[LON-CAPA-admin] ldap authentication

Lars Jensen ljensen at mail.tmcc.edu
Fri Aug 7 14:20:39 EDT 2009 

Hi Stuart,

On Fri, Jul 24, 2009 at 12:32 PM, Stuart Raeburn<raeburn at msu.edu> wrote:
> Lars,
>
> Yes, user authentication via LDAP is possible.
> /home/httpd/lib/perl/localauth.pm can be customized to authenticate against
> your campus LDAP service.
>
> There's an example in the Domain Coordination Manual (e.g.,
> http://msu.loncapa.org/adm/help/domain.manual.pdf) -- see section 4.1
> "Institutional Authentication" on page 14.

(1) Do I put my changes in this section of /home/httpd/lib/perl/localauth.pm?

# ----START LOCAL CHANGES HERE ----- DON'T DELETE THIS LINE
sub localauth {
    my ($username,$password,$optional_argument,$domain) = @_;
    return 0;
}
# ----END LOCAL CHANGES HERE ----- DON'T DELETE THIS LINE

(2) Do I replace the following lines above,

sub localauth {
    my ($username,$password,$optional_argument,$domain) = @_;
    return 0;
}

with the code on page 15-16 in the Domain Coordinator manual?

(3) After having done (1) and (2) with proper configuration for out
site, will I still be able to login as usual (internally
authenticated)? (At TMCC, only the students are in ldap.) If a
username in the ldap container matches an already existing loncapa
instructor username, the ldap user obviously can't login. But is there
a way of changing the instructor username of the lon-capa user.
(Changing it to upper case would work because all student accounts are
lower case.)

Thanks,
Lars.

>
> Once you have localauth.pm configured and working you can switch existing
> users to use LDAP by modifying the authentication type for them to
> "localauth" (they are probably currently set to internal").  One way to do
> this is to become the Domain Coordinator and proceed as follows:
>
> A. Go to Main Menu
>
> B. Clck on "Create users or modify the roles and privileges of users"
>
> C. Click on  "Upload a File of Users"
>
> upload a file containing usernames of users for whom the authentication
> mechanism is to be changed.
>
>
> D. On the next page, identify the username field, and in the "Login Type
> section:
>
>  1. Change authentication for existing users in domain "msu" to these
> settings
>     to "Yes"
>
>  2. Select the radio button for "locally authenticated"
>
>  In the "Default domain" set the domain to tmcc (Truckee Meadows)
>
>  In the "Setting for assigning roles"
>  1. Select the radio button for "No role changes"
>
>  Click "Update Users".
>
> This will take some time to complete.
>
> Another way to do this is to run a script at the command line, as the www
> user which will modify the contents of the
> /home/httpd/lonUsers/tmcc/$1/$2/$3/$username/passwd files for existing users
> to be:
>
> localauth:
>
> (where $1, $2 and $3 are the first, second and third characters in the
> username, e.g., change the contents of
> /home/httpd/lonUsers/tmcc/j/e/n/jensen/passwd).
>
> As Domain Coordinator, you will also want to use "Set domain configuration"
> from the Main Menu, to set the configuration "User creation" setting the
> "Assignable authentication types" to include "Local" for all contexts.
>
> Stuart Raeburn
> MSU LON-CAPA group
>
>
> Quoting Lars Jensen <ljensen at tmcc.edu>:
>
>> Hi,
>>
>> We now have an ldap server for student authentications so I'd like  to
>> configure lon-capa to use it. Is this possible, and is there any
>>  documentation anywhere?
>>
>> Thanks,
>> Lars.
>>
>
>
>
> _______________________________________________
> LON-CAPA-admin mailing list
> LON-CAPA-admin at mail.lon-capa.org
> http://mail.lon-capa.org/mailman/listinfo/lon-capa-admin
>

More information about the LON-CAPA-admin mailing list