From: Jan-Piet Mens <jpm@re...> - 2004-04-10 15:30:59
I feel that this is missing from the documentation. Can you confirm this
to be true?
Authorization of users who wish to access Mantis occurrs primarily
via the data in the mantis_user_table table of MySQL. All users who
access Mantis must be therein. When LDAP Authentication is enabled in
config_inc.php by setting $g_login_method = LDAP, that only means that
the credentials of the user are checked in the LDAP directory. The user
must have previously been created using the tools that Mantis offers
(manage users), whereby the password specified there is ignored and
checked against the LDAP directory. if $g_use_ldap_email is set, the
email address is taken from the directory. As soon as LDAP is enabled,
all passwords, also that of the administrator accounts are authenticated
against the LDAP directory.
$g_ldap_organization (which ought to be named $g_ldap_filter) can be used
as an additional filter. For example, my users have service= attribute
which contains a world for each type of service they are allowed to use,
be it FTP, Internet, etc. I've come up with a service type called `mantis'
which enables me to enable users to use the Mantis system, if their
LDAP entry has an attribute type service with a value of `mantis'. To
enable that, I set $g_ldap_organization = "(service=mantis)"
Another possibility would be to check user's email addresses such as
"(firstname.lastname@example.org)" to restrict usage of Mantis to only employees.