LON-CAPA Help
Identity management in a LON-CAPA domain is dependent on settings
made for user creation and user modification. Of particular concern
is the potential for assignment of usernames in a format used by your
institution when the username does not yet exist. In such a case,
authentication is likely to be set to be "internal",
and should a real user be created in the future, and be enrolled in
a course by auto-enrollment, the user would either be unable to authenticate
(using LON-CAPA log-in page), or would be authenticated by SSO, and
have access to the original user's roles and associated information.
It is important therefore to establish format rules for new usernames
so the only users created with institutional-type usernames are the
real users themselves with the appropriate authentication type (Kerberos
or localauth). Even without format rules, the Domain Coordinator can
set who can create new users, and the authentication types that may
be set in different context.
The domain-wide options available for user creation are:
- Activate/deactivate operation of format rule(s) for usernames
- Activate/deactivate operation of format rule(s) for student/employee
IDs
- Control which types of username (official or non-official) may be
used when creating new users in course or author context
- Control which types of authentication may be used when assigning authentication
to new users in author, course or domain context
The format rules themselves are defined by customizing the following
routines in localenroll.pm:
- usernames: &username_rules() and &username_check()
- IDs: &id_rules() and &id_check()
When enforced the user name and ID rules require that if a username
and/or ID which matches the format for an active rule is to be used
in LON-CAPA, they must exist in the institutional directory. If they
exist, the corresponding user information (first name, middle name,
last name, e-mail address) will be used when creating the new user
account. If they do not exist, account creation will not occur.