[Using Sakai] Sakai 2.6.x, LDAP and withdrawing studentry -- best practices?

Wed Feb 3 08:48:21 PST 2010

Hi Will!

We reset users password on a daily basis, typically at late night
hours. Also, on our custom provider, we return "false" to "boolean
authenticateWithProviderFirst(String eid)".

This means that:

   - Sakai will look for users on SAKAI_USER table first (reduce LDAP load);
   - If an user change his password on LDAP, no problem, authentication on
   SAKAI_USER will fail => provider will be used and user is logged in;
   - If an user is removed or made inactive on LDAP, he won't be able to
   login after daily password reset.

Regarding the SAKAI_USER password, I think this is set whenever an user
successfully authenticates with LDAP - but must confirm in code.

Hope it helps,
Nuno

On Wed, Feb 3, 2010 at 4:33 PM, will at serensoft.com <will at serensoft.com>wrote:

> Interesting -- so you don't have Sakai ping your LDAP server, you just
> create Sakai users for all your LDAP users.
>
> What kind of issues do you have when a student withdraws? You could zap the
> LDAP entry and also change the Sakai password, then have all the instructors
> remove or inactivate the student...
>
> Is that how it works? (I can see IT grinding their teeth at having to
> update two systems instead of just one...)
>
>
> On Tue, Feb 2, 2010 at 4:19 PM, Feliz Gouveia <fribeiro at ufp.edu.pt> wrote:
>
>>
>> Will,
>>
>> We create a Sakai account for each ldap account and synchronize
>> periodically. As users get created in Sakai, they always show up - we found
>> no problems with this approach. The only requirement is that we get the
>> information to create the accounts from our SIS.
>> Nuno can send you the details.
>>
>> Feliz
>>
>>
>> On 2 February 2010 19:24, will at serensoft.com <will at serensoft.com> wrote:
>>
>>> Sent this to DEV list, should have sent it here :)
>>>
>>>
>>>
>>>
>>> Short version:
>>>
>>> Are there any "best Sakai practices" when it comes to withdrawing
>>> LDAP-authenticated students?
>>>
>>>
>>> Long version:
>>>
>>> We've got Sakai 2.6.x hooked up to an LDAP server. Student 'bob' gets
>>> authenticated via LDAP to Sakai, logs in, takes tests and quizzes, turns in
>>> assignments... for a few weeks.
>>>
>>> Then 'bob' quits school.
>>>
>>> Other students continue, taking more tests, more assignments.
>>>
>>> The IT folks notice that just by disabling the LDAP entry, Sakai no
>>> longer shows that student in "Site Info" or the "Gradebook". One fell swoop,
>>> all taken-care-of. All the data inside Sakai, including sakai_site_user.*,
>>> remains as it was. But now, worksite maintainers can't find 'bob' listed to
>>> 'inactivate' or 'remove' him from their worksites.
>>>
>>> Is the best idea to re-activate the LDAP account, have all worksites
>>> 'deactivate' (or remove?) the student, and then turn the LDAP entry off
>>> again?
>>>
>>> --
>>> will trillich
>>> "The ancestor of every action is a thought" -- Ralph Waldo Emerson
>>>
>>>
>>> _______________________________________________
>>> sakai-user mailing list
>>> sakai-user at collab.sakaiproject.org
>>> http://collab.sakaiproject.org/mailman/listinfo/sakai-user
>>>
>>> TO UNSUBSCRIBE: send email to
>>> sakai-user-unsubscribe at collab.sakaiproject.org with a subject of
>>> "unsubscribe"
>>>
>>
>>
>>
>> --
>> Feliz Ribeiro Gouveia
>>
>> Universidade Fernando Pessoa            http://www.ufp.pt
>> Centro de Recursos Multimediaticos      Tel 351-22.507.13.06
>> M.I.N.D. Lab                            Fax 351-22.550.82.69
>> Pr 9 de Abril 349                       fribeiro at ufp.edu.pt
>> P-4249-004 Porto
>>
>
>
>
> --
> will trillich
> "The ancestor of every action is a thought" -- Ralph Waldo Emerson
>
> _______________________________________________
> sakai-user mailing list
> sakai-user at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-user
>
> TO UNSUBSCRIBE: send email to
> sakai-user-unsubscribe at collab.sakaiproject.org with a subject of
> "unsubscribe"
>

-- 
Nuno Fernandes

Profile    | http://facebook.com/nfgrilo | http://linkedin.com/in/nfgrilo
Web      | http://codingwithcoffee.com | http://twitter.com/nfgrilo
Work     | Analyst/Programmer @ UFP-UV [http://elearning.ufp.pt]
             | Analyst/Programmer @ Sakai Foundation [
http://sakaiproject.org]
             | Sakai Fellow 2008 @ Sakai Foundation [
http://confluence.sakaiproject.org//x/6oCTAQ]
Address | Universidade Fernando Pessoa  [http://www.ufp.pt]
             | Praça 9 de Abril, 349    | 4249-004 Porto
             | tel: + 351 22 507 13 00 | fax: + 351 22 550 82 69
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-user/attachments/20100203/18a31f4c/attachment.html 