-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 David,
If there are not any matches, the user should not be getting added to any groups. If a user is not in any groups, but has been granted access to make reservations somewhere in the privilege tree by specifically granting access to that userid, then the times are taken from the group defined for DEFAULTGROUP in conf.php. Josh On Monday, August 11, 2014 3:01:32 PM David DeMizio wrote: > Thanks Josh, > > I have set the values as you suggested and created a few extra regular > expression. So if the user does not match any for my regular expressions > which group does it get put in to? global@local? > > > > > On Mon, Aug 11, 2014 at 2:46 PM, Josh Thompson <[email protected]> > > wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > David, > > > > Just to be clear, I think you're saying you only want to see a max of 2 > > hours > > in the initial drop down. Then, you want to be able to extend a > > reservation > > by up to 1 hour increments, but be able to do that twice to reach a max > > duration of 4 hours. If that's correct, make sure you have the following > > values set: > > > > Initial Max Time: 2 hours > > Total Max Time: 4 hours > > Max Extend Time: 1 hour > > > > Make sure those are set, and then log out/back in. If you're still seeing > > greater values than that, your userid is probably in a user group you > > don't > > have access to manage. You can look in the database to be sure. Look in > > the > > user table to get the user.id. Then, look in the usergroupmembers table > > to > > find all of the usergroupids of which the user is a member. Finally, look > > in > > the usergroup table to see the times set for each of those user groups. > > > > Of all of a user's groups, the one with the greatest values is what is > > used. > > One other thing to check is the image.maxinitialtime field. But, that can > > only be set directly in the database. So, I doubt it is the issue. > > > > Josh > > > > On Monday, August 11, 2014 1:36:12 PM David DeMizio wrote: > > > Hi Josh, > > > > > > I'm still seeing 4 hours in the drop down when creating a reservation, > > > > I'd > > > > > like for it to only go up to 2 hours but give the option to extend up to > > > > 1 > > > > > hour. Total max time I set to 4 hours for the group that my userid is > > > in. > > > Do I need to change something manually in the DB? Thank you > > > > > > > > > > > > > > > On Mon, Aug 4, 2014 at 12:30 PM, Josh Thompson <[email protected]> > > > > > > wrote: > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > > Hash: SHA1 > > > > > > > > David, > > > > > > > > Look over the "Mirroring LDAP User Groups" section on this page: > > > > > > > > http://vcl.apache.org/docs/ldapauth.html > > > > > > > > You have to actually modify the php code as described there to get > > > > groups > > > > > > from > > > > LDAP (AD) mirrored into your VCL system. > > > > > > > > Once set up, when a user logs in to VCL, some information about him is > > > > pulled > > > > from LDAP. That includes user group membership if your LDAP system > > > > makes > > > > > > that > > > > available. The list of user groups of which the user is a member are > > > > parsed > > > > by the function you create. Any groups that match the regular > > > > expressions > > > > > > you > > > > set up are created if they don't exist, and the user is then added to > > > > those > > > > groups, and removed from any other LDAP based groups not in the list > > > > of > > > > groups. > > > > > > > > Any user groups that are created this was have their initialmaxtime, > > > > totalmaxtime, and maxextendtime fields set from the default values in > > > > your > > > > > > database. > > > > > > > > The idea here is that you establish an initial set of user groups and > > > > their > > > > privileges in VCL. Once set up, any users logging in for the first > > > > time > > > > > > already have their access set up for them. > > > > > > > > Any user groups created from LDAP have the 'custom' field set to 0 in > > > > the > > > > > > database. They show up as 'Federated' groups on the Manage Groups > > > > page. > > > > > > You > > > > > > > > are allowed to edit the group attributes, but not the membership via > > > > the > > > > > > web > > > > interface since the membership is automatically managed to reflect the > > > > LDAP > > > > membership. > > > > > > > > If you aren't seeing the Federated groups on the Manage Groups page, > > > > you > > > > > > need > > > > to add the "Manage Federated User Groups" user group permission to one > > > > of > > > > > > your > > > > user groups on the Privileges->Additional User Permissions page. > > > > > > > > I've never managed the LDAP server end of this. So, I can't provide > > > > any > > > > > > guidance on how to set up the groups in AD or something like Open > > > > LDAP. > > > > > > > > Josh > > > > > > > > On Monday, August 04, 2014 11:29:10 AM David DeMizio wrote: > > > > > Hello, > > > > > > > > > > I'm just now getting into setting up groups and privileges as I'm > > > > going > > > > > > to > > > > > > > > > put a small lab in Prod just containing linux images. I read a > > > > couple of > > > > > > > post on Ldap but I'm still not clear on the correlation between the > > > > > > > > Manage > > > > > > > > > groups menu from VCL interface and the LDAP groups. I noticed that > > > > > Manage > > > > > groups allow you to set initial max time and so forth, so how do I > > > > > associate a particular AD group or AD user with a group in VCL so I > > > > can > > > > > > > set these initial max times etc.. I want initial max time to be 2 > > > > hours > > > > > > but > > > > > > > > > the ability for students to extend up to 1 hour, total of 3 hours. > > > > Thank > > > > > > > you > > > > > > > > - -- > > > > - ------------------------------- > > > > Josh Thompson > > > > VCL Developer > > > > North Carolina State University > > > > > > > > my GPG/PGP key can be found at pgp.mit.edu > > > > > > > > All electronic mail messages in connection with State business which > > > > are sent to or received by this account are subject to the NC Public > > > > Records Law and may be disclosed to third parties. > > > > -----BEGIN PGP SIGNATURE----- > > > > Version: GnuPG v2.0.22 (GNU/Linux) > > > > > > > > iEYEARECAAYFAlPftSQACgkQV/LQcNdtPQONrwCdFHnuRxcpalNEHPHhvHHMlDb2 > > > > I6kAn0SMkLFw8j+iarOscu9halcPuNHt > > > > =4WjI > > > > -----END PGP SIGNATURE----- > > > > - -- > > - ------------------------------- > > Josh Thompson > > VCL Developer > > North Carolina State University > > > > my GPG/PGP key can be found at pgp.mit.edu > > > > All electronic mail messages in connection with State business which > > are sent to or received by this account are subject to the NC Public > > Records Law and may be disclosed to third parties. > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v2.0.22 (GNU/Linux) > > > > iEYEARECAAYFAlPpD4gACgkQV/LQcNdtPQMAZwCeIMrUOp+QIT9n3W1ROj4VPleC > > WUcAni11PYcSpDuSKqGYY3EqEsskq0WI > > =3OlW > > -----END PGP SIGNATURE----- - -- - ------------------------------- Josh Thompson VCL Developer North Carolina State University my GPG/PGP key can be found at pgp.mit.edu All electronic mail messages in connection with State business which are sent to or received by this account are subject to the NC Public Records Law and may be disclosed to third parties. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAlPpFQ8ACgkQV/LQcNdtPQOuTACcCHaj71irfJSF7ixZkcQ4If/y 9UoAnRCzMWB6/uxKma93MBGmBQpCMIcf =03PW -----END PGP SIGNATURE-----
