[LON-CAPA-admin] ldap authentication

Lars Jensen ljensen at mail.tmcc.edu
Sun Jul 25 17:17:38 EDT 2010

Hi Stuart,

Thanks so much helping out with the switch to LDAP. Of course, all the
existing lon-capa users on schubert are internally authenticated
before. The question is how to swich them over. We also have another
change made to all of out students because the college is switching
student management system from SIS to Peoplesoft. As a result, every
single student has been assigned a new student-ID. (The usernames of
almost all students are unchanged during this change.) In other words,
I need to change both the authentication type and the student-ID in
loncapa. My questions have to do how to do this. In a previous email,
you outlined two methods for switching users to ldap (see below). The
problem is that none of these are good when a change of the student-ID
is involved.

Is there a way to have lon-capa re-read/update the student id of an
existing user from the ldap server, much like loncapa auto-fill the
student-ID of a new user upon first login? If all the student-ID's of
existing users are changed to blanks, will lon-capa update them from
the ldap server once the user has been changed to local


On Fri, Jul 24, 2009 at 12:32 PM, Stuart Raeburn <raeburn at msu.edu> wrote:
> Once you have localauth.pm configured and working you can switch existing
> users to use LDAP by modifying the authentication type for them to
> "localauth" (they are probably currently set to internal").  One way to do
> this is to become the Domain Coordinator and proceed as follows:
> A. Go to Main Menu
> B. Clck on "Create users or modify the roles and privileges of users"
> C. Click on  "Upload a File of Users"
> upload a file containing usernames of users for whom the authentication
> mechanism is to be changed.
> D. On the next page, identify the username field, and in the "Login Type
> section:
>  1. Change authentication for existing users in domain "msu" to these
> settings
>     to "Yes"
>  2. Select the radio button for "locally authenticated"
>  In the "Default domain" set the domain to tmcc (Truckee Meadows)
>  In the "Setting for assigning roles"
>  1. Select the radio button for "No role changes"
>  Click "Update Users".
> This will take some time to complete.
> Another way to do this is to run a script at the command line, as the www
> user which will modify the contents of the
> /home/httpd/lonUsers/tmcc/$1/$2/$3/$username/passwd files for existing users
> to be:
> localauth:
> (where $1, $2 and $3 are the first, second and third characters in the
> username, e.g., change the contents of
> /home/httpd/lonUsers/tmcc/j/e/n/jensen/passwd).

More information about the LON-CAPA-admin mailing list