[Using Sakai] Sakai Instructor Roles/Permissions
Laura McCord
mccordl at southwestern.edu
Thu Aug 6 14:30:36 PDT 2009
I'm still having difficulties mapping the user type to our ldap user
attribute. I use the same attribute in our uPortal instance without any
problems but when I include this attribute as a value to the key,
groupMembership; nothing happens. Even when I set the default to be
'student' if nothing is found, still nothing appears. I'm using Sakai
version 2.5.4 if that helps.
Any further suggestions?
This is what my jldap file looks like:
...
<property name="ldapAttributeMapper">
<ref
bean="edu.amc.sakai.user.LdapAttributeMapper" />
</property>
<property name="attributeMappings">
<map>
<entry
key="login"><value>uid</value></entry>
<entry
key="distinguishedName"><value>fullName</value></entry>
<entry
key="firstName"><value>givenName</value></entry>
<entry
key="lastName"><value>sn</value></entry>
<entry
key="email"><value>mail</value></entry>
<entry
key="groupMembership"><value>eduPersonAffiliation</value></entry>
</map>
</property>
</bean>
<bean id="edu.amc.sakai.user.LdapAttributeMapper"
class="edu.amc.sakai.user.SimpleLdapAttributeMapper"
init-method="init"
singleton="true">
<property name="attributeMappings">
<map>
<entry
key="login"><value>uid</value></entry>
<entry
key="firstName"><value>givenName</value></entry>
<entry
key="lastName"><value>sn</value></entry>
<entry
key="email"><value>mail</value></entry>
<entry
key="groupMembership"><value>eduPersonAffiliation</value></entry>
</map>
</property>
<property name="userTypeMapper">
<!-- Select one of the following beans -->
<!-- ref
bean="edu.amc.sakai.user.EmptyStringUserTypeMapper" /-->
<ref
bean="edu.amc.sakai.user.EntryAttributeToUserTypeMapper" />
<!-- ref
bean="edu.amc.sakai.user.EntryContainerRdnToUserTypeMapper" /-->
</property>
</bean>
<!-- EmptyStringUserTypeMapper assigns gives all users an
empty string as their Sakai "type" -->
<bean id="edu.amc.sakai.user.EmptyStringUserTypeMapper"
class="edu.amc.sakai.user.EmptyStringUserTypeMapper"
singleton="true" />
<bean id="edu.amc.sakai.user.EntryAttributeToUserTypeMapper"
class="edu.amc.sakai.user.EntryAttributeToUserTypeMapper"
singleton="true">
<property name="attributeValueToSakaiUserTypeMap">
<map>
<entry
key="faculty"><value>faculty</value></entry>
<entry
key="student"><value>student</value></entry>
</map>
</property>
<property name="logicalAttributeName">
<value>eduPersonAffiliation</value>
</property>
<!-- Optional. Defaults to false -->
<!-- <property
name="returnLiteralAttributeValueIfNoMapping">
<value>false</value>
</property>
-->
<property name="defaultSakaiUserType">
<value>student</value>
</property>
</bean>
<bean id="edu.amc.sakai.user.EntryContainerRdnToUserTypeMapper"
class="edu.amc.sakai.user.EntryContainerRdnToUserTypeMapper"
singleton="true">
<!-- Optional. Maps between container RDN values and
Sakai user types -->
<!-- property name="rdnToSakaiUserTypeMap">
<map>
<entry
key="facultyStaff"><value>faculty</value></entry>
<entry
key="students"><value>student</value></entry>
</map>
</property -->
<!-- Optional. Defaults to false. -->
<!-- property name="returnLiteralRdnValueIfNoMapping">
<value>false</value>
</property -->
</bean>
<!-- /// End Sample UserTypeMapper Beans /// -->
</beans>
John Leasia wrote:
> Yes that's correct - the account types have to be different in order
> to be able to perrmit site.add for one type and not permit it for the
> other. You will also want to create (if not already there)
> !user.template.<accounttype> realms for each account type you use
> (using the Admin Realms tool)
>
> John
>
> Laura McCord wrote:
>> I only have the following set for site permissions under !user.template
>> -> .auth:
>> site.add.usersite
>>
>> However, if I include site.add here then that means that students would
>> be able to add courses too, right? If this is true then I'll have to
>> figure out how to differentiate between a student, staff, or faculty member.
>>
>> Thanks,
>> Laura
>>
>>
>> John Leasia wrote:
>>
>>> If the account type is empty, then the account should be checking the
>>> !user.template realm for determining whether they can create sites or
>>> not (via the site.add or site.add.course permission for the .auth role
>>> in that realm). If you put in some account type for the user, then it
>>> will pick up the permission from the !user.template.<accounttype>
>>> realm if there is one, otherwise it should check just !user.template.
>>>
>>> What site.* permissions do you have set for the .auth role in the
>>> !user.template realm?
>>>
>>> John
>>>
>>> Laura McCord wrote:
>>>
>>>> No, that didn't work. I'm wondering if it is an LDAP issue like you
>>>> suggest. When I look under 'Account' while I'm logged in as a faculty
>>>> member I get an empty User Type. Should this be populated with 'faculty'
>>>> or 'Instructor'? How is this information populated?
>>>>
>>>> Thanks,
>>>> Laura
>>>>
>>>>
>>>>
>>>> Kara Stiles wrote:
>>>>
>>>>
>>>>> site.add.course doesn't exist until 2.6.
>>>>>
>>>>> In 2.5 and other prior versions, all you need in order to create a course site is the site.add perm in your !user.template.xxxxx realm.
>>>>>
>>>>> If that doesn't work and you try the memory trick (step 5 below), it might be LDAP related.
>>>>>
>>>>> This config change may prove upsetting to some if your faculty members have the same user account type as the students. :)
>>>>>
>>>>> Kara Stiles
>>>>> Senior Functional Consultant
>>>>> rSmart
>>>>> http://www.rsmart.com
>>>>> ICQ: 396517169
>>>>>
>>>>> ----- Original Message -----
>>>>> From: "Laura McCord" <mccordl at southwestern.edu>
>>>>> To: "Kara Stiles" <kara.stiles at rsmart.com>
>>>>> Sent: Tuesday, August 4, 2009 9:55:46 AM GMT -07:00 U.S. Mountain Time (Arizona)
>>>>> Subject: Re: [Using Sakai] Sakai Instructor Roles/Permissions
>>>>>
>>>>> Hi Kara,
>>>>>
>>>>> Yes, I remember you. You came down here with Kim, right? So glad to hear
>>>>> from you.
>>>>>
>>>>> Thanks for the help. I did notice that I do not have a site.add.course
>>>>> permission setting. I only have the following permissions for site: Do
>>>>> I need to create a permission? If so, how do I do that?
>>>>>
>>>>> site.add
>>>>>
>>>>> site.add.usersite
>>>>>
>>>>> site.del
>>>>>
>>>>> site.upd
>>>>>
>>>>> site.upd.grp.mbrshp
>>>>>
>>>>> site.upd.site.mbrshp
>>>>>
>>>>> site.viewRoster
>>>>>
>>>>> site.visit
>>>>>
>>>>> site.visit.unp
>>>>>
>>>>>
>>>>> -Laura
>>>>>
>>>>> Kara Stiles wrote:
>>>>>
>>>>>
>>>>>
>>>>>> Hi Laura,
>>>>>>
>>>>>> I remember meeting you long ago when I was a new staff member at Unicon.
>>>>>>
>>>>>> I'm at rSmart now.
>>>>>>
>>>>>> The user's ability to create new sites depends on the site.add and the site.add.course permission.
>>>>>>
>>>>>> 1. Go to the Realms tool in the admin workspace
>>>>>> 2. Locate and select the !user.template.maintain realm (Alternatively, if your faculty members have the "registered" account type, you should select !user.template.registered instead)
>>>>>> 3. Locate and select the .auth role
>>>>>> 4. Click the site.add box and the site.add.course box and save your changes
>>>>>> 5. You may need to go to the memory tool in the admin space and clear all caches for this to take immediate effect.
>>>>>>
>>>>>> Thanks,
>>>>>> Kara
>>>>>>
>>>>>> Kara Stiles
>>>>>> Senior Functional Consultant
>>>>>> rSmart
>>>>>> http://www.rsmart.com
>>>>>> ICQ: 396517169
>>>>>>
>>>>>> ----- Original Message -----
>>>>>> From: "Laura McCord" <mccordl at southwestern.edu>
>>>>>> To: sakai-user at collab.sakaiproject.org
>>>>>> Sent: Tuesday, August 4, 2009 9:17:37 AM GMT -07:00 U.S. Mountain Time (Arizona)
>>>>>> Subject: [Using Sakai] Sakai Instructor Roles/Permissions
>>>>>>
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> I need assistance with how Instructor roles are defined. When a faculty
>>>>>> member logs in they are not given permission to add a new site. How do I
>>>>>> grant them access to this ability?
>>>>>>
>>>>>> Thanks,
>>>>>> Laura
>>>>>> _______________________________________________
>>>>>> sakai-user mailing list
>>>>>> sakai-user at collab.sakaiproject.org
>>>>>> http://collab.sakaiproject.org/mailman/listinfo/sakai-user
>>>>>>
>>>>>> TO UNSUBSCRIBE: send email to sakai-user-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>> _______________________________________________
>>>> sakai-user mailing list
>>>> sakai-user at collab.sakaiproject.org
>>>> http://collab.sakaiproject.org/mailman/listinfo/sakai-user
>>>>
>>>> TO UNSUBSCRIBE: send email to sakai-user-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"
>>>>
>>>>
>>
>>
More information about the sakai-user
mailing list