Does any one know if this is possible
Eg our agents will use LDAP logon and the customers will be using local password
I know that this will work by default as the local password will override the LDAP pass
But our engineering team does have a concern which is valid if someone tries to logon and uses one of our agent username and trys to many times then our backed auth based on LDAP will lock that agent out from doping anything not just in Zammand
If there was two different URL for logon eg one for Agent and one for Public then we could restrict access to the agent logon ( where the agent logon only uses the LDAP auth ) and the public logon only uses the local auth
Or something like that
I guess this is more of a feature request
If LDAP is activated, during the login phase Zammad will always try to verify the users credentials in the following order:
LDAP server(s)
Local database
You cannot restrict or adjust this.
Technically, even on LDAP accounts, local passwords can additionally work to the LDAP authentication. This is usually not really desired, but useful for admin accounts in case e.g. LDAP doesn’t work for whatever reason and you need to fix it in the UI.
The login page is the same for every user. Zammad does not differentiate users during the login phase. If you’re successfully authenticated you’ll then see what you’re allowed to see and use.