Enable Self Registration with LDAP backend DB

[taylorfarm]

So here is what I am attempting to do. I want to have my customers self register which will create them an account in my LDAP AD back end. I realize I will be writting some code to get this to work but for the life of me I cannot find where the function is that removes the self registration link when backend database authentication is turned on.

Does someone have that information? Do you know how to turn it on with LDAP backend?

Thanks in advance for your help.

[crythias]

ldap is read only and so, no.
Self register with multiple back ends, one being the OTRS db, great.

[taylorfarm]

but adding a perl script that is not read only and has the rights to add ad accounts is pretty easy. just call the script when the create button is clicked. Really just need to have the registration page show up. I might just add a link to the login page myself manually. Not sure why it takes away the registration.

[crythias]

Most people assume that ldap is not for random person to add themselves a login account for (potentially) someone's domain.

That's why it's read-only. In a corporate environment, every new user added should be approved with documentation. Random spammers on a website shouldn't be able to add themselves a nice account on your domain. And if it's internal only, there isn't any reason for one to self-register.

The database backend only allows access to OTRS, so why not?

[taylorfarm]

I have a way to stop random users from creating accounts on AD. I obviously don't want the public from doing anything in AD or anywhere else. But using a pre-agreed upon customerID and possibly a second field that would be known to the company but not to the public, make those fields required and have them verified before creating an account then you could limit the ability for public people to add accounts to backend database. The thing at this point that is limiting me from making this work is the fact that the registration link disappears.

Limiting the public for any database (even local) should be the goal of everyone. LDAP is no different.

That being said is there a way to turn off the removing of the registration link from the customer.pl site when LDAP comes into play?

[crythias]

But using a pre-agreed upon customerID and possibly a second field that would be known to the company but not to the public, make those fields required and have them verified before creating an account then you could limit the ability for public people to add accounts to backend database

At which point why isn't the customer already in AD?

Limiting the public for any database (even local) should be the goal of everyone. LDAP is no different.

It's extremely different. A standalone database is not your active directory. If someone vandalizes the database, the scope is limited to the app. If someone could *possibly* exceed the limitations of LDAP filtering of input, you lose control over your domain.

That being said is there a way to turn off the removing of the registration link from the customer.pl site when LDAP comes into play?

It shouldn't appear when ldap is the only backend in play. See Kernel/Output/HTML/Layout.pm

Code: Select all

    if (
        $Self->{ConfigObject}->Get('CustomerPanelCreateAccount') #Enable/disable in SysConfig or Config.pm
        && $Self->{ConfigObject}->Get('Customer::AuthModule') eq
        'Kernel::System::CustomerAuth::DB' #there's a database auth module.
        )