xampp) and worked like a charm:

    http://blog.stefan-macke.com/2011/04/19/single-sign-on-with-kerberos-using-debian-and-windows-server-2008-r2/

    Before I had tried some other guides, but that one worked best and also has a section what errors can happen and how to fix them ;)

    Since you are using xampp I am not sure if the how-to above will be suitable for you, but in case not, easily use your favorite search engine to find a suitable guide / how-to that's with xampp.
  • Anybody aware to configure web server (XAMPP) for http-passthru with AD (Windows Server 2008).

    My Configuration as follows.
    1. Windows 7 Professional
    2. OSTickets: v1.9.5.1 (1faad22)
    3. Apache/2.4.10 (Win32) 
    4. OpenSSL/1.0.1i 
    5. PHP/5.5.19
    6. MySQL Version - 5.6.21
  • I've already import some users to ostickets from AD and I've registered them manually(one by one). Below user's (attachment) user name required to insert manually otherwise It will not authenticate with AD. 

    Is there any way to put it (hg100104) automatically?

    Thanks,
    Mohan K.
    AD User.jpg
    584 x 313 - 43K
  • Hi Everyone,

    My team found  alternate way to bypass the user registration from, that is:
    1. Make sure that AD / LDAP authentication working properly between your AD & OSTicket
    2. Import users into OST.
    3. Agent Panel > Users > Select the user which you want register > Click on to "Register" button.
    4. On registration page
      1. Authentication Sources: Active Directory or LDAP
      2. Click on to "Create account" button & close it.
    5. Go to "Manage Account" > Manage Access tab.
    6. Put Username: which using with active directory
    7. Tick "User Cannot Change Password"
    8. Finally make sure Admin Panel > Settings > Access
      1. Tick Registration Required:
      2. Registration Method: Privet - Only agents can register users.
    Thanks,
    Mohan K.


  • Great you found a solution yourself and thank you also for sharing here with us!

    Should I close this thread and mark it as resolved?
This discussion has been closed.