Thanks, Julien and Iñaki.

Am I right in thinking this means users will have never been deleted using LDAP? In which case, the implications of this change could be huge? Once its fixed many users could be deleted?

Not exactly. Before the fix even if you choose "keep internal users", the sql query to find who wasn't anymore in your ldap was executed. Now, and only for this option, this part of code is skipped.

For "suspend" and "delete" options, there is no change.

Thanks Iñaki for commit so quickly.

Hi Dan,

as Julien points out, no users are deleted unless the config setting was set to FULLDELETE o SUSPEND. There's and additional check inside the foreach loop that tests for this condition, and only performs any action if the setting is set to FULLDELETE or SUSPEND. Otherwise it just loops over the retrieved users, doing nothing at all (except waste server resources, as Julien pointed out as well).

Saludos.
Iñaki.

Hi guys,

Thanks for clarifying that, all looks to make good sense.
Has been integrated now

Many thanks
Sam

Hey Inaki, Could I please get some testing instructions for this issue?

Hi Jason,

you just need to run auth/ldap/cli/sync_user.php (once you have configured LDAP auth plugin to Keep internal users). There's almost no observable difference from the outside, just a slightly longer execution time and higher cpu and memory consumption.

The only "visual" difference is that without the fix Moodle will print "User entries to be removed: nnn" (or "No user entries to be removed" if all the internal users are still in the external LDAP server) as part of the execution output, while with the fix it won't print any of those two strings.

Saludos.
Iñaki.

works fine, thanks Inaki!

Many thanks for your effort, the whole Moodle Community will be enjoying your great solutions starting now!

Closing, ciao