Multiple match for helpdesk profile

[Johan Thomas]

Hi

thanks again for this great software, it really help us !

We are using PWM in school's.

We permit teachers to change student's password (but only for the school)

We have some teachers which are on multiple schools and so they match multiple profile in the helpdesk module.

PWM only match the first one, is there a way to achieve this kind of use case ?

We cannot modify our AD backend so helpdesk profile match a specific group member ldap filter for each school.

Thanks in advance

Johan

[Johan Thomas]

Hi

any news or workaround for this use case ?

Thanks !

[Jason Rivard]

This feature is unlikely, but you could use more sophisticated ldap filters to capture as many groups per profile as you like.

[Johan Thomas]

Thanks for your response @Jason !

unfortunately this is not possible for the helpdesk module (or i dont know how to)

We match groups but we have to specify also the context for the user

Example: 

teacher is in 2 schools (we have 60 schools), we have to only print the students from these 2 schools and not the others

In other words we have to set 60 profiles (one per school) but how to have someone get multiple schools ? or maybe have a list to select the context ?

Maybe someone has another solution for this ? 

[Johan Thomas]

Nobody have this use case ? for schools, colleges, university ?

Thanks again

[Marco Neves]

I´m using it for 3 universities.

I did 3 profiles, one for each school and let user choose profile only... that way he enters things only for that university.

Ldap searches are also defined by profiles. Specific OU´s to contain what they can change.

[Johan Thomas]

Thanks @Marco for your response

Really interesting, but i missed something... I also do 1 profile for each school but how can user choose the profile ??

Thanks again

[Rob Wolfcon]

Hello Johan,

this is simple. Configuratin Editor / LDAP / LDAP Settings / Global / User Selectable LDAP Context/Profile you can choose

Do not show - the LDAP profiles and contexts will not be shown (then the result depends on LDAP Duplicate Mode)

Show the ldap profile

Show the ldap profile and ldap contexts

If you choose show the ldap profile (and ldap context), then they will be shown on login page together with username and password fields (context will be show only if you have defined any on Login Setup page in profile)

I have other question. Can PWM be somehow configured to work with duplicated accounts as one? We have three different LDAP user DBs, LDAP, old AD, new AD, and our users are on all three DBs and we want to configure PWM to allow user login and change the password on all three LDAPs at once. Some external users are only on LDAP and new AD, but not on old AD. If this user would change his password, it should change it only on LDAP and new DB and should not fail for old AD. Is this possible or can PWM work only with one account from one profile at a time?

Thank you.

Regards,

Robert.