I have committed our LDAP enrolment code to CVS HEAD. If you are feeling adventurous and have an LDAP server handy, jump in!
The LDAP enrolment plugin as committed is in use in a production website with 27K users+6K courses. We have tested it with up to 87K users and 12K courses. It scales ;)
Still, it is still rough around the edges. You are expected to know your bit about LDAP, and it probably doesn't help debugging as much as it could.
It is geared towards installations using posixGroup-style objectClasses, with many 'memberUid' fields. As such, it works great if you are already using LDAP for authentication.
If new courses show up in LDAP, the plugin can auto-create courses for you. For best results, give it a template course: it will take the settings from the 'course settings page', plus all the blockinfo data (where page-blocks are located, which ones are visible, etc).
The module includes a script to sync courses/enrolments on a cron, probably daily. With our current 27K users, 6K courses it takes ~ 10 minutes to run. Works very well with Postgres too.
Jump in, give it a spin and let me know how it goes!
This plugin looks promising. Are there any plans to place courses in categories based on some LDAP criteria? I'm thinking of putting all the Biology courses in a Biology category, English in English, etc. Are all of your 6K courses in 1 category?
-S
-S
All the courses get initially created in one category -- you can define which category they are in when they first show up.
The plugin doesn't natively support what you describe directly. On the other hand, there's nothing to stop you from creating categories and moving the courses there. LDAP won't reset them or anything silly.
If your courses have a naming convention that allows your to 'know' where they belong, write a small php script to sort them into the right categories, and you'll be away laughing.
The plugin doesn't natively support what you describe directly. On the other hand, there's nothing to stop you from creating categories and moving the courses there. LDAP won't reset them or anything silly.
If your courses have a naming convention that allows your to 'know' where they belong, write a small php script to sort them into the right categories, and you'll be away laughing.
Could I assume that this will be in Moodle 1.5?
Going to CVS to read up on it now.....
Going to CVS to read up on it now.....
You can get the 'latest development nightly' from the downloads page, with the caveats that apply to dev code, of course ;)
Hi, can someone give me a hand getting this to work. i Got the Ldap Auth working with our active directory but im having difficulty with this.
LDAP Server Settings | ||
| enrol_ldap_host_url: | ladp://elab1.xxx.xxx.xxx.kent.sch.uk | Specify LDAP host in URL-form like 'ldap://ldap.myorg.com/' or 'ldaps://ldap.myorg.com/' |
| enrol_ldap_version: | 2 3 | The version of the LDAP protocol your server is using. |
| enrol_ldap_bind_dn: | If you want to use bind-user to search users, specify it here. Someting like 'cn=ldapuser,ou=public,o=org' | |
| ldap_bind_pw: | Password for bind-user. | |
Student enrolment settings | ||
| enrol_ldap_student_contexts: | OU=Courses,DC=xxx,DC=xxx,DC=kent,DC=sch,DC=uk | List of contexts where groups with student enrolments are located. Separate different contexts with ';'. For example: 'ou=courses,o=org; ou=others,o=org' |
| enrol_ldap_student_memberattribute: | Member attribute, when users belongs (is enrolled) to a group. Usually 'member' or 'memberUid'. | |
Teacher enrolment settings | ||
| enrol_ldap_teacher_contexts: | NOT SURE WHAT TO PUT HERE | List of contexts where groups with teacher enrolments are located. Separate different contexts with ';'. For example: 'ou=courses,o=org; ou=others,o=org' |
| enrol_ldap_teacher_memberattribute: | Member attribute, when users belongs (is enrolled) to a group. Usually 'member' or 'memberUid'. | |
Course enrolment settings | ||
| enrol_ldap_objectclass: | Not sure what to put here | objectClass used to search courses. Usually 'posixGroup'. |
| enrol_ldap_course_idnumber: | Update local data No Yes Lock value No Yes | Map to the unique identifier in LDAP, usually cn or uid. It is recommended to lock the value if you are using automatic course creation. |
| enrol_ldap_course_shortname: | Update local data No Yes Lock value No Yes | Optional: LDAP field to get the shortname from. |
| enrol_ldap_course_fullname: | Update local data No Yes Lock value No Yes | Optional: LDAP field to get the full name from. |
| enrol_ldap_course_summary: | Update local data No Yes Lock value No Yes | Optional: LDAP field to get the summary from. |
Automatic course creation settings | ||
| enrol_ldap_autocreate: | no yes | Courses can be created automatically if there are enrolments to a course that doesn't yet exist in Moodle. |
| enrol_ldap_category: | Total Curriculum Business Studies Downloads Test | The category for auto-created courses. |
| enrol_ldap_template: | Optional: auto-created courses can copy their settings from a template course. | |
any help would be much apreactied
We are in the process of setting up Moodle for deployment in the insurance industry. We have a companion news site with about 16,000 registered users, and want to use a common database between sites.
Moodle does this well with using the authenticate with external database feature (MYSQL), but does not write back changes to user data made therafter in Moodle to the authoritative site. This limitation means that we will have differences between user profiles over time when users change profiles in Moodle thinking it will change their data on the News site. This is not desirable for our intended coordinated use.
So we have been following the development of the Moodle LDAP plugin, and the new 1.5 version allows the option of write back to the LDAP which is exaclty what we need to coordinate the systems. So we have 1.5 up as a development system, and are in the process of getting the OpenLDAP up as the authoritative user (and enrollment) database. We will roll out probably the end of May if all goes well, but this last piece here is now the bottleneck. Our content is ready to go.
I am hopeful that there is some documentation on the recomended schema in LDAP that can be posted here. I more or less can intuit the schema needed for simple authentication and user profile data, but when I read this thread about course creation, and enrollment from LDAP to Moodle I get lost since I cannot envision the process between the two in terms of enrollment and especially course creation. If the schema and step by step process of how LDAP and Moodle go together can be posted it would greatly help.
Othewise my group will at some point figure this out and I will post here how I finally did it.
With respect to enrollment, we also want to create a method to use Authorize.net (Instead of Paypal) to enroll students. If we are able to use LDAP to control enrollment, then this will direct how we modify the Authorize.net scripts to report to LDAP instead of MYSQL.
Rene
It's part of Moodle 1.5 ;)
Go to Admin->Enrolment
Go to Admin->Enrolment
ugh. Thanks.
The openldap server at our university needs the parameter -x after the ldapsearch command from the client.
Do you know how I can implement that in moodle configuration?
Thanx, Karsten.
Do you know how I can implement that in moodle configuration?
Thanx, Karsten.
-x in the commandline tools means "simple authentication" instead of SASL. Moodle uses simple authentication by default -- you don't need to change a thing...
I have been testing this on my end with Novell eDirectory. We will be creating courses in eDir with the expectation that they will be automatically created in Moodle afterwards. However I'm getting this right now:
== Synching
Failed to enrol student 16 (123) into course 1 (VCC Moodle)
I'm guessing if I manually created a course in Moodle first then this would work but that won't do me any good in my situation.
That actually brings about another thought... We would in an ideal world want to set start time and end time in eDir and then have Moodle grab those values. It's reasonably trivial to add a couple of custom attributes to a 'group' object for this purpose on the eDir side of things but currently Moodle doesn't offer a means to check for that.
== Synching
ERROR: null value in column "timestart" violates not-null constraint
INSERT INTO mdl_user_students ( ID, USERID, COURSE, TIMESTART, TIMEEND, TIME, ENROL ) VALUES ( 4, 16, 1, null, null, 1128035344, 'ldap' )
INSERT INTO mdl_user_students ( ID, USERID, COURSE, TIMESTART, TIMEEND, TIME, ENROL ) VALUES ( 4, 16, 1, null, null, 1128035344, 'ldap' )
Failed to enrol student 16 (123) into course 1 (VCC Moodle)
I'm guessing if I manually created a course in Moodle first then this would work but that won't do me any good in my situation.
That actually brings about another thought... We would in an ideal world want to set start time and end time in eDir and then have Moodle grab those values. It's reasonably trivial to add a couple of custom attributes to a 'group' object for this purpose on the eDir side of things but currently Moodle doesn't offer a means to check for that.
I installed the latest build, and am connecting via LDAP to an Active Directory server. For students, enrollment and course auto-creation work perfectly. This is great!
But for instructors, they get the following when trying to join the course:
Unknown column 'ldap' in 'field list'
INSERT INTO mdl_user_teachers ( USERID, COURSE, AUTHORITY, ROLE, EDITALL, TIMESTART, TIMEEND, TIMEMODIFIED, ENROL ) VALUES ( 8867, 116, 1, '0', 1, 0, ldap, 1129237650, 'manual' )
Also, AD groups list users with fully qualified DN. I saw that there's a workaround to parse this, but can't find it. Can someone point me to this? Thanks!
But for instructors, they get the following when trying to join the course:
Unknown column 'ldap' in 'field list'
INSERT INTO mdl_user_teachers ( USERID, COURSE, AUTHORITY, ROLE, EDITALL, TIMESTART, TIMEEND, TIMEMODIFIED, ENROL ) VALUES ( 8867, 116, 1, '0', 1, 0, ldap, 1129237650, 'manual' )
Also, AD groups list users with fully qualified DN. I saw that there's a workaround to parse this, but can't find it. Can someone point me to this? Thanks!
Also, AD groups
list users with fully qualified DN. I saw that there's a workaround to
parse this, but can't find it. Can someone point me to this? Thanks!
This has been fixed in 1.5.3+ a month ago or so. But you can edit moodle/auth/ldap/lib.php and search for this code (around line 1069):
$default['ldap_memberattribute_isdn'] = array(
'edir' => '1',
'rfc2307' => '0',
'rfc2307bis' => '1',
'samba' => '0', //is this right?
'ad' => '1',
'default' => '0'
);
and make sure the 'ad' line is set to '1', like the example above.
Saludos. Iñaki.
Can anyone enlighten me on whether enrolment has been accomplished using LDAP and Novell's NDS? I've read through several dozen LDAP related questions and have found a mixed result with NDS. Some say they have it working and others say it will not work due to the idnumber needing to be the complete context of a user and not simple the cn.
I just recently installed 1.5.3+ on our webserver and have gotten LDAP authentication working fine albeit with quite a bit of work since I only knew the basics about LDAP and had no experience in using it.
Now I just can't seem to get the enrolment portion working at all. I get no errors in my trace screen on the LDAP server. I see the query to my enrolment contexts, but nothing gets returned per my trace log. Can anyone see any issues with my configuration? Attached is a recent snippet from my DSTRACE.LOG.
Here is my enrolment config page:
LDAP Server Settings
enrol_ldap_host_url: ldaps://ipaddress_of_LDAP_Server
enrol_ldap_version: 3
enrol_ldap_bind_dn: cn=username,o=container
ldap_bind_pw: *************
ldap_search_sub: Yes
Student enrolment settings
enrol_ldap_student_contexts: ou=StudentEnroll,o=jahs
enrol_ldap_student_memberattribute: groupMembership (Have tried member as well)
Teacher enrolment settings
enrol_ldap_teacher_contexts: ou=TeacherEnroll,o=jahs
enrol_ldap_teacher_memberattribute: groupMembership (Have tried member as well)
Course enrolment settings
enrol_ldap_objectclass: groupOfNames (Have tried the default posixGroup)
enrol_ldap_course_idnumber: cn
Update local data Yes
Lock value Yes
enrol_ldap_course_shortname: cn
Update local data Yes
Lock value Yes
enrol_ldap_course_fullname: description
Update local data Yes
Lock value Yes
enrol_ldap_course_summary: description
Update local data Yes
Lock value Yes
Automatic course creation settings
enrol_ldap_autocreate: Yes
enrol_ldap_category: General
enrol_ldap_template:
General Options
enrol_allowinternal: Yes
HI All,
I do have the following settings, and I am still stuck. Do you have any way around this or point for me where is my error?
enrol_ldap_version:3
enrol_ldap_bind_dn:moodle1@win2k.aub.edu.lb
ldap_bind_pw: test
enrol_ldap_student_contexts:ou=allgroups,ou=security groups,ou=resource groups,ou=aub resources groups,ou=aubrg-acc,dc=win2k,dc=aub,dc=edu,dc=lb
enrol_ldap_student_memberattribute:memberUid
Course enrolment settings
enrol_ldap_objectclass: Group
enrol_ldap_course_idnumber:cn
enrol_ldap_autocreate: Yes
More over the authentication is working fine with "enrol_ldap_bind_dn:moodle1@win2k.aub.edu.lb", I have also tested using the absolute path "cn=moodle1,ou=allusers,dc=win2k,dc=aub,dc=edu,dc=lb" and I am still stuck.
Any suggestions for the above?
Mostafa Itani
Hi Ron,
did you solve your problem and got this working with NDS? I am very interested to get an example to get the LDAP enrolments done.
We are a comprehensive school in Germany and use moodle in conjunction with Novell-NDS-LDAP-authentication and therefore we want to control the courses and enrollments out of the NDS.
Regards,
Detlef
did you solve your problem and got this working with NDS? I am very interested to get an example to get the LDAP enrolments done.
We are a comprehensive school in Germany and use moodle in conjunction with Novell-NDS-LDAP-authentication and therefore we want to control the courses and enrollments out of the NDS.
Regards,
Detlef