Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-30634

Assign arbitrary system roles via LDAP sync

    XMLWordPrintable

Details

    • MOODLE_22_STABLE, MOODLE_27_STABLE, MOODLE_33_STABLE
    • MOODLE_34_STABLE
    • MDL-30634-master
    • Hide

      Test preparation

      1. Create LDAP records for three users in distinct contexts.
      2. On pre-upgrade site set one of those LDAP contexts in auth_ldap/creators (Site administration > Plugins > Authentication > LDAP server > Course creators)
      3. (Optional) Log in with the user with the LDAP context set in 2, and verify that it is assigned course creator role in the system context.

      Test upgrade

      1. Upgrade auth_ldap.
      2. Verify that auth_ldap/coursecreatorcontext" is set to the LDAP context specified in test preparation.

       Test other system roles

      1. Select a different system-level role for the remaining System roles.
      2. Set the Role contexts to the path of the corresponding LDAP contexts containing.
      3. Log in with those users with the LDAP context set in 2, and verify that they are assigned course the specified roles in the system context.

      Test sync_roles

      1. Remove the system role context for a user in the LDAP server. (set the context to ; )
      2. Enable and run the sync_roles task
      3. Verify that the relevant system role has been revoked.
      4. Reinstate a system role context for a user in the LDAP server.
      5. Run the sync_roles task again
      6. Verify that the user has have been assigned the relevant system role.
      Show
      Test preparation Create LDAP records for three users in distinct contexts. On pre-upgrade site set one of those LDAP contexts in auth_ldap/creators (Site administration > Plugins > Authentication > LDAP server > Course creators) (Optional) Log in with the user with the LDAP context set in 2, and verify that it is assigned course creator role in the system context. Test upgrade Upgrade auth_ldap. Verify that auth_ldap/coursecreatorcontext" is set to the LDAP context specified in test preparation.   Test other system roles Select a different system-level role for the remaining System roles. Set the Role contexts to the path of the corresponding LDAP contexts containing. Log in with those users with the LDAP context set in 2, and verify that they are assigned course the specified roles in the system context. Test sync_roles Remove the system role context for a user in the LDAP server. (set the context to ; ) Enable and run the sync_roles task Verify that the relevant system role has been revoked. Reinstate a system role context for a user in the LDAP server. Run the sync_roles task again Verify that the user has have been assigned the relevant system role.

    Description

      Currently it's possible to assign a user a "course creator" role when they are created via an LDAP sync, based on the LDAP context to which they belong.
      It's useful to be able to do this with other roles to give system-level permissions to different groups of users based on their LDAP group.

      I've modified the LDAP plugin to provide 3 pairs of settings in place of the current "course creator" setting allowing a role and LDAP context to be specified, which are then checked against new users being created and roles assigned as required.

      Attachments

        Issue Links

          Activity

            People

              balchd Dave Balch
              marxjohnson Mark Johnson
              Simey Lameze Simey Lameze
              Dan Poltawski Dan Poltawski
              John Okely John Okely
              Votes:
              6 Vote for this issue
              Watchers:
              12 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Clockify

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.