Michael, There are a number possibilities here, but first you should investigate why there are two unityid values for mjinks. Presumably those are from different affiliations? (You may want to consider removing one of those accounts from the database). And are you certain that, when you login via Shibboleth, that the active userid (i.e. 6 or 10 in your case) is the same as the userid that you added to the adminUsers group? Also, you need to make sure that the adminUsers group has been added to the privilege tree properly within the VCL. For that, login as the admin@Local user, then go to "Privileges" and select the "VCL" node in the privilege tree. The "adminUsers@Local" group should be listed under "Users". If it isn't, add it and make sure that the privileges cascade.
If that doesn't lead to anything, I would recommend verifying that the $authMechs configuration is correct. Aaron -- Aaron Coburn Systems Administrator and Programmer Academic Technology Services, Amherst College [email protected] On Sep 4, 2012, at 3:34 PM, Michael Jinks <[email protected]> wrote: > Bumping this; I didn't hear anything back when I posted the message > below, about a week and a half ago. Also, I've since discovered that > my Shib-backed account doesn't appear to have any privileges at all; > in spite of having all the permissions boxes checked, I still don't > have access to any VM images or to any but the most basic elements of > the UI. What did I miss? > > This is on VCL 2.2.1. > > Thanks, > -m > > > On Fri, Aug 24, 2012 at 01:54:42PM -0500, Michael Jinks wrote: >> I just got back around to trying Josh's instructions for giving my Shib >> user account admin rights: >> >> On Wed, Aug 22, 2012 at 11:29:54AM -0400, Josh Thompson wrote: >>> >>> Michael, >>> >>> Probably the simplest thing to do is to add your shibboleth based user >>> to the adminUsers group directly in the database. Here's what to do: >>> >>> 1) get the id of your user: >>> SELECT id, unityid FROM user WHERE unityid = 'your_user_id_here'; >>> 2) note the returned id >>> 3) get the id of the adminUsers group: >>> SELECT id FROM usergroup WHERE name = 'adminUsers'; >>> 4) note the returned id >>> 5) add a record to the usergroupmembers table: >>> INSERT INTO usergroupmembers >>> (userid, usergroupid) VALUES >>> (id_from_step_2, id_from_step_4); >>> >>> Then, your shibboleth account should have admin access (assuming you >>> left the adminUsers group having admin access). >> >> The good news is that (with some help from our IDM folks) I have Shib >> working for my devel VCL instance, and my account is logged in currently. >> >> The bad news is that I still don't have admin rights. The only >> navigation links on the VCL page are "HOME", "New Reservation", "Block >> Allocation", "User Preferences", "Statistics", and "Logout". >> >> Not sure if this is relevant or not, but when I did step 1 above, I got >> two records back instead of one: >> >> +----+---------+ >> | id | unityid | >> +----+---------+ >> | 6 | mjinks | >> | 10 | mjinks | >> +----+---------+ >> >> When I tried to add them to the adminUsers group, I found that id 6 was >> already there, probably as a result of my previous efforts to get this >> working. I added id 10 as well, but that didn't make any difference. >> >> I'm able to use the "Logout" button and log back in as a local admin, >> thank goodness... When I go to the "Privileges" page, I find that >> "Cascade to Child Nodes" is set for the adminUsers@Local group, and >> permissions there are a Christmas tree, all boxes checked. >> >> Any idea what else I might have missed? >> >> Thanks as always. >> >> --Michael > > -- > Michael Jinks :: [email protected] :: 773-469-9688 > University of Chicago IT Services
