-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kelly,
Can you explain this a little further? I don't understand what you mean that you are using affiliations instead of group memberships. Thanks, Josh On Wednesday December 02, 2009, Kelly Robinson wrote: > Josh- > > We are using affiliations versus group memberships in our LDAP. Is there > are way for this to work without having the group memberships in LDAP set > up? > > Kelly > > >>> Josh Thompson <[email protected]> 11/24/2009 11:36 AM >>> > > Kelly, > > You can set up group memberships in LDAP and have them mirrored in to VCL. > You'll need to modify two functions in .ht-inc/authmethods/ldapauth.php in > the web code. > > -find the switch statement toward the bottom of the updateLDAPUser > -change the EXAMPLE1 case to match the name of your affiliation from the > affiliation table > -you'll probably want to rename updateEXAMPLE1Groups to also match your > affiliation > -now, you need to modify the updateEXAMPLE1Groups function > -where $auth is set, change "EXAMPLE1 LDAP" to match the key in the > $authMechs array from conf.php > -in the "for" loop at the bottom of the function, you'll need to set the > regular expressions to match what LDAP groups you want mirrored in to VCL > -the existing examples show three cases: > -all groups directly under the CourseRolls OU are matched > -the Students_Enrolled group under the Students OU is matched > -the Staff group under the IT OU is matched > > After making these changes, you should start seeing users automatically get > added to user groups in VCL as they log in. If you have a regular > expression that matches a group in LDAP that you don't already have in VCL, > it will be automatically created. > > A couple of points about this: > -the groups created/managed through this method do not show up on the > Manage Groups page because modifying there membership there would take them > out of sync with LDAP > -since the groups get created when someone logs in, you cannot grant a > group access somewhere in VCL until at least one user with that group > membership has logged in > -there is a timeout to be aware of: every LDAP user's information is cached > in the VCL database for 24 hours; so, until that timeout expires, the > user's group memberships in LDAP are not pulled again > > Let me know if you need anything clarified. > > Josh > > On Friday November 20, 2009, Kelly Robinson wrote: > > Is there a way for a user to be automatically listed as a member of a > > user group after logging in through LDAP authentication? I can manually > > add users to a user group through the "Manage Group" section of the VCL > > interface, but is there a more efficient way to automatically give users > > access to resources? > > > > Kelly - -- - ------------------------------- Josh Thompson Systems Programmer Advanced Computing | VCL Developer North Carolina State University [email protected] 919-515-5323 my GPG/PGP key can be found at pgp.mit.edu -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFLF83RV/LQcNdtPQMRAli0AJ9yuPBu4b+nqagru+Vn3YSuzaJyTQCffQDM IgIqkqzAnX89S3nmUmuoMmI= =7YtQ -----END PGP SIGNATURE-----
