Arbin,
I assume you are adding users who have not previously logged in to the VCL.
if you are using version 2.3, this is easy. You should simply make sure you
have this line in .ht-inc/conf.php:
define("ALLOWADDSHIBUSERS", 1);
if you are using version 2.2.1, it is still possible, but much more complicated.
You will need to define a function in the $affilValFunc array. All of this
configuration happens in the conf.php file.
Something like this:
$affilValFunc[$affiliationid] = create_function('', 'return 1;');
you will also need to define a function for the $addUserFunc and
$addUserFuncArgs arrays. The function should be something like the existing
addShibUser() function, but it needs to have this signature:
int myAddShibUserFunc(int affiliationid, string username);
This function should take an affiliation ID and a username (the username will
be the part of an EPPN before the @ sign) and add that user directly to the
database. Use addShibUser() as a template, just ignoring the values for email,
first and last name. The function should return NULL on error.
That is to say:
function myAddShibUserFunc($affilid, $username){
// SQL query adding user to the database
if($success){
return $new_user_id;
} else {
return NULL;
}
}
$addUserFuncArgs[$affiliationid] = 'myAddShibUserFunc';
Also, the $addUserFuncArgs array should be defined like this:
$addUserFuncArgs[$affiliationid] = $affiliationid;
I should also note that the affiliationID value used in these definitions
should be the positive integer found in the database, not the "0" value used in
$authMechs.
That said, this is all much less error-prone if done with version 2.3.
Alternately, if you are using 2.2.1, you can simply inform users that they must
first login before they are added to groups (if you want manual control over
such things), or you can modify shibauth/index.php to automatically add all
users to particular groups, possibly based on shibboleth attributes. For that,
you would need a line such as:
updateGroups(array(getUserGroupID('My Group Name', $affilid)), $usernid);
in shibauth/index.php
Hope that helps.
Aaron
--
Aaron Coburn
Systems Administrator and Programmer
Academic Technology Services, Amherst College
[email protected]<mailto:[email protected]>
On Aug 21, 2012, at 3:48 PM, Sanders, Arbin D wrote:
Hello all,
I am having an issue adding new user to a newly created VCL group. In the past,
we were connected via LDAP but as of now, we are using Shibboleth to
authenticate our users. Would this affect anything?
Arbin Darren Sanders
Information Technology Manager – Academic Support Services
Information Technology Services
North Carolina Central University
712 Cecil Street
Suite 3014
Durham, NC 27707
919.530.6307
919.530.5097 (Fax)
CONFIDENTIALITY: This email (including any attachments) may contain
confidential, proprietary and privileged information, and unauthorized
disclosure or use is prohibited. If you received this email in error, please
notify the sender and delete this e-mail from your system.
______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
______________________________________________________________________
