You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@vcl.apache.org by Natalia Watanabe <na...@gmail.com> on 2009/09/23 04:05:32 UTC
Enabling LDAP Authentication Issue - Workaround
Hi all,
While enabling authentication using LDAP, I found a problem regarding user
registration. VCL couldn't add a LDAP user because a DB constraint between
'user' and 'affiliation' tables. I solved it adding this entry in
affiliation table:
INSERT INTO `vcl`.`affiliation` (id, name, shibname, dataUpdateText,
sitewwwaddress, helpaddress, shibonly)
VALUES (2,'LDAP',null,'','','',false);
Could you please modify vcl.sql script populating affiliation table with all
the possible methods (Local, LDAP, Shibboleth, etc.)
--
Kind regards,
Natalia Watanabe
Re: Enabling LDAP Authentication Issue - Workaround
Posted by Josh Thompson <jo...@ncsu.edu>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Natalia,
Actually, the affiliation table is for defining who users are affiliated with.
For example, with the NCSU install of VCL, we have several other universities
using it. So, we have an entry where 'name' is set to 'NCSU', another entry
for 'ECU', another entry for 'WCU', and so on.
The 'name' field in that table is then what is used anywhere a userid is
entered (to add a user to a user group, to assign a user as an owner of a
resource, etc) to associate the user with the correct affiliation. Complete
userids are entered as userid@affiliation. My complete userid in the NCSU
install is jfthomps@NCSU.
It sounds like you added an entry in conf.php in the $authMechs array and set
the affiliationid in that entry to 2. Since you had no entry in the
affiliation table with an id of 2, you ran in to problems. You can set up
multiple LDAP authentication mechanisms in the $authMechs array, with each
having a different affiliationid. So, it doesn't make sense to prepopulate
the table with any entries other than ones that correspond to accounts
prepopulated in the user table.
I hope that clears things up a bit.
Josh
On Tuesday September 22, 2009, Natalia Watanabe wrote:
> Hi all,
>
>
> While enabling authentication using LDAP, I found a problem regarding user
> registration. VCL couldn't add a LDAP user because a DB constraint between
> 'user' and 'affiliation' tables. I solved it adding this entry in
> affiliation table:
>
> INSERT INTO `vcl`.`affiliation` (id, name, shibname, dataUpdateText,
> sitewwwaddress, helpaddress, shibonly)
> VALUES (2,'LDAP',null,'','','',false);
>
> Could you please modify vcl.sql script populating affiliation table with
> all the possible methods (Local, LDAP, Shibboleth, etc.)
- --
- -------------------------------
Josh Thompson
Systems Programmer
Advanced Computing | VCL Developer
North Carolina State University
Josh_Thompson@ncsu.edu
919-515-5323
my GPG/PGP key can be found at pgp.mit.edu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFKuhsDV/LQcNdtPQMRApOXAJ93iZywMtJIZ7nrU+qoEW2ETSULDQCdFf+7
fzOpQdeen6lkZzhn25zPRUM=
=6+H6
-----END PGP SIGNATURE-----