I want to use a flat (csv) file for an initial load of MANY users (known to our ERP system). Subsequently all authentication will be to an LDAP server, and the users' passwords will not be cached by Moodle. The trouble is: the flat file batch upload requires a password to be specified. I do not know nor care to know the users' passwords. I just want to create their accounts and point Moodle at the LDAP directory for authentication. (The latter I already have working for a few test student accounts, but now we have to deal with real data and thousands of accounts.)
Will it be ok if I supply some password for all the users (in the flat file) and then just delete that value (set it to null or to '') in the database when the batch upload completes?
If I do not delete it (set it to null or to ''), can I safely ignore it since the 'auth' field is set to ldap?
Is there some better way to do this?
Alan
Instead of doing a csv upload, you could setup your LDAP and then use the auth_ldap_sync_users.php script to sync the users in your ERP system. This would automatically create the user accounts for you. Once you have the initial load done you can keep your users up-to-date by using that same script on a scheduled nightly basis. Just my two cents.
Scott Karren
great idea. thanks.
Alan, in earlier versions of Moodle it was possible to just ignore the password field. Don't include it in your headers row nor in the data rows. I'm not sure if this is the case in the latest version and I can't get to my test server at the moment, but perhaps you can try?
I tried that, and it didn't work.
What I can do, apparently, is set 'the passwords to some randomly generated values. Since I set auth to ldap, as soon as the user logs in the password from the ldap source will overwrite the password from the batch upload file. Weird but enough of a hack for my purposes. I need to test this a bit more, however, to make sure it is really working...
What I can do, apparently, is set 'the passwords to some randomly generated values. Since I set auth to ldap, as soon as the user logs in the password from the ldap source will overwrite the password from the batch upload file. Weird but enough of a hack for my purposes. I need to test this a bit more, however, to make sure it is really working...
I had this same situation with 1.7. I just left the password field empty in my CSV file. Worked fine.
I'm not quite sure why Moodle is set up to cache LDAP passwords; I foolishly thought that if the LDAP server is unavailable, it would authenticate against the stored hash. And it is a hash it stores, not the password. Nope. It just gives an error that the LDAP server is unavailable. Maybe we could set users to manual, and it would work, but I haven't tried that.
I'm not quite sure why Moodle is set up to cache LDAP passwords; I foolishly thought that if the LDAP server is unavailable, it would authenticate against the stored hash. And it is a hash it stores, not the password. Nope. It just gives an error that the LDAP server is unavailable. Maybe we could set users to manual, and it would work, but I haven't tried that.
I have no experience with LDAP-Synchronisation, as I just wanted the users to auth against our Active Directroy Servers through LDAP. As we have a redundant array of AD-Domain-Controllers, we rely on the fact that at least one of them will always be reacheable. So simply put a semicolon separated list of LDAP-Servers in the ldap server config field.
Rosario
That's correct, I put a dummyPassword ever since I used LDAP and later SHIBBOLETH auth.
Another good solution is to use my uploadusersandcourses.php and uploadusersandcourses_silently.php to
a) export data from any School-Administration-System (you call it ERP??)
b) put the exported data onto a share your School-Administration-System can write to and Moodle can READ from
c) uploadusersandcourses to create new courses AND enroll Teachers and Students at your will into existing or just newly created courses in the same upload. The upload can be done by hand through the Moodle GUI like the built in uploaduser AND as a cron/batch job during night hours, i.e. in silent mode
Rosario
It turns out that I cannot rely on the LDAP sync script for various reasons, and I need to be able to use a flat file to handle periodic "batch" uploads. Moreover I need to be able to run this without using the Moodle admin UI, just in response to a message (perhaps a simple HTTP request to the Moodle server).
Do you know what script handles this? I mean: the script would be passed the location of the CSV file and then would have to create or update the user accounts accordingly. Ideally I would be able to include all the courses and roles in this file, which seems to be possible according to the online Help window.
I am prepared to edit the script if need be, but I am just not sure WHICH file does this.
Thanks.
Alan
Do you know what script handles this? I mean: the script would be passed the location of the CSV file and then would have to create or update the user accounts accordingly. Ideally I would be able to include all the courses and roles in this file, which seems to be possible according to the online Help window.
I am prepared to edit the script if need be, but I am just not sure WHICH file does this.
Thanks.
Alan
What we are noticing is that by using the batch upload process, with a bogus password, users are flagged to reset their ldap passwords. This obviously creates a ton of work for the help desk and would require a reset for all 10 days of registration.
Attempts to change the forcepassword reset in the database result in an error that auth_forcepasswordchange is not a known field.
I would be very careful about using the batch upload process without testing.
Any help on this is appreciated.
Attempts to change the forcepassword reset in the database result in an error that auth_forcepasswordchange is not a known field.
I would be very careful about using the batch upload process without testing.
Any help on this is appreciated.
I had the same problem. The Moodle2.2.1 not allow upload users for LDAP any more. It is really BAD!
In 2.5.2 I have just successfully tested doing this. The key is having an 'auth' field containing the value 'ldap' and NOT having any 'password' field.
firstname,lastname,username,email,auth,city,country
Joe,Bloggs,jbloggs,jbloggs@your.org.uk,ldap,Toytown,GB
A flat file containing something like the two lines above dropped onto the target area in Site administration -> Users -> Accounts -> Upload users creates your users with no fuss. I then logged onto this account using the AD username and password with no problems.
By the way, I always include the city and country fields in the bulk upload because the user profile regards them as required.
I hope this is of some help to someone else.
Nigel
You just saved me a lot of work. Thanks for this tip!
In my case, I'm using IMAP authentication. I specified "imap" in an "auth" column, and it works, but it's important to note that it will say "{authentication method} not supported" when you import. It is lying.
The system seems to put in some random password, but then it lets people get authenticated by whatever the other server is, so it doesn't matter.
Great!