vcl-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aaron Coburn <acob...@amherst.edu>
Subject Re: Unable to add new users to new group
Date Tue, 21 Aug 2012 20:25:35 GMT
Arbin,
I assume you are adding users who have not previously logged in to the VCL.

if you are using version 2.3, this is easy. You should simply make sure you have this line
in .ht-inc/conf.php:

  define("ALLOWADDSHIBUSERS", 1);

if you are using version 2.2.1, it is still possible, but much more complicated.
You will need to define a function in the $affilValFunc array. All of this configuration happens
in the conf.php file.

Something like this:

  $affilValFunc[$affiliationid] = create_function('', 'return 1;');

you will also need to define a function for the $addUserFunc and $addUserFuncArgs arrays.
The function should be something like the existing addShibUser() function, but it needs to
have this signature:

  int myAddShibUserFunc(int affiliationid, string username);

This function should take an affiliation ID and a username (the username will be the part
of an EPPN before the @ sign) and add that user directly to the database. Use addShibUser()
as a template, just ignoring the values for email, first and last name. The function should
return NULL on error.

That is to say:

  function myAddShibUserFunc($affilid, $username){
    // SQL query adding user to the database
    if($success){
      return $new_user_id;
    } else {
      return NULL;
    }
  }

  $addUserFuncArgs[$affiliationid] = 'myAddShibUserFunc';

Also, the $addUserFuncArgs array should be defined like this:

  $addUserFuncArgs[$affiliationid] = $affiliationid;

I should also note that the affiliationID value used in these definitions should be the positive
integer found in the database, not the "0" value used in $authMechs.

That said, this is all much less error-prone if done with version 2.3.

Alternately, if you are using 2.2.1, you can simply inform users that they must first login
before they are added to groups (if you want manual control over such things), or you can
modify shibauth/index.php to automatically add all users to particular groups, possibly based
on shibboleth attributes. For that, you would need a line such as:

  updateGroups(array(getUserGroupID('My Group Name', $affilid)), $usernid);

in shibauth/index.php

Hope that helps.

Aaron



--
Aaron Coburn
Systems Administrator and Programmer
Academic Technology Services, Amherst College
acoburn@amherst.edu<mailto:acoburn@amherst.edu>






On Aug 21, 2012, at 3:48 PM, Sanders, Arbin D wrote:

Hello all,

I am having an issue adding new user to a newly created VCL group. In the past, we were connected
via LDAP but as of now, we are using Shibboleth to authenticate our users. Would this affect
anything?

Arbin Darren Sanders

Information Technology Manager – Academic Support Services
Information Technology Services
North Carolina Central University
712 Cecil Street
Suite 3014
Durham, NC 27707
919.530.6307
919.530.5097 (Fax)


CONFIDENTIALITY: This email (including any attachments) may contain confidential, proprietary
and privileged information, and unauthorized disclosure or use is prohibited. If you received
this email in error, please notify the sender and delete this e-mail from your system.


______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
______________________________________________________________________


Mime
View raw message