Users are created with stub accounts if not in UserValidation if the user can login via LDAP or RemoteAuth
When a user logs in via LDAP or RemoteAuth the first time, their account is created with their Username copied in the LibraryID field. They are shown the NewAuthRegistration.html page, but if the site is using CourseUser loads and the username is not in the UserValidation table yet, the user is stuck with a stub account if the site is passing through the uservalidation data as hidden in the registration page. Later, a user cannot come in via LTI (because their ExternalUserID is blank) and cannot come in via the webpages (they are still sent to the registration page, but when the values are passed through as hidden values, the page isn't pulling from UserValidation anymore it's pulling from the Users table, where all those values are blank.
Sometimes a user's LDAP or RemoteAuth will be working before they have been entered into the UserValidation table via the registrar's office. These users get stuck with this stub account and staff have to either manually flesh it out by coping over data from UserValidation or they have to delete the user so that they can come in fresh to create an account after they are in the UserValidation table.
Is it possible that a user who is stuck at Cleared=New would not only be sent back to the NewAuthRegistration page, but that the page would also pull from the UserValidation table to replace all values other than the username field?
Angela Mott
shared this idea
-
One solution is that we can remove the ability for a user to have a stub account created if there is no record in UserValidation. If the user can’t have that lame duck account, it would keep them from being stuck. Then when the account exists in UserValidation, it would work as expected. The error message would also say “User record does not exist in reserves system. Please contact staff” or something to that effect.
There is a key for CourseUserLoadEnabled. If a site isn’t using that option, then their LDAP/remoteauth authentication would work per usual and allow the user to fill out their own information on the registration page.
Does that sound like it would work for everyone?
