[LON-CAPA-admin] ldap authentication

Stuart Raeburn raeburn at msu.edu
Fri Jul 24 15:32:01 EDT 2009


Yes, user authentication via LDAP is possible.  
/home/httpd/lib/perl/localauth.pm can be customized to authenticate  
against your campus LDAP service.

There's an example in the Domain Coordination Manual (e.g.,  
http://msu.loncapa.org/adm/help/domain.manual.pdf) -- see section 4.1  
"Institutional Authentication" on page 14.

Once you have localauth.pm configured and working you can switch  
existing users to use LDAP by modifying the authentication type for  
them to "localauth" (they are probably currently set to internal").   
One way to do this is to become the Domain Coordinator and proceed as  

A. Go to Main Menu

B. Clck on "Create users or modify the roles and privileges of users"

C. Click on  "Upload a File of Users"

upload a file containing usernames of users for whom the  
authentication mechanism is to be changed.

D. On the next page, identify the username field, and in the "Login  
Type section:

   1. Change authentication for existing users in domain "msu" to  
these settings
      to "Yes"

   2. Select the radio button for "locally authenticated"

   In the "Default domain" set the domain to tmcc (Truckee Meadows)

   In the "Setting for assigning roles"
   1. Select the radio button for "No role changes"

   Click "Update Users".

This will take some time to complete.

Another way to do this is to run a script at the command line, as the  
www user which will modify the contents of the  
/home/httpd/lonUsers/tmcc/$1/$2/$3/$username/passwd files for existing  
users to be:


(where $1, $2 and $3 are the first, second and third characters in the  
username, e.g., change the contents of  

As Domain Coordinator, you will also want to use "Set domain  
configuration" from the Main Menu, to set the configuration "User  
creation" setting the "Assignable authentication types" to include  
"Local" for all contexts.

Stuart Raeburn

Quoting Lars Jensen <ljensen at tmcc.edu>:

> Hi,
> We now have an ldap server for student authentications so I'd like   
> to configure lon-capa to use it. Is this possible, and is there any   
> documentation anywhere?
> Thanks,
> Lars.

More information about the LON-CAPA-admin mailing list