[Deploying Sakai] Managing (restricting) access to courses with LDAP
steve.swinsburg at gmail.com
Mon Nov 19 15:25:21 PST 2012
You want to have a look at the group providers. These allow the membership of a site to be automatically set. There is a sample one here:
You may need to roll your own and just wire it up here:
Then configure in the site realm/site template realm.
On 20/11/2012, at 4:02 AM, Fernando Laudares Camargos <fernando at revolutionlinux.com> wrote:
> Hello again,
> I'm putting a considerable amount of time trying to figure out how things work in Sakai but still there's a bit I don't quite understand yet and that is how to restrict (or filter) access to Sakai's sites.
> I'm looking to improve the way this particular server operates, which has 500+ manually registered accounts where each user can access any of the available sites. With your guidance I've been able to integrate LDAP authentication, so now we can get rid of the local accounts and centralize identity management in an LDAP server. I know that by default I'm able to restrict LDAP authentication to a particular baseDN in the LDAP server (like uid=*,dc=users,dc=mydomain,dc=com) and that I can map attributes of LDAP accounts to attributes of Sakai accounts, which allows me for instance to use an LDAP attribute to determine the user's role within Sakai. But can I go further than that, is there a way for example to restrict access to site1 to users that are members of the LDAP group 1 (or anything similar to this) ?
> I've tried to navigate in the archives of this mailing list since I believe this question is relevant enough to have already been posted here but other than manually open each thread on http://collab.sakaiproject.org/pipermail/production/ I didn't found a solution. Is there a search engine somewhere that can be used for this ?
> Thanks for your help.
> Fernando Laudares Camargos
> Révolution Linux
> * Tout opinion et prise de position exprimée dans ce message est celle
> de son auteur et pas nécessairement celle de Révolution Linux.
> ** Any views and opinion presented in this e-mail are solely those of
> the author and do not necessarily represent those of Révolution Linux.
> production mailing list
> production at collab.sakaiproject.org
> TO UNSUBSCRIBE: send email to production-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"
More information about the production