[LON-CAPA-admin] Delete Domaon Coordinator accounts

Stuart Raeburn raeburn at msu.edu
Tue Mar 10 18:18:58 EDT 2015 

Richard,

Thanks for attaching a screenshot to clarify what you screen you meant  
by "the GUI".

When you ran expire_DC_role.pl, the DC role was being expired in the  
particular user's own roles.db GDBM file, but the new end date (i.e.,  
the current time) was not recorded correctly in the  
nohist_domainroles.db, (which is used to build the "Manage Users"  
display which lists users with domain roles, i.e., "the GUI").

Anyway, rev. 1.7 of expire_DC_role.pl (which will be included in  
LON-CAPA 2.11.1) fixes the issue with recording of the new end date  
for the expired role.

If you want to update your non-prod environment, ahead of availability  
of 2.11.1, then you could get rev 1.7 from the LON-CAPA CVS repository.

wget -O expire_DC_role.pl  
'http://source.loncapa.org/cgi-bin/cvsweb.cgi/~checkout~/loncom/build/expire_DC_role.pl?rev=1.7;content-type=text/plain'

The other issue you reported:

> `/home/httpd/lonUsers/purdue/p/u/r/nohist_rolelog.db': No such file   
> or directory

is also fixed in rev. 1.7

The script used to assign a domain coordinator role to an existing user, i.e.,

add_domain_coordinator_privilege.pl

had the same issue with the path to nohist_rolelog.db in 2.11.0, so if  
you wanted to avoid being distracted by the error message there, you  
also grab that:

wget -O add_domain_coordinator_privilege.pl  
'http://source.loncapa.org/cgi-bin/cvsweb.cgi/~checkout~/loncom/build/add_domain_coordinator_privilege.pl?rev=1.10;content-type=text/plain'

Note: the change in expire_DC_role.pl rev. 1.7 will not actually  
correct an existing entry for an expired DC role in  
nohist_domainroles.db (which generates the listing in the web GUI), so  
if you want the GUI to display the expected Domain Coordinators, you  
should downloaded the new version of expire_DC_role.pl, then run:

add_domain_coordinator_privilege.pl

to re-assign a DC role to ech of the users for whom you expired roles  
previously, and then run expire_DC_role.pl (rev 1.7) for each of them  
to revoke them again.

Starting with LON-CAPA 2.11.0 ...

Main Menu -> Create users or modify the roles and privileges of users  
-> Change Log

will display a record of domain role changes (i.e., DC, author etc.)  
made in your domain on 2.11 servers.

> I still have not found a way to actually delete accounts.

There is an open bug/enhancement request for this, see:
http://bugs.loncapa.org/show_bug.cgi?id=6766

If you would like to be updated when work is done on that bug, you  
might consider requesting creation of a LON-CAPA bugzilla account, and  
adding yourself as a CC on bug 6766.

Currently, if you want to disable access for a LON-CAPA account, you  
can change the password, or in the case of filesystem authenticated  
users (i.e., users created using make_domain_coordinator.pl) either  
change the authentication mechanism (and set a new password), or  
delete the corresponding Linux user with the userdel command.

Lastly, the screenshot you sent included DC roles for a couple of  
users in the author domain.  Those are artifacts from when the purdue  
LON-CAPA domain was first active (it was hosted by eduCog initially).


Stuart Raeburn
LON-CAPA Academic Consortium


Quoting "Lucas, Richard" <clucas at purdue.edu>:

> I am creating a new thread for this since it is somewhat unrelated   
> to the previous one about multiple domain coordinator accounts.
>
> We updated our non-prod environment to 2.11, but it didn't change   
> much in the matter of the expire script or how to remove users. Here  
>  is the list of domain coordinators as listed in the front end:
>
> [cid:image001.png at 01D05B3C.4F7F42D0]
>
>
> I tried to expire the dc_clucas account earlier, but it doesn't seem  
>  to be reflected in the GUI. Here is the result from that:
>
> # perl expire_DC_role.pl dc_clucas:purdue purdue
> Language: English (en). Change? [ar|de|en|es|fa|fr|he|ja|pt|ru|tr|zh]?
> Confirmed: dc_clucas:purdue has a DC role for domain: purdue.
> Start date: Thu Mar  5 06:20:18 pm 2015 (EST)
> No planned end date. Proceeding to expire role.
> /bin/chown: cannot access   
> `/home/httpd/lonUsers/purdue/p/u/r/nohist_rolelog.db': No such file   
> or directory
> /bin/chown: cannot access   
> `/home/httpd/lonUsers/purdue/p/u/r/nohist_rolelog.db.lock': No such   
> file or directory
> User: dc_clucas:purdue, domain coordinator role expired in domain: purdue.
>
> When I tried one of the other accounts, it told me it didn't have the role:
>
> # perl expire_DC_role.pl dcpurdue:purdue purdue
> Language: English (en). Change? [ar|de|en|es|fa|fr|he|ja|pt|ru|tr|zh]?
> dcpurdue:purdue does NOT have a DC role for domain: purdue.
> Expiration is not required
>
> As you can see it workd on the dc_young257 account before the   
> upgrade, although the GUI status didn't change right away. That may   
> be the same issue with the dc_clucas account. I still have not found  
>  a way to actually delete accounts.
>
> Thanks for any help you can provide.
>
> Richard

More information about the LON-CAPA-admin mailing list