[Using Sakai] ldap question

Anders Nordkvist anders.nordqvist at his.se
Thu Apr 17 00:22:00 PDT 2014 


From: Steve Swinsburg [mailto:steve.swinsburg at gmail.com]
Sent: den 16 april 2014 14:16
To: Anders Nordkvist
Cc: sakai-user at collab.sakaiproject.org
Subject: Re: [Using Sakai] ldap question

Hi Steve,

A couple of more stupid questions ☺

Hi Anders,

What I was thinking is that you could create a sakai_user record for each user so at least you are preserving first name/lastname/email in the system when they drop out of LDAP. Then disable the account (2.9 feature). The user won't be able to be added to sites and you'll have info as to who they are when doing queries on the course data. And you could later on just enable their account and reset their password to grant access the same as it was before.

Here you mean that I could create a new table in mysql with first name/lastname/email from LDAP users?

This is something I've done before, people get converted to a guest/alumni account once they leave the university etc.

As per last email, creating that record may not be necessary if the EID is enough for you to identify someone. So YMMV.
How do I know if the EID is enough to identify someone?

The bug still exists where users that just disappear (either from LDAD or being deleted) that are still in a site have their realm reference left behind and orphaned. And they are unable to be removed within the Realm UI since the user doesn't resolve to
Is this what happens in our case “have their realm reference left behind and orphaned”? But we don’t remove anything just the ldap connection. Shouldn’t there be an easy way to get the users back cause all information except the LDAP info about them are still intact?


anything. Creating the sakai_user record would fix that. Its not a big deal though, but its a bit dirty. https://jira.sakaiproject.org/browse/SAK-7775
The Jira you refere to is closed with wont fix. Im still wondering how I can create this record and get the users back if its possible?

Basically, that is what happens when a user is removed from LDAP. They can't login since their LDAP credentials are no longer valid, and Sakai won't be able to resolve them in data lookups so they will essentially disappear from the system.

If doing any of this record manipulation you'd need to be able to retrieve details from somewhere for users that have sakai_user_id_map records but don't have a sakai_user record and no longer exist in LDAP (maybe a second LDAP that doesn't get cleaned up immediately, or a database or something).
We have a database with all our users but it is MSSQL and I cant find any Sakai provider for that one. Then we have to create that I suppose. Do you think the users become visible if we use this MSSQL database?

cheers,
Steve



On Wed, Apr 16, 2014 at 5:44 PM, Anders Nordkvist <anders.nordqvist at his.se<mailto:anders.nordqvist at his.se>> wrote:
Hi Steve, and thanks for answering. As it is now we have EID on all users in the Sakai_user_id_map table in database. Which tables do you think I need to create for the users and how do I do that for them to be able to be visible in the system? Which tables are used for LDAP, and can you please explain what happens when the user is no longer available in the AD? Many questions ☺


Regards
Anders Nordkvist
System administrator
University Of Skövde
Sweden




From: Steve Swinsburg [mailto:steve.swinsburg at gmail.com<mailto:steve.swinsburg at gmail.com>]
Sent: den 16 april 2014 00:22

To: Anders Nordkvist
Cc: sakai-user at collab.sakaiproject.org<mailto:sakai-user at collab.sakaiproject.org>
Subject: RE: [Using Sakai] ldap question


If the eids are enough then maybe you don't even need the full user record created. Up to you depending on your current data.

Cheers

sent from my mobile device
On 16/04/2014 8:20 AM, "Steve Swinsburg" <steve.swinsburg at gmail.com<mailto:steve.swinsburg at gmail.com>> wrote:

No it's just something I thought of ;)

Ldap users still get a record in the map table maybe you could have a job that finds orphans and creates the other part of the record (sakai_user).

Cheers
Steve

sent from my mobile device
On 15/04/2014 11:36 PM, "Anders Nordkvist" <anders.nordqvist at his.se<mailto:anders.nordqvist at his.se>> wrote:
Thanks for answering Steve!
That sounds like a plausible solution but how can I implement it? Is there some webpage that describes something similar?


mvh
Anders Nordqvist
Systemadministratör
________________________
IT-avdelningen
Högskolan i Skövde
Box 408
541 28 Skövde
tfn 0500-44 81 78<tel:0500-44%2081%2078>
e-post anders.nordqvist at his.se<mailto:anders.nordqvist at his.se>


From: Steve Swinsburg [mailto:steve.swinsburg at gmail.com<mailto:steve.swinsburg at gmail.com>]
Sent: den 15 april 2014 13:59
To: Anders Nordkvist
Cc: sakai-user at collab.sakaiproject.org<mailto:sakai-user at collab.sakaiproject.org>
Subject: Re: [Using Sakai] ldap question

One way would be to have a process that turns that user into an internal user, then disables their account to prevent them logging in. They can still be removed from sites as normal.

This will allow you to continue to map the user did (jsmith26) onto the uuid, which is what the data is stored against, and look it up in the database.

cheers,
Steve

On Tue, Apr 15, 2014 at 9:41 PM, Anders Nordkvist <anders.nordqvist at his.se<mailto:anders.nordqvist at his.se>> wrote:
Hi everyone,

We in Skövde, Sweden, have sakai 2.9.x and use ldap for integrating users into Sakai from our Active Directory. When a user quit his/hers courses and some time has passed he or she will be removed and cannot login to Sakai anymore. The problem Is that all data from assignments that the student becomes unreachable because the student isn’t in the system anymore. I know that all information is still in Sakai but you can’t get it because the ldap connection is broken. Does anyone know how to in an easy way (if possible) get to the information? When I search in the assignment tables in the database on one of the removed students I can’t find any human readable paths to the information, everything is in binary stored in the filesystem. I have also looked for tables that store ldap information in Sakai database (mysql) but couldn’t find any. I suppose everything is stored in memory, if this is the case where can I see this?

Regards
Anders Nordkvist
System administrator
University Of Skövde
Sweden


_______________________________________________
sakai-user mailing list
sakai-user at collab.sakaiproject.org<mailto:sakai-user at collab.sakaiproject.org>
http://collab.sakaiproject.org/mailman/listinfo/sakai-user

TO UNSUBSCRIBE: send email to sakai-user-unsubscribe at collab.sakaiproject.org<mailto:sakai-user-unsubscribe at collab.sakaiproject.org> with a subject of "unsubscribe"


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-user/attachments/20140417/34a7bf35/attachment-0001.html

More information about the sakai-user mailing list