Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-30634

Assign arbitrary system roles via LDAP sync

XMLWordPrintable

    • MOODLE_22_STABLE, MOODLE_27_STABLE, MOODLE_33_STABLE
    • MOODLE_34_STABLE
    • MDL-30634-master
    • Hide

      Test preparation

      1. Create LDAP records for three users in distinct contexts.
      2. On pre-upgrade site set one of those LDAP contexts in auth_ldap/creators (Site administration > Plugins > Authentication > LDAP server > Course creators)
      3. (Optional) Log in with the user with the LDAP context set in 2, and verify that it is assigned course creator role in the system context.

      Test upgrade

      1. Upgrade auth_ldap.
      2. Verify that auth_ldap/coursecreatorcontext" is set to the LDAP context specified in test preparation.

       Test other system roles

      1. Select a different system-level role for the remaining System roles.
      2. Set the Role contexts to the path of the corresponding LDAP contexts containing.
      3. Log in with those users with the LDAP context set in 2, and verify that they are assigned course the specified roles in the system context.

      Test sync_roles

      1. Remove the system role context for a user in the LDAP server. (set the context to ; )
      2. Enable and run the sync_roles task
      3. Verify that the relevant system role has been revoked.
      4. Reinstate a system role context for a user in the LDAP server.
      5. Run the sync_roles task again
      6. Verify that the user has have been assigned the relevant system role.
      Show
      Test preparation Create LDAP records for three users in distinct contexts. On pre-upgrade site set one of those LDAP contexts in auth_ldap/creators (Site administration > Plugins > Authentication > LDAP server > Course creators) (Optional) Log in with the user with the LDAP context set in 2, and verify that it is assigned course creator role in the system context. Test upgrade Upgrade auth_ldap. Verify that auth_ldap/coursecreatorcontext" is set to the LDAP context specified in test preparation.   Test other system roles Select a different system-level role for the remaining System roles. Set the Role contexts to the path of the corresponding LDAP contexts containing. Log in with those users with the LDAP context set in 2, and verify that they are assigned course the specified roles in the system context. Test sync_roles Remove the system role context for a user in the LDAP server. (set the context to ; ) Enable and run the sync_roles task Verify that the relevant system role has been revoked. Reinstate a system role context for a user in the LDAP server. Run the sync_roles task again Verify that the user has have been assigned the relevant system role.

      Currently it's possible to assign a user a "course creator" role when they are created via an LDAP sync, based on the LDAP context to which they belong.
      It's useful to be able to do this with other roles to give system-level permissions to different groups of users based on their LDAP group.

      I've modified the LDAP plugin to provide 3 pairs of settings in place of the current "course creator" setting allowing a role and LDAP context to be specified, which are then checked against new users being created and roles assigned as required.

            balchd Dave Balch
            marxjohnson Mark Johnson
            Simey Lameze Simey Lameze
            Dan Poltawski Dan Poltawski
            John Okely John Okely
            Votes:
            6 Vote for this issue
            Watchers:
            12 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.