Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-60666

LDAP Sync (auth/ldap) - prevents access to site as transaction blocks writes to mdl_user

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Waiting for peer review
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 2.7.20, 3.0.10, 3.1.8, 3.2.5, 3.3, 3.7.6
    • Fix Version/s: None
    • Component/s: Authentication
    • Labels:
    • Testing Instructions:
      Hide
      Test 1

      You need a LDAP server and to setup the LDAP authentication.

      1. In LDAP auth settings (in Moodle) specify to match those fields to fields in your LDAP.
        • Notes:
          • For the standard profile fields, make sure to map at least the firstname, lastname and email.
          • Make sure that for each of these mapped fields, "Update local" is set to "On every login".
      2. Create some users in LDAP with data in those fields.
        • Some notes about entering values on the LDAP side:
          • For the checkbox profile field type, make sure to set a value of either 0 or 1.
          • For the date/time profile field type, make sure to set a UNIX timestamp value.
          • For the dropdown menu profile field type, make sure to enter a value that was defined in the "Menu options (one per line)" settings.
      3. Run LDAP sync.

        php admin/tool/task/cli/schedule_task.php --execute=\\auth_ldap\\task\\sync_task

      4. Make sure users are created in Moodle and profile fields are filled.
      5. Change a user's field value in LDAP
      6. Run the LDAP sync again.
      7. Make sure users are updated in Moodle and profile fields reflect new value.
      Test 2

      While Test 1's step 6 is running attempt to log in as a student.

       

      Before:

      Failed with error writing to database

      After:
      Login succesful

      Cause 

      User table is locked until sync is complete, for production deployment 100 000 users, sync takes 1h40m

      Show
      Test 1 You need a LDAP server and to setup the LDAP authentication. In LDAP auth settings (in Moodle) specify to match those fields to fields in your LDAP. Notes: For the standard profile fields, make sure to map at least the firstname, lastname and email. Make sure that for each of these mapped fields, " Update local " is set to "On every login". Create some users in LDAP with data in those fields. Some notes about entering values on the LDAP side: For the checkbox profile field type, make sure to set a value of either 0 or 1. For the date/time profile field type, make sure to set a UNIX timestamp value. For the dropdown menu profile field type, make sure to enter a value that was defined in the " Menu options (one per line) " settings. Run LDAP sync. php admin/tool/task/cli/schedule_task.php --execute=\\auth_ldap\\task\\sync_task Make sure users are created in Moodle and profile fields are filled. Change a user's field value in LDAP Run the LDAP sync again. Make sure users are updated in Moodle and profile fields reflect new value. Test 2 While Test 1's step 6 is running attempt to log in as a student.   Before: Failed with error writing to database After: Login succesful Cause  User table is locked until sync is complete, for production deployment 100 000 users, sync takes 1h40m
    • Affected Branches:
      MOODLE_27_STABLE, MOODLE_30_STABLE, MOODLE_31_STABLE, MOODLE_32_STABLE, MOODLE_33_STABLE, MOODLE_37_STABLE
    • Pull from Repository:
    • Pull 3.9 Branch:
    • Pull 3.10 Branch:
      MDL-60666-310
    • Pull Master Branch:
      MDL-60666-master

      Description

      As reported by other users (e.g. https://moodle.org/mod/forum/discuss.php?d=278900), users are unable to log in to the site while the LDAP sync task is running. The complete_user_login() method fails when attempting to update the last login timestamp.

      Access to the site also fails when trying to update the last access timestamp via user_accesstime_log().

       

      Leads to dml_write_exception error

        Attachments

          Activity

            People

            Assignee:
            aspark Alistair Spark
            Reporter:
            rhjcape Joseph Cape
            Participants:
            Component watchers:
            Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias, Sujith Haridasan
            Votes:
            2 Vote for this issue
            Watchers:
            6 Start watching this issue

              Dates

              Created:
              Updated: