Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-65780

Filtering LDAP users to prevent autocreate accounts

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 3.6.3
    • Fix Version/s: None
    • Component/s: Authentication
    • Labels:
      None
    • Affected Branches:
      MOODLE_36_STABLE

      Description

      Hi,
      We use SSO to authenticate and autorize autocreate accounts (based on LDAP)

      Now, we have in our LDAP branch (people) some new users, for which we don't want they can autocreate accounts.

      I try to use the "ObjectClass" parameter, setting a filter that exclude these users.
      The filter is working, but don't prevent autocreate account.

      So, we have this behaviour

      • The new user is authenticate via SSO method
      • He doesn't have an account on Moodle, so the autocreate function is call
      • This function try to get attributes (name/firstname/mail) from our LDAP,
        but use the filter set in ObjectClass. So no data is return.
      • The account is create with username only and is useless.
      • The user is logged in his profil page which ask for name/firstname/mail but we have locked this attributes

      So, is it possible to use the filter set in ObjectClass to prevent this behaviour ?
      I think it would be more consistent.

      Thanks a lot

      Bruno Malaval

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              uha Bruno Malaval
              Participants:
              Component watchers:
              Jake Dallimore, Jun Pataleta, Ryan Wyllie
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: