Dear Alberto,
On Thursday 03 April 2008 10:52:16 Alberto Gianoli wrote:
> Hello,
>
> I'm not sure I have fully understood how groups work when you use
> external authentication. If you provide a function
> fetch_user_groups_membership then you can use groups stored on your
> external service (ldap or whatever). But anyway any new group a user
> creates will be stored only locally. Am I right?
Exactly,
group membership (i.e. which user belong to which group) information WRT
external group (coming from e.g. ldap) are imported and integrated into the
database at login time. A user can not change her membership to an external
group within Invenio but only through the external interface that can exist
for the external authentication system.
Group created in Invenio on the contrary are stored only locally and can have
different membership policy. User can configure their membership within
Invenio (according to the given local group policy).
Within Invenio the only difference in behaviour between external and local
groups is only the membership management, hence you can use your external
group for authorization management, for sending messages, etc. as you would
do with local groups.
> I'm using ldap as external authentication service, but when I create
> a group (and it is created locally as far as I can see) and another
> user joins it, when I ask the member list I get something like
> "user#15" instead of the user name.
Correct, this is due to users not having set a nickname. When a user have not
a nickname, her userid is displayed (not the email for privacy reasons). In
order to see human readable names, either each user should set her nickname
in her account page or the user should have configured a nickname exported
then by LDAP. The fetch_user_nickname method (which is implemented in the
last Invenio release) should correctly import the nickname into the database
the first time the user login in Invenio.
If you're using the external_authentication_ldap provided with Invenio, please
let us know if it's not correctly importing nicknames with your ldap
installation.
Best regards,
Samuele
--
.O.
..O
OOO
