0022567: Signup of new user - MantisBT - Signup temporarily disabled due to spam

ID	Project	Category	View Status	Date Submitted	Last Update

0022567	mantisbt	authentication	public	2017-03-22 10:57	2017-04-01 00:13

Reporter	Falmer	Assigned To	dregad
Priority	normal	Severity	major	Reproducibility	have not tried
Status	closed	Resolution	no change required
Product Version	2.2.1

Summary	0022567: Signup of new user
Description	Hello, I have set the config option $g_allow_signup = OFF; but new users, that are authenticated against our LDAP-server get a new reporter account. As I understand these option, the new account should not be created. Regards Falmer
Tags	No tags attached.

dregad 2017-03-23 05:22 developer ~0056172	This works as designed. LDAP authentication uses an "auto create" mechanism following a successful login, because Mantis requires that a user account exists. It is up to you to define the LDAP query in such a way, that only users authorized to login to Mantis are authenticated. You then need to manually set the user's access level as appropriate in the management page. We currently do not have a mechanism to automatically authorizations, e.g. based on an LDAP group. The _allowsignup option disables the possibility to sign up manually from the login page, or to change the password, making sure that the LDAP directory is the single source for authentication. Hope this clarifies.