Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-5823

LDAP authentication uses a mix of username and idnumber

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.6
    • Fix Version/s: 1.8, 1.9
    • Component/s: Authentication
    • Labels:
      None
    • Environment:
      All
    • Database:
      Any
    • Affected Branches:
      MOODLE_16_STABLE
    • Fixed Branches:
      MOODLE_18_STABLE, MOODLE_19_STABLE

      Description

      when auth_ldap_sync_users is called it fails if you are not using the username as the idnumber. Thus the temporary table {$CFG->prefix}ext_user gets the idnumber field populated with usernames. Then when the subsequent 'LEFT JOIN' is called the idnumber field returned is NULL for all users. This results in all of the users being deleted and then readded. This causes lots of extraneous work and problems in certain cases.

      To resolve the issue the code either needs to be switched to use only idnumber as the keying attribute or username. Even though the other external authentication methods use idnumber as the outside keying entry I think it is correct to use username in the case of LDAP.

      One solution is to change the LEFT JOINS, there are two queries, to use the username field from {$CFG->prefix}user rather than idnumber.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                1 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  31/Mar/07