Return to Domain_Configuration_User_Creation.tex CVS log

Up to [LON-CAPA] / loncom / html / adm / help / tex

- Help files for Domain configuration (new file names better for online manual).

    1: \label{Domain_Configuration_User_Creation}
    2: Identity management in a LON-CAPA domain is dependent on settings
    3: made for user creation and user modification. Of particular concern
    4: is the potential for assignment of usernames in a format used by your
    5: institution when the username does not yet exist. In such a case,
    6: authentication is likely to be set to be \char`\"{}internal\char`\"{},
    7: and should a real user be created in the future, and be enrolled in
    8: a course by auto-enrollment, the user would either be unable to authenticate
    9: (using LON-CAPA log-in page), or would be authenticated by SSO, and
   10: have access to the original user's roles and associated information.
   11: 
   12: It is important therefore to establish format rules for new usernames
   13: so the only users created with institutional-type usernames are the
   14: real users themselves with the appropriate authentication type (Kerberos
   15: or localauth). Even without format rules, the Domain Coordinator can
   16: set who can create new users, and the authentication types that may
   17: be set in different context.
   18: 
   19: The domain-wide options available for user creation are: 
   20: 
   21: \begin{itemize}
   22: \item Activate/deactivate operation of format rule(s) for usernames 
   23: \item Activate/deactivate opration of format rule(s) for student/employee
   24: IDs 
   25: \item Activate/deactivate operation of format rule(s) which prohibit self-created
   26: accounts using certain types of e-mail address as the username.
   27: \item Control which types of username (official or non-official) may be
   28: used when creating new users in course or author context 
   29: \item Control which types of user may create their own accounts in LON-CAPA 
   30: \item Control which types of authentication may be used when assigning authentication
   31: to new users in author, course or domain context
   32: \end{itemize}
   33: The format rules themselves are defined by customizing the following
   34: routines in localenroll.pm: 
   35: 
   36: \begin{itemize}
   37: \item usernames: \&username\_rules() and \&username\_check()
   38: \item IDs: \&id\_rules() and \&id\_check()
   39: \item self-created accounts: \&selfcreate\_rules() and \&selfcreate\_check()
   40: \end{itemize}
   41: The first two of these - username and ID check, when enforced, require
   42: that if a username and/or ID of the activated formats is to be used
   43: in LON-CAPA, they must exist in the institutional directory. If they
   44: exist, the corresponding user information (first name, middle name,
   45: last name, e-mail address) will be used when creating the new user
   46: account. If they do not exist, account creation will not occur.
   47: 
   48: The third one operates in the opposite manner - if a user attempts
   49: to self-create an account employing a username with an e-mail address
   50: in a format which matches the rule, the action does not proceed, and
   51: the user is directed to create an account with the corresponding institutional
   52: log-in. In this case account creation can only occur once the user
   53: has authenticated using that login.