[LON-CAPA-admin] ldap authentication

hkng hkng at fsu.edu
Mon Jun 7 07:59:16 EDT 2010


Hi Lars,

My 2 cents.

When loncapa creates a user, it also writes it to the database called
loncapa in a table called allusers running under mysql. To view the user (if
you have terminal access).

1. mysql -u www -p loncapa
    (mysql will prompt for a password which can be found in
/etc/httpd/conf/loncapa_apache.conf in the line
    PerlSetVar       lonSqlAccess   <passwordentry>
    where passwordentry is the entry for the password.
2. When you have successfully logged in into mysql, type
   select * from allusers where username="lars_jensen";
   mysql should spit out the table contents of the username.
3. Now, this I am not sure whether deleting the username will do any good or
the thing to do. (The experts can comment on this.)
   delete from allusers where username="lars_jensen";

-hk

On Sun, Jun 6, 2010 at 11:58 PM, Lars Jensen <ljensen at mail.tmcc.edu> wrote:

> Hi Stuart,
>
> Thanks again for the reply. Please see below:
>
> On Sun, Jun 6, 2010 at 10:03 AM, Stuart Raeburn <raeburn at msu.edu> wrote:
> > Lars,
> >
> >> ....I don't understand how it can be that a student can login
> >> (authenticating through ldap) without the student's directory being
> >> created under lonUsers.
> >
> > If a domain has configured self-creation of accounts for institutional
> login
> > (e.g., with authentication type: local) LON-CAPA can authenticate the
> user,
> > but the user will not receive an account (with creation of a user
> directory
> > in /home/httpd/lonUsers on the primary library server for the domain),
> until
> > a "Create LON-CAPA account" button has been clicked on a screen displayed
> > after username and password have been submitted via the standard log-in
> > screen (and were authenticated).  This intermediate screen also allows
> the
> > user to provide user information (e.g., first name, last name, which were
> > not retrieved from an institutional source such as LDAP), as permitted by
> > the domain configuration.
> >
> > If the user is authenticated but has no LON-CAPA account, the following
> will
> > be logged in /home/httpd/perl/logs/lonnet.log on the server hosting the
> user
> > session:
> >
> > "User <username> at <domain> authorized by <primary library server>, but
> > needs account"
> >
> > Although the user has authenticated he/she does not have a LON-CAPA
> session
> > until the "Create LON-CAPA account" is clicked, and the information
> > submitted from that page has been verified.
> >
> > Note: for account creation to be successful, the domain configuration has
> to
> > have appropriate settings (see earlier post:
> >  http://mail.lon-capa.org/pipermail/lon-capa-admin/2010-June/002387.html
> ),
> > and the user's institutional status must satisfy any constraints defined
> for
> > the domain.
>
> All my settings are as you have suggested. For simplicity, I haven't
> defined any institutional affiliation. After I click the "Create
> LON-CAPA account" button, I get this error:
>
> Account creation failed for username: lars_jensen in domain: tmcc.
> Error: error: error: 2 tie(GDBM) Failed while attempting put
>
> and when I look in /home/httpd/perl/logs/lonnet.log it lists this entry:
>
> Call to modify user tmcc, lars_jensen, , localauth, Lars, , Jensen,
> (forceid: ; candelete: none) desiredhome not specified by  at  in
> domain
>
> In other words, for some reason lon-capa thinks that lars_jensen is an
> existing user, even thougg the lars_jensen directory doesn't exist
> under lonUsers.
>
> Lars.
>
> _______________________________________________
> LON-CAPA-admin mailing list
> LON-CAPA-admin at mail.lon-capa.org
> http://mail.lon-capa.org/mailman/listinfo/lon-capa-admin
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.lon-capa.org/pipermail/lon-capa-admin/attachments/20100607/c21de43b/attachment.html>


More information about the LON-CAPA-admin mailing list