[LON-CAPA-admin] ldap authentication

Lars Jensen ljensen at mail.tmcc.edu
Mon Jun 7 00:02:01 EDT 2010

Hi Stuart,

One thing more should be mentioned:

When as DC, I select "Institutional login" under "User Creation' and
save, I get this error:

User creation

Changes made:
User creates own account, creation of a new account is permitted for:
users authenticated by institutional log-in

However, no institutional affiliations (including 'other') are
currently permitted to create accounts.


On Sun, Jun 6, 2010 at 8:58 PM, Lars Jensen <ljensen at mail.tmcc.edu> wrote:
> Hi Stuart,
> Thanks again for the reply. Please see below:
> On Sun, Jun 6, 2010 at 10:03 AM, Stuart Raeburn <raeburn at msu.edu> wrote:
>> Lars,
>>> ....I don't understand how it can be that a student can login
>>> (authenticating through ldap) without the student's directory being
>>> created under lonUsers.
>> If a domain has configured self-creation of accounts for institutional login
>> (e.g., with authentication type: local) LON-CAPA can authenticate the user,
>> but the user will not receive an account (with creation of a user directory
>> in /home/httpd/lonUsers on the primary library server for the domain), until
>> a "Create LON-CAPA account" button has been clicked on a screen displayed
>> after username and password have been submitted via the standard log-in
>> screen (and were authenticated).  This intermediate screen also allows the
>> user to provide user information (e.g., first name, last name, which were
>> not retrieved from an institutional source such as LDAP), as permitted by
>> the domain configuration.
>> If the user is authenticated but has no LON-CAPA account, the following will
>> be logged in /home/httpd/perl/logs/lonnet.log on the server hosting the user
>> session:
>> "User <username> at <domain> authorized by <primary library server>, but
>> needs account"
>> Although the user has authenticated he/she does not have a LON-CAPA session
>> until the "Create LON-CAPA account" is clicked, and the information
>> submitted from that page has been verified.
>> Note: for account creation to be successful, the domain configuration has to
>> have appropriate settings (see earlier post:
>>  http://mail.lon-capa.org/pipermail/lon-capa-admin/2010-June/002387.html),
>> and the user's institutional status must satisfy any constraints defined for
>> the domain.
> All my settings are as you have suggested. For simplicity, I haven't
> defined any institutional affiliation. After I click the "Create
> LON-CAPA account" button, I get this error:
> Account creation failed for username: lars_jensen in domain: tmcc.
> Error: error: error: 2 tie(GDBM) Failed while attempting put
> and when I look in /home/httpd/perl/logs/lonnet.log it lists this entry:
> Call to modify user tmcc, lars_jensen, , localauth, Lars, , Jensen,
> (forceid: ; candelete: none) desiredhome not specified by  at  in
> domain
> In other words, for some reason lon-capa thinks that lars_jensen is an
> existing user, even thougg the lars_jensen directory doesn't exist
> under lonUsers.
> Lars.

More information about the LON-CAPA-admin mailing list