Thanks Josh, I have set the values as you suggested and created a few extra regular expression. So if the user does not match any for my regular expressions which group does it get put in to? global@local?
On Mon, Aug 11, 2014 at 2:46 PM, Josh Thompson <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > David, > > Just to be clear, I think you're saying you only want to see a max of 2 > hours > in the initial drop down. Then, you want to be able to extend a > reservation > by up to 1 hour increments, but be able to do that twice to reach a max > duration of 4 hours. If that's correct, make sure you have the following > values set: > > Initial Max Time: 2 hours > Total Max Time: 4 hours > Max Extend Time: 1 hour > > Make sure those are set, and then log out/back in. If you're still seeing > greater values than that, your userid is probably in a user group you don't > have access to manage. You can look in the database to be sure. Look in > the > user table to get the user.id. Then, look in the usergroupmembers table > to > find all of the usergroupids of which the user is a member. Finally, look > in > the usergroup table to see the times set for each of those user groups. > > Of all of a user's groups, the one with the greatest values is what is > used. > One other thing to check is the image.maxinitialtime field. But, that can > only be set directly in the database. So, I doubt it is the issue. > > Josh > > On Monday, August 11, 2014 1:36:12 PM David DeMizio wrote: > > Hi Josh, > > > > I'm still seeing 4 hours in the drop down when creating a reservation, > I'd > > like for it to only go up to 2 hours but give the option to extend up to > 1 > > hour. Total max time I set to 4 hours for the group that my userid is in. > > Do I need to change something manually in the DB? Thank you > > > > > > > > > > On Mon, Aug 4, 2014 at 12:30 PM, Josh Thompson <[email protected]> > > > > wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > > > Hash: SHA1 > > > > > > David, > > > > > > Look over the "Mirroring LDAP User Groups" section on this page: > > > > > > http://vcl.apache.org/docs/ldapauth.html > > > > > > You have to actually modify the php code as described there to get > groups > > > from > > > LDAP (AD) mirrored into your VCL system. > > > > > > Once set up, when a user logs in to VCL, some information about him is > > > pulled > > > from LDAP. That includes user group membership if your LDAP system > makes > > > that > > > available. The list of user groups of which the user is a member are > > > parsed > > > by the function you create. Any groups that match the regular > expressions > > > you > > > set up are created if they don't exist, and the user is then added to > > > those > > > groups, and removed from any other LDAP based groups not in the list of > > > groups. > > > > > > Any user groups that are created this was have their initialmaxtime, > > > totalmaxtime, and maxextendtime fields set from the default values in > your > > > database. > > > > > > The idea here is that you establish an initial set of user groups and > > > their > > > privileges in VCL. Once set up, any users logging in for the first > time > > > already have their access set up for them. > > > > > > Any user groups created from LDAP have the 'custom' field set to 0 in > the > > > database. They show up as 'Federated' groups on the Manage Groups > page. > > > > > > You > > > > > > are allowed to edit the group attributes, but not the membership via > the > > > web > > > interface since the membership is automatically managed to reflect the > > > LDAP > > > membership. > > > > > > If you aren't seeing the Federated groups on the Manage Groups page, > you > > > need > > > to add the "Manage Federated User Groups" user group permission to one > of > > > your > > > user groups on the Privileges->Additional User Permissions page. > > > > > > I've never managed the LDAP server end of this. So, I can't provide > any > > > guidance on how to set up the groups in AD or something like Open LDAP. > > > > > > Josh > > > > > > On Monday, August 04, 2014 11:29:10 AM David DeMizio wrote: > > > > Hello, > > > > > > > > I'm just now getting into setting up groups and privileges as I'm > going > > > > > > to > > > > > > > put a small lab in Prod just containing linux images. I read a > couple of > > > > post on Ldap but I'm still not clear on the correlation between the > > > > > > Manage > > > > > > > groups menu from VCL interface and the LDAP groups. I noticed that > > > > Manage > > > > groups allow you to set initial max time and so forth, so how do I > > > > associate a particular AD group or AD user with a group in VCL so I > can > > > > set these initial max times etc.. I want initial max time to be 2 > hours > > > > > > but > > > > > > > the ability for students to extend up to 1 hour, total of 3 hours. > Thank > > > > you > > > > > > - -- > > > - ------------------------------- > > > Josh Thompson > > > VCL Developer > > > North Carolina State University > > > > > > my GPG/PGP key can be found at pgp.mit.edu > > > > > > All electronic mail messages in connection with State business which > > > are sent to or received by this account are subject to the NC Public > > > Records Law and may be disclosed to third parties. > > > -----BEGIN PGP SIGNATURE----- > > > Version: GnuPG v2.0.22 (GNU/Linux) > > > > > > iEYEARECAAYFAlPftSQACgkQV/LQcNdtPQONrwCdFHnuRxcpalNEHPHhvHHMlDb2 > > > I6kAn0SMkLFw8j+iarOscu9halcPuNHt > > > =4WjI > > > -----END PGP SIGNATURE----- > - -- > - ------------------------------- > Josh Thompson > VCL Developer > North Carolina State University > > my GPG/PGP key can be found at pgp.mit.edu > > All electronic mail messages in connection with State business which > are sent to or received by this account are subject to the NC Public > Records Law and may be disclosed to third parties. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.22 (GNU/Linux) > > iEYEARECAAYFAlPpD4gACgkQV/LQcNdtPQMAZwCeIMrUOp+QIT9n3W1ROj4VPleC > WUcAni11PYcSpDuSKqGYY3EqEsskq0WI > =3OlW > -----END PGP SIGNATURE----- > >
