Moodle
  1. Moodle
  2. MDL-34594

LDAP enrol plugin fails to re-assign roles to user when role was previously unassigned

    Details

    • Type: Bug Bug
    • Status: Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: 2.3.1
    • Fix Version/s: STABLE backlog
    • Component/s: Enrolments
    • Labels:
    • Database:
      MySQL
    • Affected Branches:
      MOODLE_23_STABLE
    • Rank:
      43028

      Description

      Setup:
      1. Enable LDAP enrolment plugin
      2. In LDAP Enrolment plugin, set 'External Unenrol Action' to 'Disable course enrolment and remove roles'
      3. Create new course, assign a role to a user in the course in the external LDAP source and run enrol/ldap/cli/sync.php
      4. Verify that user has been given the appropriate role in the course
      5. Remove the same user enrolment from external LDAP source and run enrol/ldap/cli/sync.php
      6. Verify that role has been removed from user in the course
      7. Finally, re-assign the user to the course in the external LDAP source and run enrol/ldap/cli/sync.php

      Expected result:
      User should be re-enrolled in the course, appearing in the participants list, and if a student, in the gradebook also.

      Actual result:
      User does not appear in the participants list or the gradebook (if a student). User does appear under Users->Enrolled Users, but without any role listed.

      Notes/workarounds:
      In the database, it appears to be re-enabling the user_enrolments record correctly (changing status from 1 to 0, which is why they are listed on the Enrolled Users screen), but is NOT inserting a role_assignments record (which is why they don't appear as participants).

      What I then discovered is that if the student logs in to the Moodle site, the role is correctly assigned on the fly (this can be tested by an admin doing a 'login as' the student). So, the "$enrol->sync_user_enrolments($user)" called when a user logs in is inserting the necessary role_assignment records, but the bulk call "$enrol->sync_enrolments()" from enrol/ldap/cli/sync.php is not creating role_assignment records.

      Based on that, my workaround for the moment is to loop through all LDAP users, calling sync_user_enrolments for each user. That worked in restoring the missing role_assignment records on our site.

      It's important for the records to exist prior to students logging in, because our teachers need to be able to assess very young students in the gradebook, all of whom have Moodle accounts but wouldn't necessarily log in (being 5 years old!).

        Activity

        Hide
        Petr Škoda added a comment -

        Reassigning to our LDAP guru, thanks for the report and patch.

        Show
        Petr Škoda added a comment - Reassigning to our LDAP guru, thanks for the report and patch.
        Hide
        Mark O'Neal added a comment -

        I too ran afoul of this particular bug, and this patch worked wonders. Thank you very much for the patch!

        Show
        Mark O'Neal added a comment - I too ran afoul of this particular bug, and this patch worked wonders. Thank you very much for the patch!

          People

          • Votes:
            3 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated: