Forums | Mahara Community

Support /
Authenticated method changes automatically


Kristina Hoeppner's profile picture
Posts: 4863

19 May 2022, 13:38

Hi Juan,

Instead of setting up LDAP in 'No institution', you would set it up in your proper institution. The setup steps are the same. Since you already have a lot of people on your site, you can move them via the database into that institution and associate it with the 'new' LDAP so that they don't get any notifications about this change. You would need to change their institution affiliation as well as the ID of their authentication instance.

The long, non-database way would be:

  1. Add people to the new institution. They will receive an email.
  2. Change their authentication method in bulk to the new LDAP. Since it's an external auth method, you don't have to worry about setting a password.

Cheers

Kristina

Juan Menéndez's profile picture
Posts: 36

19 May 2022, 19:10

Hi Kristina


The solutions you propose solve the problem for users who have already logged into my Mahara site at least once, but it does not solve the problem for new users who log in in the future because they will continue to automatically join the "No institution" area. .

However, I suppose there is no way that new users who log in to the site automatically join an institution and not the "No institution" area.

Thank you very much.


Greetings


Juan

Kristina Hoeppner's profile picture
Posts: 4863

20 May 2022, 7:39

Hi Juan,

If you set up LDAP in an institution, new people will join that institution automatically instead of 'No institution' because the authentication method is associated with that institution rather than 'No institution'. Of course, once you've made the institution change, you should remove the LDAP authentication from 'No institution' or Mahara won't know where to put people.

You will only be able to delete an authentication method once nobody is associated with it any more. That's a good test to make sure that you've moved everyone to the new LDAP auth in the institution.

Cheers

Kristina

Juan Menéndez's profile picture
Posts: 36

20 May 2022, 10:09

Hi Kristina,


This new proposal that you tell me now, I think is the one that solves my problem completely.

Thank you very much for your help, for your comments and for your kindness.

Cheers

Juan :-)

Juan Menéndez's profile picture
Posts: 36

22 May 2022, 10:38

Hi Kristina,

I've been thinking that maybe there is an easier way to get all the users on my Mahara site to join a new institution with LDAP authentication (which is not the "No institution" area).

The steps to follow would be:
1. Close my Mahara site temporarily
2. Create a new institution and configure in it the same LDAP authentication that was previously configured in the "Non-institution" area.
3. Delete the LDAP authentication from the "No institution" area.
4. Reopen my Mahara site

This way, I suppose, every time an existing user authenticates, they will automatically join the new institution.

This is correct?
Is there a danger that I don't know about?


I'd like to know your opinion before I do something I might regret.

Thank you very much

Cheers

Juan

Kristina Hoeppner's profile picture
Posts: 4863

23 May 2022, 8:28

Hi Juan,

In general, the steps are correct. However, you first need to switch everybody who is already authenticating to the institution and assign them the new LDAP authentication method. You will not be able to delete the one in 'No institution' unless nobody is associated with it any more.

The steps would be:

  1. Close the site.
  2. Set up the new institution. Note down its shortname.
  3. Set up the new LDAP authentication in the proper institution. Check the database for the ID number of that authentication instance.
  4. In the database, change the institution for everyone to the new one.
  5. In the database, change the authentication method for everyone formerly on LDAP in 'No institution' to LDAP in the proper institution by giving those accounts the ID of the new authentication method.
  6. Remove LDAP from 'No institution'. You can only do that if nobody is associated with that authentication instance any more.
  7. Open the site again.
  8. Check a couple of accounts that they can still log in.

Changing things via the database is the easiest if you have to move a lot of people because then you can do so via a database query rather than via multiple screens on the interface.

Cheers

Kristina

Juan Menéndez's profile picture
Posts: 36

23 May 2022, 10:02

Hi Kristina,

I think now I have all the information I need to solve the problem I mentioned at the beginning of this forum.

It is very important for me to know that I can always have the help of the Mahara team when I have a problem, especially Kristina ;-)

Thank you very much

Juan

Kristina Hoeppner's profile picture
Posts: 4863

24 May 2022, 13:57

Thank you, Juan. It just happened to be something that doesn't require technical expertise or you'd have heard from Robert or Doris or another developer on the Catalyst team. :-)

In general, we do not work much with LDAP any more as most organisations we work with have switched to SSO via SAML, Shibboleth, Azure AD and the like, thus using the SAML authentication method. You would have seen that it received a number of additions over the last couple of years due to that. There's a lot that can be done, also if you bring web services.

Cheers

Kristina

18 results