Authentication and authorization are two different things (one is "can you access this system", the other is "what are you allowed to do"). I agree that on first authentication, OTRS should create a stub record in the database for the authorized entity, but I actually think the "no privileges until explicitly assigned" is a good thing in that you don't accidentally disclose things that that customer has no business seeing.
I think the compromise approach would be to use the authorization exit to check whether the customer is in the database and then add a default entry from a site-assigned template (queue access, permissions, etc). From: otrs-boun...@otrs.org [mailto:otrs-boun...@otrs.org] On Behalf Of Marty Hillman Sent: Tuesday, March 19, 2013 4:06 PM To: User questions and discussions about OTRS. Subject: Re: [otrs] "Authentication succeeded, but no customer record is found in the customer backend. Please contact your administrator." Come to think of it, if it does not add the customers to the database, the feature is pretty worthless. Why validate against LDAP/AD at all for customers if everything has to exist in the database? That would just be adding useless complexity.
--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs