[LON-CAPA-users] error on new course

[Stuart Raeburn]

Jim,

This problem is the result of the fact there are two users with the  
same username (for this "Domain Coordinator" account) in the pitt  
domain.

The home server for the original one is the physics server (pittphyast1).

That DC user must also have been assigned an authoring role at some  
point, and either your colleague was logged in as that user when  
authoring those resources, or a co-author role was assigned, and the  
co-author role was used when creating them.

More recently an identical username was assigned to a new user on the  
second library server/VM (pittmath2) added this summer (in Math) to  
the pitt LON-CAPA domain.

Ordinarily, LON-CAPA will prevent creation of duplicate usernames on  
different library servers in the same domain. However, there is an  
exception when make_domain_coordinator.pl is run from the command line.

My assumption is that make_domain_coordinator.pl was run on the new  
pittmath2 library server, and unfortunately the username chosen for  
the new Domain Coordinator was the same as the one which already  
existed on pittphyast1.

What happens then, when you attempt to browse this user's directory in  
/res/pitt/XXXXXX, is that LON-CAPA first checks the homeserver for the  
user, and it accepts the first "found" result, which comes from  
pittmath2. (The result is also cached in %homecache in an Apache child).

LON-CAPA then requests a directory listing from  
/home/httpd/html/res/pitt/XXXXXX on pittmath2, but finds nothing there  
- hence "Directory does not exist" is reported.

The same occurs when other servers (excluding pittphyast1) attempt to  
display published resources from /res/pitt/XXXXXX.

If the server doesn't already have the resources, then it will contact  
the author's homeserver to subscribe, and then, once subscribed, the  
content will be replicated from pittphyast1 to the other server.

In this case, though, it is contacts pittmath2 (the author's  
homeserver), but that server doesn't have the  content, so it can't be  
replicated.

The solution to this is for the system administrator in Math to use  
the command line on pittmath2 to:

(a) Run expire_DC_role.pl to expire the DC role for the XXXXXX:pitt  
user on pittmath2.

(b) Delete the XXXXXX user from /home/httpd/lonUsers/1/2/3/XXXXXX  
(where 1,2, and 3 are the first three characters in the XXXXXX  
username).

(c) Run make_domain_coordinator.pl on pittmath2, if a second Domain  
Coordinator account is needed, (or run  
add_domain_coordinator_privilege.pl on pittmath2 to assign a DC role  
to an existing user, for which pittmath2 is the home server).

After reload of the Apache web server on each of the LON-CAPA servers  
in the pitt domain, then the homeserver for the XXXXXX:pitt user will  
be correctly identified as pittphyast1, and the directory  
/res/pitt/XXXXXX will no longer be reported as non-existent, and  
content will be replicated from there to other servers hosting  
sessions for pitt users.

>
> One thing I found in doing this was that the math IT person, has   
> moved the math server over to a vm on a machine in the universities   
> data center.  This allows them to use the university single login   
> rather than the local login that is used by the physics servers.

 From a technical standpoint it seems to me that use of Shibboleth  
authentication can easily be supported for all pitt users by requiring  
log-in to LON-CAPA via https://homework2.math.pitt.edu (which has  
Shibboleth installed) as long as the usernames used for users for whom  
pittphyast1 is the homeserver are standard Pitt Passport usernames.  
(For non-standard usernames the URL: /adm/login, i.e., non-SSO log-in,  
would need to be used).

 From a purely technical standpoint, it would make sense to make  
pittmath2 an access server, and also configure it as a LON-CAPA load  
balancer for the pitt domain.  If that were done, resources allocated  
to the VM could be reduced significantly.  If any users have been  
created on it in /home/httpd/lonUsers/pitt they could be moved to  
pittphyast1.

There may be other (non-technical) reasons why the two departments  
wish to run their own library servers within the pitt LON-CAPA domain,  
and LON-CAPA is also perfectly able to support that configuration  
(just don't duplicate usernames on the two library servers when  
creating users via the command line).


Stuart Raeburn
LON-CAPA Academic Consortium

Quoting "Mueller, James A." <mueller at pitt.edu>:

> Stuart,
> Thanks for the very detailed instructions.  I now have a related   
> problem and some understanding of what might have been the cause of   
> my problem before.
>
> There are a set of .problem files that were written 7-8 years ago by  
>  a professor who has since retired.  What is strange is that he did   
> not create these under his own author area but somehow in an area I   
> would associate with the domain coordinator  ?/res/pitt/XXXXXX?   
> where XXXXXX is the username for the domain coordinator.  Now we   
> have just been cloning the course every year, and that works fine   
> from the physics server, but they cannot be seen from the math   
> server.  Thus cloning failed when run from the math server.
> Now that the course is set up, I see students who end up on the math  
>  server still can?t view those problems.  From the physics server,   
> for students in my course, they click on the problem and all is   
> fine.  But if they are on the math access server, they see an error   
> message like ?Unable to find MeteoroidsInertial.problem?.
> In addition, if as course coordinator I try to browse resources   
> (from either server), it shows and Area XXXXXX under /res/pitt, but   
> if I click on it, it says ?Directory does not exist?.  On the other   
> hand, I can log into the library server, do an ls on that area   
> (/home/httpd/html/res/pitt/XXXXXX?) and see all the files.  So I   
> guess I need to copy all the .problem files over to a valid author   
> area (mine probably), republish them, and move the links in my   
> course to new versions of the problems for future terms.
>
> One thing I found in doing this was that the math IT person, has   
> moved the math server over to a vm on a machine in the universities   
> data center.  This allows them to use the university single login   
> rather than the local login that is used by the physics servers.    
> Probably not a good idea to have the math access server run   
> differently from the physics access and library servers, so that is   
> something we should probably standardize in the near future.
>
> -Jim