The access type is not assigned (it is set to null) when a new contact is generated from Active Directory LDAP with the "ldap_enable_groups" option turned on.
This occurs when the situation is as follows:
- The LDAP user joins the 'Domain Users' group in Active Directory.
- The LDAP Access Group field for the access type is set to 'Domain Users' on the Access Type Detail form (see Figure 1).
Figure 1. Access Type Detail
- A user who is defined to LDAP, but who is not defined to Service Desk Manager, logs in. For example, Figure 2 shows a situation in which the contacts named 'LDAP01' does not exist in the Contact List in Service Desk Manager.
Figure 2. 'LDAP01' and 'LDAP02' don't exist.
- The user is created automatically as new. The log in attempt to Service Desk by the generated user now succeeds as shown in Figure 3. Note that the contact, in this example, has an out-of-the-box Access Type of Vendor Staff for which the only role is Vendor Analyst which only has a single tab as shown so it is displayed as shown.
Figure 3. Logging into Service Desk Manager by the generated contact, LDAP01, succeeds.
- Login to Service Desk Manager as an Administrator user.
- Review the contact detail of the generated contact.
- You will see the null value in the Access Type field as Figure 4.
Figure 4. Generated contact's Access Type is empty.
However, when the LDAP user joins a specific group, other than 'Domain Users', and the LDAP group specifies it, the assignment works without any problems.
This behavior is by design.
Service Desk Manager assumes that the contact that generated by 'LDAP Access Group = Domain Users group' does not have any privileges on the system. Hence, the contact that is generated by linking the "Domain Users" group in Active Directory to an Access Type in Service Desk Manager does not provide anything.
You can see the same behavior when you generate a new contact on the GUI. When you create a new contact, the null value is in the access type field. However, when the contact logs in to Service Desk Manager, the screen that is displayed is the one that corresponds to the access type of the Domain Users group.
In both of these situations, you can set a specific access type on the contact detail and save it. After that, the access type that is set is displayed on the contact detail screen.