Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion

osTicket v1.10 (stable) and Maintenance Release v1.9.15 are now available! Go get it now

LDAP/AD: Automatic Registration of Clients/Users on Login

For setups that use an LDAP/AD backend, it would be helpful if clients/users were automatically registered in osTicket upon successful login as opposed to requiring them to be imported in manually before access to osTicket is possible.
In our use-case, anyone under the configured Search Base is allowed to access osTicket to the exclusion of all others (eg: guests). I would imagine there are others on here with the same use-case.

Comments

  • After some sifting through the code, I found my problem. client_registration has to be set to public for the auto-registration functionality to work but that opens up guest registration access. I also saw reference to an "auto" mode but it's not used except for the isClientRegistrationEnabled() check. To add more detail to this request:
    • Expose "auto" as Registration Method ('client_registration') in End User Authentication Settings in Admin Panel interface.
    • Replace isClientRegistrationEnabled() checks in the following files with a new check that excludes "auto" registration method mode.
      • account.php
      • include/client/login.inc.php
      • include/client/view.inc.php
      • include/client/accesslink.inc.php
  • Just as a side note:

    We use LDAP auth in combination with the HTTP Passthru auth to achieve SSO - there it works like a charm to auto-register end users when the login the first time.
  • edited March 2015
    We do have SSO configured and working (except for Staff/Agents/SCP, we could never get that to work) but it only works for users who are already registered in osTicket (at least under private/closed mode). Also, most of our end-users will be accessing the osTicket from systems which are not configured for such authentication.
  • Made the changes myself based on 1.9.6.
    I've just uploaded the changed files to this reply, feel free to make your own diffs or do whatever.
    • include/staff/settings-access.inc.php
      • Added "auto" to 'client_registration' options.
    • include/client/accesslink.inc.php
      • Changed isClientRegistrationEnabled() check to getClientRegistrationMode() === 'public'
    • include/client/login.inc.php
      • Changed isClientRegistrationEnabled() check to getClientRegistrationMode() === 'public'
    • include/client/view.inc.php
      • Changed isClientRegistrationEnabled() check to getClientRegistrationMode() === 'public'
    • account.php
      • Changed isClientRegistrationEnabled() check to getClientRegistrationMode() === 'public'

    I haven't modified the help tip for access settings given I've been presumptuous already but the auto mode should work the same as private/closed except public/guest registration of accounts is disabled.

    I did try to test other use-cases but all I know is this currently works for us, use at your own risk etc. because this code has security implications for user registration. This is basically a small hack.

    osTicket-1.9.6_autoclientregmode.zip
    10K
  • @staj thanks for this. This seems not working anymore in 1.9.12 -- can you help  on the modification for 1.9.12 ? Thanks in advance.
  • edited February 2016
    Hi,
    I'll try to do this within the next week or so, time permitting.

    Could I direct your attention to the following GitHub issues though? Sick of applying these hacks:
  • I made a LDAP plugin to deal with multiple domains and as an added bonus it creates users automatically but only works in 1.10 never tested in in 1.9 version.
    https://github.com/philbertphotos/osticket-ldap-auth
  • Hi,
    For anyone still looking at this thread, please go to IIS, SSO and normal-login, no Public Registration with Automatic User Creation on Login instead for updates.
Sign In or Register to comment.