Affects Version/s: 3.6.3
Fix Version/s: None
We use SSO to authenticate and autorize autocreate accounts (based on LDAP)
Now, we have in our LDAP branch (people) some new users, for which we don't want they can autocreate accounts.
I try to use the "ObjectClass" parameter, setting a filter that exclude these users.
The filter is working, but don't prevent autocreate account.
So, we have this behaviour
- The new user is authenticate via SSO method
- He doesn't have an account on Moodle, so the autocreate function is call
- This function try to get attributes (name/firstname/mail) from our LDAP,
but use the filter set in ObjectClass. So no data is return.
- The account is create with username only and is useless.
- The user is logged in his profil page which ask for name/firstname/mail but we have locked this attributes
So, is it possible to use the filter set in ObjectClass to prevent this behaviour ?
I think it would be more consistent.
Thanks a lot