From michael.dugdale at johnabbott.qc.ca Mon Jun 23 15:49:40 2025 From: michael.dugdale at johnabbott.qc.ca (Michael Dugdale) Date: Mon, 23 Jun 2025 19:49:40 +0000 Subject: [LON-CAPA-admin] Server migration Message-ID: <03EA86C7-A957-4388-BF13-2E4B4A1D8527@johnabbott.qc.ca> Hi, all We?re replacing some of our antiquated hardware for our LON-CAPA installation. I?d like to take advantage of this time to make some updates to my installation, in particular authentication. I?ve looked through the Domain manual, and I *think* most of what I?d like to do is possible, but want to verify first. (1) Institutional login We?re using Microsoft services for logins, and my institution would be very happy for us to adopt that in lieu of our current kerberos authentication (so they can set 2FA policies, etc.). It looks like this can be done using mod_auth_openidc and setup similar to that documented in section 4.3 CAS Authentication (SSO) in the Domain Manual. Question: Has anyone implemented Microsoft oauth2 authentication for institutional users in LON-CAPA? If so, are there any pitfalls of which I should be aware? (2) Removing expired accounts I know Gerd had commented on ?storage growing faster than users? which is undoubtedly true. There is, however, a matter of data retention policies. We?ve been on LON-CAPA for long enough that some of our earlier student users should have their records removed according to our data retention policies. Question: Is there any way to do this gracefully? I had thought to write a script to check such students roles to find their courses, edit those courses? *.db files using a db_dump, edit resulting text files to remove reference to the student accounts to expire, reconstruct the db file (db_load) and validate (db_recover -v) workflow, followed by a removal of the student directory. I know this isn?t in line with the ?keep everything? approach that LON-CAPA has adopted, but this is coming into conflict with data retention policies? For reference, we have some student accounts going back to 2008. Thank you for any advice you can offer on these points. Cheers, Michael -------------- next part -------------- An HTML attachment was scrubbed... URL: