addUserFunc in conf.php for Shibboleth

[Mike Haudenschild <mi...@longsight.com>]

Afternoon --

I have Shib set up and working on an existing VCL installation, but in
reviewing my conf.php I ran across this at the bottom of the file:

# any affiliation that is shibboleth authenticated without a corresponding
# LDAP server needs an entry in addUserFunc
# $addUserFunc[affiliationid goes here] = create_function('', 'return 0;');

Currently, I don't have this configured.  Everything *seems* to be working
-- VCL is adding Shib users to the database, creating groups, etc. etc.
 The only strange issue I had was the Shib affiliation ID in the database
didn't get set to the value I had specified in conf.php when the first Shib
user logged-in.  Am I setting myself up for disappointment?

Regards,
Mike

--
*Mike Haudenschild*
Education Systems Manager
Longsight Group
(740) 599-5005 x809
mike@longsight.com
www.longsight.com

Re: addUserFunc in conf.php for Shibboleth

[Josh Thompson <jo...@ncsu.edu>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mike,

I apologize for the late response.

You are pretty much okay without it.  The documentation there is actually 
lacking that there also needs to be a similar entry in $updateUserFunc.  If 
you try to look up a user that does not exist in your user table under "User 
Lookup" the site will generate an error without this entry.  Similarly, if you 
try to add a user that does not exist in your user table somewhere on the web 
site (i.e. adding a user to a user group), you will also generate an error 
without an entry in $addUserFunc.

As long as you always work with users that exist in your user table, you will 
not generate any errors.  Even if you do try to add a non-existent user, at 
worst, the code will just tell the user an error occurred (unless the user has 
rights to see debug info, and then the user will see the generated error).

Josh

On Tuesday, March 20, 2012 5:37:29 PM Mike Haudenschild wrote:
> Afternoon --
> 
> I have Shib set up and working on an existing VCL installation, but in
> reviewing my conf.php I ran across this at the bottom of the file:
> 
> # any affiliation that is shibboleth authenticated without a corresponding
> # LDAP server needs an entry in addUserFunc
> # $addUserFunc[affiliationid goes here] = create_function('', 'return 0;');
> 
> Currently, I don't have this configured.  Everything *seems* to be working
> -- VCL is adding Shib users to the database, creating groups, etc. etc.
>  The only strange issue I had was the Shib affiliation ID in the database
> didn't get set to the value I had specified in conf.php when the first Shib
> user logged-in.  Am I setting myself up for disappointment?
> 
> Regards,
> Mike
> 
> --
> *Mike Haudenschild*
> Education Systems Manager
> Longsight Group
> (740) 599-5005 x809
> mike@longsight.com
> www.longsight.com
- -- 
- -------------------------------
Josh Thompson
VCL Developer
North Carolina State University

my GPG/PGP key can be found at pgp.mit.edu

All electronic mail messages in connection with State business which
are sent to or received by this account are subject to the NC Public
Records Law and may be disclosed to third parties.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)

iEYEARECAAYFAk9547cACgkQV/LQcNdtPQNlwwCeM2OvJ2o/wT5bt/T4wBDuegah
VUEAn0YS5jFgA/XfmrMMh6vwNbyx55Kc
=hkLC
-----END PGP SIGNATURE-----