- Posts: 12
- Thank you received: 1
Welcome to the LimeSurvey Community Forum
Ask the community, share ideas, and connect with other LimeSurvey users!
How to set everyone to use LDAP auth with DB update query?
- fpicabia
- Topic Author
- Offline
- New Member
Less
More
7 years 7 months ago #141275
by fpicabia
How to set everyone to use LDAP auth with DB update query? was created by fpicabia
Somehow the upgrade from 2.05 to 2.50 touched the " Use LDAP authentication" selection for some people.
I'm looking for a way to repair it from the database end.
It looks like I need auth_ldap permission in lime_permissions set with read_p as '1'.
Some users have the auth_ldap record, and others don't, so a simple update command doesn't fix all.
How can I walk through the userids over some minimum value and insert the right sequence for each?
This is in postgres.
I'm looking for a way to repair it from the database end.
It looks like I need auth_ldap permission in lime_permissions set with read_p as '1'.
Some users have the auth_ldap record, and others don't, so a simple update command doesn't fix all.
How can I walk through the userids over some minimum value and insert the right sequence for each?
This is in postgres.
The topic has been locked.
- fpicabia
- Topic Author
- Offline
- New Member
Less
More
- Posts: 12
- Thank you received: 1
7 years 7 months ago #141385
by fpicabia
Replied by fpicabia on topic How to set everyone to use LDAP auth with DB update query?
I have seen a legacy user who has the Global Permission checked for "Use LDAP authentication" on the admin web page. Yet searching on all settings in lime_permissions table for their uid, I do not see a row with "auth_ldap". New users set up on the system do have auth_ldap permission added. What is the other value in the backend which can cause "Use LDAP authentication" to be switched on? The example I saw with the option checked yet not via the DB value for auth_ldap had over one hundred of lime_permissions values. So it is hard to guess what does it.
The topic has been locked.
- fpicabia
- Topic Author
- Offline
- New Member
Less
More
- Posts: 12
- Thank you received: 1
7 years 7 months ago #141474
by fpicabia
Replied by fpicabia on topic How to set everyone to use LDAP auth with DB update query?
OK, no one provided info on how the LDAP was selected for some users already while they did not have the record in lime_permissions table for auth_ldap (I am typing this in lower case and the forum software is changing it to uppercase).
My solution was to make a Unix shell script which generated lines like this:
insert into lime_permissions (entity_id,uid,permission,read_p,entity) values ('0', '254', 'auth_ldap', '1', 'global');
The uid (254 in example) was a variable in a shell script for loop. Then I read that file into psql with \i filename.
In a legacy user which already had LDAP checked in the user interface but did not have the matching attribute in lime_permissions table, adding the new row didn't hurt authentication.
My solution was to make a Unix shell script which generated lines like this:
insert into lime_permissions (entity_id,uid,permission,read_p,entity) values ('0', '254', 'auth_ldap', '1', 'global');
The uid (254 in example) was a variable in a shell script for loop. Then I read that file into psql with \i filename.
In a legacy user which already had LDAP checked in the user interface but did not have the matching attribute in lime_permissions table, adding the new row didn't hurt authentication.
The topic has been locked.
- holch
- Offline
- LimeSurvey Community Team
Less
More
- Posts: 11655
- Thank you received: 2742
7 years 7 months ago #141553
by holch
I answer at the LimeSurvey forum in my spare time, I'm not a LimeSurvey GmbH employee.
No support via private message.
Replied by holch on topic How to set everyone to use LDAP auth with DB update query?
I think there are not that many on the forum that use this feature, so this is probably why you haven't received an answer yet.
I answer at the LimeSurvey forum in my spare time, I'm not a LimeSurvey GmbH employee.
No support via private message.
The topic has been locked.