Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion

osTicket v1.10 (stable) and Maintenance Release v1.9.15 are now available! Go get it now

Change of password for client when using LDAP auth

Hi,
we are using osTicket where our clients are log in using LDAP auth (osTicket 1.10, LDAP auth 0.6.3, Fedora 25, OpenLDAP 2.4.44).

Everything works, except one little thing. User can't change their password. osTicket doesn't give any error when I try to change password as a client. My guess would be something is not set on OpenLDAP server, but I'm not sure what is it.

Anybody run into same issue? Any advice, please?

Thanks.

Regards,
Richard Bukovansky
Tagged:

Comments

  • osTicket is happy to let you authenticate against LDAP/AD/etc.  However it does not and will not push back to the server on password changes.  The devs view that as a potential security risk.  Changing the password in osTicket only changes the local account password. (which is used if the LDAP/AD connection is down for some reason if the person is set to any authentication back end).
  • I was under the impression that when you use LDAP it's just syncing the data from your domain environment so it has the details hashed on the third parties db. But when making a password change, it's done via within the domain environment, so usually from the users Desktop. I may be missing something or completely off, but that's what I thought.
  • You are correct @Synt4xError
  • edited March 9
    Well, it can be risk, but not in my case.

    1) I do have separate LDAP server (OpenLDAP) just for clients, because I would like to share their login information between osTicket and 2 other sites (Grav CMS sites with LDAP login), so clients then don't need to have 3 separate accounts. But if they change their password and it's not propagated to LDAP server, then I'm screwed.

    2) It's not feasible to provide any remote desktop or access to LDAP management, so that our clients could change their password in LDAP. We are providing them just with osTicket interface.

    So for me it would be much better if saving of password to LDAP additionally to saving password to osTicket DB was an option.
Sign In or Register to comment.