That’s a feature request that didn’t get much love.
Users are not allowed to edit their email addresses.
Mostly because the need seems to be rather low (You’re the first that caused the question to appear on my desk).
Please also think of this:
If I change my email address to one of your big customer one (evne if it doesn’t exist) and that customer is provided with a sharing organization I’d potentially gain access to those tickets. That’s something you don’t want to have.
OK… I get your point… and I can agree… at least partially. (As there are multitude of options HOW Zammad can be used)
If the user is “self registering” and entering a “fake/malicious” email address (which is then used for login) and the mail domain is used to automatically “attach” the user to a customer… I see the problem, Yes.
On the other hand (my situation) if all users are pulled from an (centralized, company wide) LDAP database which holds lot of (external, customer) user accounts from different organizations (but just basic user data, no emails) and the mail is not actually used for login (and the users obviously do not have ldap access)…
After some thinking… maybe a “compromise” solution? Allow agents (with sufficient privileged) to edit the user details on-the-fly when entering a ticket?
For example… entering a ticket received by phone, you select the actual user (from ldap sync) but his/hers mail is empty… and currently there is no way to edit the users email there. You have to switch to “settings/users” to edit/enter the email address - which is cumbersome and also a security problem… as there is no specific privilege to edit just some user fields through settings.
Anyway… as this seems to be a “only my problem” I’m willing to “fix/adapt” this myself… I already found some points in the source where various attributes are listed… but would like to kindly ask for some “directions” on where/how to do that… as email is not treated as an attribute (as far as I can see) but is something more deeply “linked”.
The same goes for multi ldap source sync… but that can be solved as an additional plugin and I think I’ll solve that too.
you surely did try to search for any customer and did try out the actions on the upper right?
Please help me to understand at which point the documentation miss leads and does confuse you (as per Admin Permissions — Zammad documentation look for admin.user)
First of all, I’m sorry for not reading the docs thoroughly enough (it’s indeed written there)…
I’t not so “obvious” on the UI but after RTFM and some clicking… SORRY, it seems the mail issue is “resolved”…
Regarding the rights… I checked, yes… but there is no specific option to select individual fields for edit rights assignment (at least I did not find them), anyway… as “edit customer” seems to work… it’s OK.
[quote=“mculibrk, post:3, topic:7750”]
I saw and played with the LDAP Sync options… no issues there.
The “problem” is the LDAP is not “user” nor “agent” editable and is basically used for authorizations to various services - so just “login” - and we (agents, customers) cannot edit it directly.
So we do not sync the email field (as it’s not relevant) and edit it only in Zammad (as it copies all users to local DB)
As we’re mentioning LDAP… do you know if the bitfield search is somehow supported in Zammad?
I tried various syntax but the LDAP module insists it’s “invalid syntax” (to avoid syncing disabled users) - but I should probably post a new topic for this.
Again I’m sorry for wasting your (and others) time by not thoroughly read the DOCs
I’was “confused” and did not “find” the user-edit mail because… I was looking for that option during the ticket creation.
A customer calls, I open a ticket on his/hers behalf (user is pulled from ldap, all ok, but there is no email yet) - at this time there is no option to edit the customers email
As the customer should get the email after I “confirm” the ticket - but as the user info cannot be edited, the mail is not sent - so the user newer get’s the “notification mail” for the new ticket.
After creating the ticket yes, i can edit the user details (email, which I did not found earlier because really I did not even look as the ticket is already created and the mail “sent”) and edit/change the email address… but the user will not get his/hers “ticket opening mail”
I’m afraid that won’t work as you’d expect.
Zammad removes the email address as soon as it’s synching again. So in my opinion that’s not what you want. If your customers are not living inside your LDAP then this won’t be an issue. Zammad only does reset attributes of users that are originating from LDAP.
In the meantime… I found how to “solve” the email issue I had. It takes some clicking but at least it can be done.
I disabled syncing the email attribute from LDAP as it’s useless anyway.
So it’s possible to actually manually edit the email address of the user (in the Zammad DB) by editing the user “in-place” during ticket creation. It takes a few extra clicks… but it works.
Yes… that’s the official “explanation/instructions” for searching on object bit field attributes.
This part is still itching me… the thing is I cannot use “group membership” as I would like to act on “user account status” - primarily disabledAccount flag. Disabled accounts are not held in a separate group, at least not automatically.
M$ ADS allows to search for bitfields by the syntax explained in the link - but did not find a way to enter such a “construct” in Zammad. All the variants I tried resulted in “invalid syntax” reported by Zammad.
Now, that I’m thinking about it again… maybe it could be achieved by using “dynamic ad queries”… you create an “leaf/OU” in AD which will is effectively just a ldap query, so the objects listed should be the result of the query…
I have to try this… it could work.