Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-30634

Assign arbitrary system roles via LDAP sync

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide

      Test preparation

      1. Create LDAP records for three users in distinct contexts.
      2. On pre-upgrade site set one of those LDAP contexts in auth_ldap/creators (Site administration > Plugins > Authentication > LDAP server > Course creators)
      3. (Optional) Log in with the user with the LDAP context set in 2, and verify that it is assigned course creator role in the system context.

      Test upgrade

      1. Upgrade auth_ldap.
      2. Verify that auth_ldap/coursecreatorcontext" is set to the LDAP context specified in test preparation.

       Test other system roles

      1. Select a different system-level role for the remaining System roles.
      2. Set the Role contexts to the path of the corresponding LDAP contexts containing.
      3. Log in with those users with the LDAP context set in 2, and verify that they are assigned course the specified roles in the system context.

      Test sync_roles

      1. Remove the system role context for a user in the LDAP server. (set the context to ; )
      2. Enable and run the sync_roles task
      3. Verify that the relevant system role has been revoked.
      4. Reinstate a system role context for a user in the LDAP server.
      5. Run the sync_roles task again
      6. Verify that the user has have been assigned the relevant system role.
      Show
      Test preparation Create LDAP records for three users in distinct contexts. On pre-upgrade site set one of those LDAP contexts in auth_ldap/creators (Site administration > Plugins > Authentication > LDAP server > Course creators) (Optional) Log in with the user with the LDAP context set in 2, and verify that it is assigned course creator role in the system context. Test upgrade Upgrade auth_ldap. Verify that auth_ldap/coursecreatorcontext" is set to the LDAP context specified in test preparation.   Test other system roles Select a different system-level role for the remaining System roles. Set the Role contexts to the path of the corresponding LDAP contexts containing. Log in with those users with the LDAP context set in 2, and verify that they are assigned course the specified roles in the system context. Test sync_roles Remove the system role context for a user in the LDAP server. (set the context to ; ) Enable and run the sync_roles task Verify that the relevant system role has been revoked. Reinstate a system role context for a user in the LDAP server. Run the sync_roles task again Verify that the user has have been assigned the relevant system role.
    • Affected Branches:
      MOODLE_22_STABLE, MOODLE_27_STABLE, MOODLE_33_STABLE
    • Fixed Branches:
      MOODLE_34_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      MDL-30634-master

      Description

      Currently it's possible to assign a user a "course creator" role when they are created via an LDAP sync, based on the LDAP context to which they belong.
      It's useful to be able to do this with other roles to give system-level permissions to different groups of users based on their LDAP group.

      I've modified the LDAP plugin to provide 3 pairs of settings in place of the current "course creator" setting allowing a role and LDAP context to be specified, which are then checked against new users being created and roles assigned as required.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                6 Vote for this issue
                Watchers:
                11 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  13/Nov/17