Moodle

Auth LDAP plugin Sync Users - Should discover users whom are in extauth but already exist in users table with auth type !=ldap and convert.

Details

  • Type: Improvement Improvement
  • Status: Closed Closed
  • Priority: Minor Minor
  • Resolution: Won't Fix
  • Affects Version/s: 1.9.2, 1.9.3, 1.9.4
  • Fix Version/s: None
  • Component/s: Authentication
  • Labels:
    None
  • Environment:
    Not Operating System Dependent tested with PHP 4.3 and 5.25
  • Database:
    MySQL
  • Difficulty:
    Moderate
  • Affected Branches:
    MOODLE_19_STABLE

Description

Currently when a user exists in extauth (auth='ldap' ) and in the mdl_user table but using a different
authentication method like manual that username will not be included by auth.php sync_users. Simply the
sync_users script will skip this user rather than convert the user to auth='ldap' and update.

This issue has been known to cause users whom were once in extauth not to be able to authicate via
ldap successfully because their password was not stored in user table. User
account can be switched to manual and not revisited before a student tries to login. This
condition can be taken care of by sync_users.

I created the auth_ldap_convert_users.patch against my source and auth/ldap/auth.php Branch: MOODLE_19_STABLE .

Just thought I should share this idea with others whom may want to avoid allot of help desk calls over
students not being able to login due to users not being converted to the correct active/default authentication method.

Here is an overview of a test sync and exactly what will happen during auth_ldap_sync_users .

Configuring temp table
Creating temp table mdl_extuser
Connecting to ldap...
Search Filter: (&(sAMaccountName=*) (objectClass=user))
Searching Context: ou=Students,dc=rl,dc=kota,dc=net
+ 3 users
Got 3 records from LDAP
No user entries to be removed
No user entries to be revived
Validating user authentication method for LDAP users.
No users found to be updated!
User entries to update: 3
Updating user jdoe id 3
Updating user janedoe id 4
Updating user donduck id 5
No users to be added

Conversion Run:

Configuring temp table
Creating temp table mdl_extuser
Connecting to ldap...
Search Filter: (&(sAMaccountName=*)(objectClass=user))
Searching Context: ou=Students,dc=rl,dc=kota,dc=net
+ 3 users
Got 3 records from LDAP

No user entries to be removed
No user entries to be revived
Validating user authentication method for LDAP users.
User entries to update with ldap auth: 1
Updating user donduck id 5
User entries to update: 3
Updating user jdoe id 3
Updating user janedoe id 4
Updating user donduck id 5
No users to be added

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Petr Škoda (skodak) added a comment -

oh - automatic conversion could create major problems here,
when you are migrating to ldap it is very easy to bulk change auth type by sql query

thanks for the report, it might be interesting for some ppl

Show
Petr Škoda (skodak) added a comment - oh - automatic conversion could create major problems here, when you are migrating to ldap it is very easy to bulk change auth type by sql query thanks for the report, it might be interesting for some ppl
Hide
Permalink
John T. Macklin added a comment -

Petr,

Just an Idea and something that has come up. Mainly I wanted to give Moodle users an alternative for making sure their LDAP users are using LDAP auth
and not manual as happens on occasion. I was thinking of those whom are not SQL savvy. I do have one client that did complain to us about this
and did consider this a bug. However, after I explained the reason for this no bug report was filed. Simply I thought some of our users may want to
use an approach like this. Of course I am not a "Moodle Core Developer" like yourself but I do write software and contribute to my creating Moodle
patches and custom solutions for a very large Moodle Partner and I value and respect your opinion on this. Still yet some Moodle Admin in the
broad Moodle spectrum may actually need this tweak so I have made it available if that is the case.

This is of course why this was not submitted as a bug report but rather an idea for improvement. After all Moodle is still open source correct ?

Show
John T. Macklin added a comment - Petr, Just an Idea and something that has come up. Mainly I wanted to give Moodle users an alternative for making sure their LDAP users are using LDAP auth and not manual as happens on occasion. I was thinking of those whom are not SQL savvy. I do have one client that did complain to us about this and did consider this a bug. However, after I explained the reason for this no bug report was filed. Simply I thought some of our users may want to use an approach like this. Of course I am not a "Moodle Core Developer" like yourself but I do write software and contribute to my creating Moodle patches and custom solutions for a very large Moodle Partner and I value and respect your opinion on this. Still yet some Moodle Admin in the broad Moodle spectrum may actually need this tweak so I have made it available if that is the case. This is of course why this was not submitted as a bug report but rather an idea for improvement. After all Moodle is still open source correct ?

People

Vote (0)
Watch (1)

Dates

  • Created:
    Updated:
    Resolved:
Atlassian JIRA (v4.4.3#663-r165197) | Report a problem
Powered by a free Atlassian JIRA open source license for Moodle. Try JIRA - bug tracking software for your team.