[LON-CAPA-admin] ldap authentication
raeburn at msu.edu
Fri Jul 24 15:32:01 EDT 2009
Yes, user authentication via LDAP is possible.
/home/httpd/lib/perl/localauth.pm can be customized to authenticate
against your campus LDAP service.
There's an example in the Domain Coordination Manual (e.g.,
http://msu.loncapa.org/adm/help/domain.manual.pdf) -- see section 4.1
"Institutional Authentication" on page 14.
Once you have localauth.pm configured and working you can switch
existing users to use LDAP by modifying the authentication type for
them to "localauth" (they are probably currently set to internal").
One way to do this is to become the Domain Coordinator and proceed as
A. Go to Main Menu
B. Clck on "Create users or modify the roles and privileges of users"
C. Click on "Upload a File of Users"
upload a file containing usernames of users for whom the
authentication mechanism is to be changed.
D. On the next page, identify the username field, and in the "Login
1. Change authentication for existing users in domain "msu" to
2. Select the radio button for "locally authenticated"
In the "Default domain" set the domain to tmcc (Truckee Meadows)
In the "Setting for assigning roles"
1. Select the radio button for "No role changes"
Click "Update Users".
This will take some time to complete.
Another way to do this is to run a script at the command line, as the
www user which will modify the contents of the
/home/httpd/lonUsers/tmcc/$1/$2/$3/$username/passwd files for existing
users to be:
(where $1, $2 and $3 are the first, second and third characters in the
username, e.g., change the contents of
As Domain Coordinator, you will also want to use "Set domain
configuration" from the Main Menu, to set the configuration "User
creation" setting the "Assignable authentication types" to include
"Local" for all contexts.
MSU LON-CAPA group
Quoting Lars Jensen <ljensen at tmcc.edu>:
> We now have an ldap server for student authentications so I'd like
> to configure lon-capa to use it. Is this possible, and is there any
> documentation anywhere?
More information about the LON-CAPA-admin