You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@vcl.apache.org by Natalia Watanabe <na...@gmail.com> on 2009/09/23 04:05:32 UTC

Enabling LDAP Authentication Issue - Workaround

Hi all,


While enabling authentication using LDAP, I found a problem regarding user
registration. VCL couldn't add a LDAP user because a DB constraint between
'user' and 'affiliation' tables. I solved it adding this entry in
affiliation table:

INSERT INTO `vcl`.`affiliation` (id, name, shibname, dataUpdateText,
sitewwwaddress, helpaddress, shibonly)
VALUES (2,'LDAP',null,'','','',false);

Could you please modify vcl.sql script populating affiliation table with all
the possible methods (Local, LDAP, Shibboleth, etc.)


-- 
Kind regards,
Natalia Watanabe

Re: Enabling LDAP Authentication Issue - Workaround

Posted by Josh Thompson <jo...@ncsu.edu>.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Natalia,

Actually, the affiliation table is for defining who users are affiliated with.  
For example, with the NCSU install of VCL, we have several other universities 
using it.  So, we have an entry where 'name' is set to 'NCSU', another entry 
for 'ECU', another entry for 'WCU', and so on.

The 'name' field in that table is then what is used anywhere a userid is 
entered (to add a user to a user group, to assign a user as an owner of a 
resource, etc) to associate the user with the correct affiliation.  Complete 
userids are entered as userid@affiliation.  My complete userid in the NCSU 
install is jfthomps@NCSU.

It sounds like you added an entry in conf.php in the $authMechs array and set 
the affiliationid in that entry to 2.  Since you had no entry in the 
affiliation table with an id of 2, you ran in to problems.  You can set up 
multiple LDAP authentication mechanisms in the $authMechs array, with each 
having a different affiliationid.  So, it doesn't make sense to prepopulate 
the table with any entries other than ones that correspond to accounts 
prepopulated in the user table.

I hope that clears things up a bit.

Josh

On Tuesday September 22, 2009, Natalia Watanabe wrote:
> Hi all,
>
>
> While enabling authentication using LDAP, I found a problem regarding user
> registration. VCL couldn't add a LDAP user because a DB constraint between
> 'user' and 'affiliation' tables. I solved it adding this entry in
> affiliation table:
>
> INSERT INTO `vcl`.`affiliation` (id, name, shibname, dataUpdateText,
> sitewwwaddress, helpaddress, shibonly)
> VALUES (2,'LDAP',null,'','','',false);
>
> Could you please modify vcl.sql script populating affiliation table with
> all the possible methods (Local, LDAP, Shibboleth, etc.)
- -- 
- -------------------------------
Josh Thompson
Systems Programmer
Advanced Computing | VCL Developer
North Carolina State University

Josh_Thompson@ncsu.edu
919-515-5323

my GPG/PGP key can be found at pgp.mit.edu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFKuhsDV/LQcNdtPQMRApOXAJ93iZywMtJIZ7nrU+qoEW2ETSULDQCdFf+7
fzOpQdeen6lkZzhn25zPRUM=
=6+H6
-----END PGP SIGNATURE-----