Closed radasys closed 1 year ago
coudot
commented
1 year ago Hello, the admin name is read from an HTTP header: https://service-desk.readthedocs.io/en/stable/audit.html#admin-name
If you use LDAP auth module in Apache, you can easily add a header based on an LDAP attribute (set with AUTHENTICATE_ prefix) or REMOTE_USER:
RequestHeader always set Auth-User %{REMOTE_USER}See also https://httpd.apache.org/docs/2.4/en/mod/mod_authnz_ldap.html#authldapurl
coudot
commented
1 year ago Hello @radasys is it working for you?
radasys
commented
1 year ago Hi @coudot!
I have just made it work slightly changing the directive to:
RequestHeader set Auth-User expr=%{REMOTE_USER}
Using RequestHeader always set Auth-User %{REMOTE_USER} gave me syntax errors in Apache2 configuration, even if I removed the "always" part.
I'm using Apache/2.4.52 in Ubuntu 22.04.2.
Thank you for your assistance and support!
Hi!
I'm testing Service Desk 0.5, you made a wonderful job! Thank you!
I have set up LDAP authentication in Apache configuration and enabled the Audit function. Although I can perform password reset and lock/unlock accounts, I have noticed that the logged message in /var/log/service-desk/audit.log does not include the username who made the change. It's logged as "anonymous":
{"date":"Wed, 26 Apr 2023 09:50:03","user_dn":"uid=user,ou=Users,dc=example,dc=com","done_by":"anonymous","action":"resetpassword","result":"passwordchanged"}Thank you for your support!