Menu
▾
▴
[Mantisbt-dev] Contribution: Additional docs for use with LDAP
|
From: Jan-Piet M. <jp...@re...> - 2004-04-10 15:30:59
|
I feel that this is missing from the documentation. Can you confirm this to be true? Authorization of users who wish to access Mantis occurrs primarily via the data in the mantis_user_table table of MySQL. All users who access Mantis must be therein. When LDAP Authentication is enabled in config_inc.php by setting $g_login_method = LDAP, that only means that the credentials of the user are checked in the LDAP directory. The user must have previously been created using the tools that Mantis offers (manage users), whereby the password specified there is ignored and checked against the LDAP directory. if $g_use_ldap_email is set, the email address is taken from the directory. As soon as LDAP is enabled, all passwords, also that of the administrator accounts are authenticated against the LDAP directory. $g_ldap_organization (which ought to be named $g_ldap_filter) can be used as an additional filter. For example, my users have service= attribute which contains a world for each type of service they are allowed to use, be it FTP, Internet, etc. I've come up with a service type called `mantis' which enables me to enable users to use the Mantis system, if their LDAP entry has an attribute type service with a value of `mantis'. To enable that, I set $g_ldap_organization = "(service=mantis)" Another possibility would be to check user's email addresses such as "(mail=*@example.com)" to restrict usage of Mantis to only employees. Kind regards, -JP |