osTicket Version: v1.12.2 (a5d898b) — Up to date
Web Server Software: Microsoft-IIS/8.5
MySQL Version: 5.5.45
PHP Version: 7.3.8

I have a working version of osTicket with the LDAP and HTTP Passthru plugins communicating with my active directory server. When a user comes to create a ticket, I'd like to restrict them to login first using their ldap username and password. I've changed the Settings->Users->Registration Required to true, and tried all registration methods available to me.

  • "Disabled" does not let users create tickets. They can simply view existing tickets.
  • "Private" prompts a user to login, but even with the proper LDAP credentials, the user is told "Access Denied. Contact your helpdesk administrator to have an account registered for you"
  • "Public" does most of what I want. It allows a new user to login with their LDAP creds. However, it also has a "Not Yet Registered? Create an account" link that will allow a non LDAP account to be created and used.

Is there a way to restrict accounts to LDAP only? Can I remove the ability for people to create an account from the sign in page (or any other location)?

    Alternatively, can I use wildcards in the Settings -> System -> ACL field to whitelist 192.168.1.* for internal users accessing the client portal?

      liquidate "Private" prompts a user to login, but even with the proper LDAP credentials, the user is told "Access Denied. Contact your helpdesk administrator to have an account registered for you"

      This is because they do not have an account in osTicket. You will need to import them or use the [paid] adSync plugin (from software-mods) to create users. [Note this is what we do where I work.]

      liquidate Alternatively, can I use wildcards in the Settings -> System -> ACL field to whitelist 192.168.1.* for internal users accessing the client portal?

      There is no mention in the help for that about using wildcards. I would presume that you cannot.

          Thanks @ntozier, I saw the adSync plugin after I posted. I purchased yesterday, but noticed that you said the developer was on vacation. Any chance I may be able to get access to this before he returns?

          Thank you. I tried creating an account at software-mods but it hasn't sent me the email verification so the account is frozen. I've checked both inbox and spam folders.

          My email is in the first reply on this thread if you want to toss that info to me that way. 🙂

          I looked at the Locked (Pending Activation) accounts in his instance and I do not see any recent ones.

          Write a Reply...