Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-63207

LDAP users cannot update profile if field empty

    XMLWordPrintable

Details

    • MOODLE_310_STABLE, MOODLE_311_STABLE, MOODLE_35_STABLE, MOODLE_38_STABLE, MOODLE_39_STABLE, MOODLE_400_STABLE
    • MOODLE_310_STABLE, MOODLE_311_STABLE
    • MDL-63207-310
    • MDL-63207-311
    • MDL-63207-master
    • Hide

      Setup

      1. Setup a LDAP server and setup the LDAP authentication plugin.
        • If you don't have LDAP server you can use docker. For instance:
          1. docker run -p 389:389 --name my-openldap-container --hostname ldap.example.org --env LDAP_REPLICATION=true  --detach osixia/openldap:1.2.0
          2. docker run -p 6443:443 --name phpldapadmin-service --link my-openldap-container:ldap-host --env PHPLDAPADMIN_LDAP_HOSTS=ldap-host --detach osixia/phpldapadmin:0.7.1
          3. With this two commands you already have a nice LDAP server and PHPLdapadmin to manage. You can go to https://localhost:6443/ in your browser
            1. login: cn=admin,dc=example,dc=org
            2. password: admin
          4. Now, you can create a new user into your LDAP and let the email field empty. To do that you could import a new user with the import option and add this value in the text area:

            dn: cn=perry mason,dc=example,dc=org
            cn: perry mason
            gidnumber: 500
            givenname: pmason
            homedirectory: /home/users/pmason
            objectclass: inetOrgPerson
            objectclass: posixAccount
            objectclass: top
            sn: mason
            uid: pmason
            uidnumber: 1042
            userpassword: {MD5}gnzLDuqKcGxMNKFokfhOew==
            

          5. In Moodle you can setup LDAP settings in http://YOURMOODLESITE/admin/settings.php?section=authsettingldap
            1. host_url: ldap://localhost:389
            2. ldap_version: 3
            3. start_tls: no
            4. bind_dn: cn=admin,dc=example,dc=org
            5. bind_pw: admin
            6. user_type: Default
            7. contexts: dc=example,dc=org
            8. search_sub: yes
            9. passtype: Plain text
          6. In Moodle you have to allow extended characters in usernames. To do that:
            1. Go to Site administration / Security / Site security settings and enabled extendedusernamechars setting.
      2. For your LDAP settings ensure you have correctly mapped the email address by entering a value in ‘Data mapping (Email address)’ that exists on the LDAP server and set ‘Update external (Email address)’ to ‘On update’ and 'Update local (Email address)' to 'On every login'.
        1. If you are using the openldap in the example, then the correct field for email in the ldap is "mail".
      3. Open mailhog, mailcatcher or similar tool configured to capture emails from your Moodle site (or set one up). 

      Test 1: Update user profile when the mail field is empty in LDAP

      1. Log into your Moodle site as one of your LDAP users.
        1. Following the previous example, you could login with:
          1. username: perry mason
          2. password: 12345
      2. Change your email in the user profile screen.
      3. Go to your inbox in your mailhog, mailcatcher or similar tool.
      4. Confirm you have received an email for confirmation of email with a link inside.
      5. Visit the previous link.
      6. Expected result:  the email has been updated in Moodle and in LDAP.

      Test 2: No PHP notices when the field does not exist on the LDAP

      1. Log in as an admin in Moodle.
      2. Go to setup LDAP settings in Moodle.
      3. Configure and incorrectly email field in the data mapping section:
        1. For instance:  
          1. field_map_email: emailwrong
          2. field_updateremote_email: On update
      4. Log out.
      5. Log into your Moodle site as another one of your LDAP users.
        1. Following the previous example, you have to create an account in your LDAP server. You can use http://localhost:6443/ to create a new account.
      6. Change your email in the user profile screen.
      7. Go to your inbox in your mailhog, mailcatcher or similar tool.
      8. Confirm you have received an email for confirmation of email with a link inside.
      9. Visit the previous link.
      10. Expected result: There are not PHP notices.

       

      Show
      Setup Setup a LDAP server and setup the LDAP authentication plugin. If you don't have LDAP server you can use docker. For instance: docker run -p 389:389 --name my-openldap-container --hostname ldap.example.org --env LDAP_REPLICATION=true  --detach osixia/openldap:1.2.0 docker run -p 6443:443 --name phpldapadmin-service --link my-openldap-container:ldap-host --env PHPLDAPADMIN_LDAP_HOSTS=ldap-host --detach osixia/phpldapadmin:0.7.1 With this two commands you already have a nice LDAP server and PHPLdapadmin to manage. You can go to https://localhost:6443/  in your browser login: cn=admin,dc=example,dc=org password: admin Now, you can create a new user into your LDAP and let the email field empty. To do that you could import a new user with the import option and add this value in the text area: dn: cn=perry mason,dc=example,dc=org cn: perry mason gidnumber: 500 givenname: pmason homedirectory: /home/users/pmason objectclass: inetOrgPerson objectclass: posixAccount objectclass: top sn: mason uid: pmason uidnumber: 1042 userpassword: {MD5}gnzLDuqKcGxMNKFokfhOew== In Moodle you can setup LDAP settings in http://YOURMOODLESITE/admin/settings.php?section=authsettingldap host_url: ldap://localhost:389 ldap_version: 3 start_tls: no bind_dn: cn=admin,dc=example,dc=org bind_pw: admin user_type: Default contexts: dc=example,dc=org search_sub: yes passtype: Plain text In Moodle you have to allow extended characters in usernames. To do that: Go to Site administration / Security / Site security settings and enabled extendedusernamechars setting. For your LDAP settings ensure you have  correctly  mapped the email address by entering a value in ‘Data mapping (Email address)’ that exists on the LDAP server and set ‘Update external (Email address)’ to ‘On update’ and 'Update local (Email address)' to 'On every login'. If you are using the openldap in the example, then the correct field for email in the ldap is " mail ". Open mailhog, mailcatcher or similar tool configured to capture emails from your Moodle site (or set one up).  Test 1: Update user profile when the mail field is empty in LDAP Log into your Moodle site as one of your LDAP users. Following the previous example, you could login with: username: perry mason password: 12345 Change your email in the user profile screen. Go to your inbox in your mailhog, mailcatcher or similar tool. Confirm you have received an email for confirmation of email with a link inside. Visit the previous link. Expected result:   the email has been updated in Moodle and in LDAP. Test 2: No PHP notices when the field does not exist on the LDAP Log in as an admin in Moodle. Go to setup LDAP settings in Moodle. Configure and incorrectly email field in the data mapping section: For instance:   field_map_email: emailwrong field_updateremote_email: On update Log out. Log into your Moodle site as another one of your LDAP users. Following the previous example, you have to create an account in your LDAP server. You can use  http://localhost:6443/  to create a new account. Change your email in the user profile screen. Go to your inbox in your mailhog, mailcatcher or similar tool. Confirm you have received an email for confirmation of email with a link inside. Visit the previous link. Expected result: There are not PHP notices.  
    • 3
    • Moppies Moodle 3.8 Sprint 1, Moppies Moodle 3.8 Sprint 2, Moppies Moodle 3.8 Sprint 3, Moppies Kanban

    Description

      To reproduce:

      Create user in LDAP without an email address.

      Sync user to Moodle and/or have user log in.

      User is directed to edit profile page to fill in missing fields.

      User fills in email address and clicks on update.

      Error is reported and profile does not update.

      Server logs report:  [AUTH LDAP] Failed to update LDAP with non-existent field ('mail')...

      Attachments

        Issue Links

          Activity

            People

              cescobedo Carlos Escobedo
              emmarichardson Emma Richardson
              Ferran Recio Ferran Recio
              Eloy Lafuente (stronk7) Eloy Lafuente (stronk7)
              Peter Dias Peter Dias
              Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias, Sujith Haridasan
              Votes:
              2 Vote for this issue
              Watchers:
              14 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                13/Sep/21

                Time Tracking

                  Estimated:
                  Original Estimate - 0 minutes
                  0m
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 1 day, 6 hours, 45 minutes
                  1d 6h 45m