Hi Josh, I'm still seeing 4 hours in the drop down when creating a reservation, I'd like for it to only go up to 2 hours but give the option to extend up to 1 hour. Total max time I set to 4 hours for the group that my userid is in. Do I need to change something manually in the DB? Thank you
On Mon, Aug 4, 2014 at 12:30 PM, Josh Thompson <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > David, > > Look over the "Mirroring LDAP User Groups" section on this page: > > http://vcl.apache.org/docs/ldapauth.html > > You have to actually modify the php code as described there to get groups > from > LDAP (AD) mirrored into your VCL system. > > Once set up, when a user logs in to VCL, some information about him is > pulled > from LDAP. That includes user group membership if your LDAP system makes > that > available. The list of user groups of which the user is a member are > parsed > by the function you create. Any groups that match the regular expressions > you > set up are created if they don't exist, and the user is then added to those > groups, and removed from any other LDAP based groups not in the list of > groups. > > Any user groups that are created this was have their initialmaxtime, > totalmaxtime, and maxextendtime fields set from the default values in your > database. > > The idea here is that you establish an initial set of user groups and their > privileges in VCL. Once set up, any users logging in for the first time > already have their access set up for them. > > Any user groups created from LDAP have the 'custom' field set to 0 in the > database. They show up as 'Federated' groups on the Manage Groups page. > You > are allowed to edit the group attributes, but not the membership via the > web > interface since the membership is automatically managed to reflect the LDAP > membership. > > If you aren't seeing the Federated groups on the Manage Groups page, you > need > to add the "Manage Federated User Groups" user group permission to one of > your > user groups on the Privileges->Additional User Permissions page. > > I've never managed the LDAP server end of this. So, I can't provide any > guidance on how to set up the groups in AD or something like Open LDAP. > > Josh > > On Monday, August 04, 2014 11:29:10 AM David DeMizio wrote: > > Hello, > > > > I'm just now getting into setting up groups and privileges as I'm going > to > > put a small lab in Prod just containing linux images. I read a couple of > > post on Ldap but I'm still not clear on the correlation between the > Manage > > groups menu from VCL interface and the LDAP groups. I noticed that Manage > > groups allow you to set initial max time and so forth, so how do I > > associate a particular AD group or AD user with a group in VCL so I can > > set these initial max times etc.. I want initial max time to be 2 hours > but > > the ability for students to extend up to 1 hour, total of 3 hours. Thank > > you > - -- > - ------------------------------- > Josh Thompson > VCL Developer > North Carolina State University > > my GPG/PGP key can be found at pgp.mit.edu > > All electronic mail messages in connection with State business which > are sent to or received by this account are subject to the NC Public > Records Law and may be disclosed to third parties. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.22 (GNU/Linux) > > iEYEARECAAYFAlPftSQACgkQV/LQcNdtPQONrwCdFHnuRxcpalNEHPHhvHHMlDb2 > I6kAn0SMkLFw8j+iarOscu9halcPuNHt > =4WjI > -----END PGP SIGNATURE----- > >
