This project has moved. For the latest updates, please go here.

TicketDesk doesn't allow group Domain Users on submitter group to create a ticket

Jul 9, 2012 at 1:28 AM
Edited Jul 9, 2012 at 1:35 AM

I have installed TicketDesk 2.0.1 on a server with active directory. All groups are properly set. I set all my Domain Users to be submitter group.

When a user created a ticket, This error occurred:

Ticket creation was unsuccessful. Please correct the errors and try again.
  • User is not authorized to create a ticket

How to set all user on domain active directory authorize to create a ticket?

All answer will be appreciated.

Coordinator
Jul 9, 2012 at 7:19 AM

The web server does NOT need to be an AD controller. I recommend that you do NOT make the web server an AD controller since that opens your AD up to all kinds of security vulnerabilities. The web server just needs to be a member of the domain. 

First of all, make sure you replace the web.config file contents with the contents of the ADWeb.config file (in the root). You can rename the file, or copy/paste the contents.

In the appSettings section of the config, there are six setting values that you need to change to match those of your domain:

ActiveDirectoryDomain
ActiveDirectoryUser
ActiveDirectoryUserPassword

These three keys are used by TicketDesk to read information from AD such as the users' full name and email address. The user you supply here must be valid on the domain, and should have sufficient permissions to read from AD. 

TicketSubmittersRoleName
HelpDeskStaffRoleName
AdministrativeRoleName

The next three keys are used to map AD groups to the three fixed roles within TicketDesk. These should include the domain and the group name separated by a backslash. For these, I recommend that you do NOT use one of the built-in AD groups such as Domain Users or Domain Admins. The two main reasons not to use built-in groups is that

1) built-in groups will contain a lot of users that are not real people (service accounts and similar) which will clutter up drop down lists and such.

2) built-in groups contain a lot of other groups, and TicketDesk has to crawl around through all those groups all the time. AD operations are slow and expensive, and performance when crawling large trees of groups is horrid.

Instead, I highly recommend creating AD groups for ticketdesk, and including in those groups only real user accounts that belong to humans. If you use group nesting, keep the tree as simple and flat as possible.