LDAP : how to disable new user entry in moodle database

LDAP : how to disable new user entry in moodle database

by Susana L. -
Number of replies: 9
Hi,

In LDAP configuration page we have:
"This method provides authentication against an external LDAP server. If the given username and password are valid, Moodle creates a new user entry in its database"

Is it possible to disable the new user entry creation in moodle database?

We only need LDAP to authenticate users that already are in moodle database. We don´t want to use LDAP to create new users. How can i disable that feature?

You may be asking why... 2 reasons:
1) We don´t want to give access to all users in ldap server that are not in moodle database.
2) We only have username, password and email information in LDAP server (Don't want to create new users with so little info)

thank you.
Average of ratings: Useful (1)
In reply to Susana L.

Re: LDAP : how to disable new user entry in moodle database

by Steve Lovidge -

Hi Susana

I had the same issue and fixed it with this hack!

In /moodle/lib/moodlelib.php find line 2601 approx and comment out "$user = create_user_record($username, $password, $auth);".

This will send the user "You need to confirm your login" page and stop "function create_user_record($username, $password, $auth='')" creating a bare-bones user record.

code before:

    if (auth_user_login($username, $password)) {  // Successful authentication
        if ($user->id) {                          // User already exists in database
            if (empty($user->auth)) {             // For some reason auth isn't set yet
                set_field('user', 'auth', $auth, 'username', $username);
            }
            update_internal_user_password($user, $password);
            if (!is_internal_auth()) {            // update user record from external DB
                $user = update_user_record($username);
            }
        } else {
           $user = create_user_record($username, $password, $auth);
        }

code after:

    if (auth_user_login($username, $password)) {  // Successful authentication
        if ($user->id) {                          // User already exists in database
            if (empty($user->auth)) {             // For some reason auth isn't set yet
                set_field('user', 'auth', $auth, 'username', $username);
            }
            update_internal_user_password($user, $password);
            if (!is_internal_auth()) {            // update user record from external DB
                $user = update_user_record($username);
            }
        } else {
          // $user = create_user_record($username, $password, $auth);
        }

I hope this helps


Average of ratings: Useful (2)
In reply to Steve Lovidge

Re: LDAP : how to disable new user entry in moodle database

by Susana L. -
Thank you very much for your input!!
Cheers,
susana
Average of ratings: -
In reply to Steve Lovidge

Re: LDAP : how to disable new user entry in moodle database

by Juan Eladio S R -
If you don't want to show the "You need to confirm your login" page, you can replace
$user = create_user_record($username, $password, $auth);

With
continue;//$user = create_user_record($username, $password, $auth);

This just return the user to the login page, with the message "Invalid login, please try again".
Average of ratings: Useful (2)
In reply to Juan Eladio S R

Re: LDAP : how to disable new user entry in moodle database

by Daniel Nelson -

I'm trying this now on a XAMPP Moodle 2 install on my OSX workstation.

However I make the change and a success ldap authentication for an account without a local record is still sending me to the profile page.

I've tried clearing browser data in case I was still caching something and restarting apache. The update just doesn't seem to be working.

Any ideas?

Average of ratings: -
In reply to Daniel Nelson

Re: LDAP : how to disable new user entry in moodle database

by Daniel Nelson -

Nevermind. I think there was a problem with the account i was using. Seems to be working properly now.

Average of ratings: -
In reply to Daniel Nelson

Re: LDAP : how to disable new user entry in moodle database

by Christos Rodosthenous -

Does anyone know if there is a setting in Moodle 2.0 to do that???

Average of ratings: -
In reply to Christos Rodosthenous

Re: LDAP : how to disable new user entry in moodle database

by Iñaki Arenaza -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers
Hi Christos,

I'm afraid there isn't. The only way to do that is by modifying the code.

Saludos.
Iñaki.
Average of ratings: -
In reply to Iñaki Arenaza

Re: LDAP : how to disable new user entry in moodle database

by Christos Rodosthenous -

I was afraid that this was the case. I have added an issue for improvement http://tracker.moodle.org/browse/MDL-29093.

Maybe it will be added in an upgrade.

Average of ratings: Useful (1)
In reply to Christos Rodosthenous

Re: LDAP : how to disable new user entry in moodle database

by Iñaki Arenaza -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers
Thanks a lot smile

Saludos.
Iñaki.
Average of ratings: -