[LON-CAPA-admin] ldap authentication
Lars Jensen
ljensen at mail.tmcc.edu
Sat Jul 25 15:40:22 EDT 2009
Thanks, Stuart.
-Lars.
On Fri, Jul 24, 2009 at 12:32 PM, Stuart Raeburn<raeburn at msu.edu> wrote:
> Lars,
>
> Yes, user authentication via LDAP is possible.
> /home/httpd/lib/perl/localauth.pm can be customized to authenticate against
> your campus LDAP service.
>
> There's an example in the Domain Coordination Manual (e.g.,
> http://msu.loncapa.org/adm/help/domain.manual.pdf) -- see section 4.1
> "Institutional Authentication" on page 14.
>
> Once you have localauth.pm configured and working you can switch existing
> users to use LDAP by modifying the authentication type for them to
> "localauth" (they are probably currently set to internal"). One way to do
> this is to become the Domain Coordinator and proceed as follows:
>
> A. Go to Main Menu
>
> B. Clck on "Create users or modify the roles and privileges of users"
>
> C. Click on "Upload a File of Users"
>
> upload a file containing usernames of users for whom the authentication
> mechanism is to be changed.
>
>
> D. On the next page, identify the username field, and in the "Login Type
> section:
>
> 1. Change authentication for existing users in domain "msu" to these
> settings
> to "Yes"
>
> 2. Select the radio button for "locally authenticated"
>
> In the "Default domain" set the domain to tmcc (Truckee Meadows)
>
> In the "Setting for assigning roles"
> 1. Select the radio button for "No role changes"
>
> Click "Update Users".
>
> This will take some time to complete.
>
> Another way to do this is to run a script at the command line, as the www
> user which will modify the contents of the
> /home/httpd/lonUsers/tmcc/$1/$2/$3/$username/passwd files for existing users
> to be:
>
> localauth:
>
> (where $1, $2 and $3 are the first, second and third characters in the
> username, e.g., change the contents of
> /home/httpd/lonUsers/tmcc/j/e/n/jensen/passwd).
>
> As Domain Coordinator, you will also want to use "Set domain configuration"
> from the Main Menu, to set the configuration "User creation" setting the
> "Assignable authentication types" to include "Local" for all contexts.
>
> Stuart Raeburn
> MSU LON-CAPA group
>
>
> Quoting Lars Jensen <ljensen at tmcc.edu>:
>
>> Hi,
>>
>> We now have an ldap server for student authentications so I'd like to
>> configure lon-capa to use it. Is this possible, and is there any
>> documentation anywhere?
>>
>> Thanks,
>> Lars.
>>
>
>
>
> _______________________________________________
> LON-CAPA-admin mailing list
> LON-CAPA-admin at mail.lon-capa.org
> http://mail.lon-capa.org/mailman/listinfo/lon-capa-admin
>
More information about the LON-CAPA-admin
mailing list