[LON-CAPA-admin] ldap authentication

Lars Jensen ljensen at mail.tmcc.edu
Sun Jun 6 23:58:58 EDT 2010

Hi Stuart,

Thanks again for the reply. Please see below:

On Sun, Jun 6, 2010 at 10:03 AM, Stuart Raeburn <raeburn at msu.edu> wrote:
> Lars,
>> ....I don't understand how it can be that a student can login
>> (authenticating through ldap) without the student's directory being
>> created under lonUsers.
> If a domain has configured self-creation of accounts for institutional login
> (e.g., with authentication type: local) LON-CAPA can authenticate the user,
> but the user will not receive an account (with creation of a user directory
> in /home/httpd/lonUsers on the primary library server for the domain), until
> a "Create LON-CAPA account" button has been clicked on a screen displayed
> after username and password have been submitted via the standard log-in
> screen (and were authenticated).  This intermediate screen also allows the
> user to provide user information (e.g., first name, last name, which were
> not retrieved from an institutional source such as LDAP), as permitted by
> the domain configuration.
> If the user is authenticated but has no LON-CAPA account, the following will
> be logged in /home/httpd/perl/logs/lonnet.log on the server hosting the user
> session:
> "User <username> at <domain> authorized by <primary library server>, but
> needs account"
> Although the user has authenticated he/she does not have a LON-CAPA session
> until the "Create LON-CAPA account" is clicked, and the information
> submitted from that page has been verified.
> Note: for account creation to be successful, the domain configuration has to
> have appropriate settings (see earlier post:
>  http://mail.lon-capa.org/pipermail/lon-capa-admin/2010-June/002387.html),
> and the user's institutional status must satisfy any constraints defined for
> the domain.

All my settings are as you have suggested. For simplicity, I haven't
defined any institutional affiliation. After I click the "Create
LON-CAPA account" button, I get this error:

Account creation failed for username: lars_jensen in domain: tmcc.
Error: error: error: 2 tie(GDBM) Failed while attempting put

and when I look in /home/httpd/perl/logs/lonnet.log it lists this entry:

Call to modify user tmcc, lars_jensen, , localauth, Lars, , Jensen,
(forceid: ; candelete: none) desiredhome not specified by  at  in

In other words, for some reason lon-capa thinks that lars_jensen is an
existing user, even thougg the lars_jensen directory doesn't exist
under lonUsers.


More information about the LON-CAPA-admin mailing list