How to get a cohort being syncronised with a ldap server ?

Re: How to get a cohort being synchronised with a ldap server ?

by Jörg Tuttas -
Number of replies: 27

Dear Patrick Pollet,

just have a problem in Moodle 2.9.1. to get the sync_cohots script to work, i just run into the following error and have no idea to fix it. Did you have and idea? The error message is in german an means some problem with the (text) coding.


Would be nice to hear from you. best regards


Default exception handler: Fehler in der Kodierung gefunden, den nur ein Programmierer korrigieren kann: textlib_get_instance() can not be used any more, please use core_text::functioname() instead. Debug:

Error code: codingerror

* line 1490 of /lib/deprecatedlib.php: coding_exception thrown

* line 347 of /auth/ldap/cli/sync_cohorts.php: call to textlib_get_instance()

* line 540 of /auth/ldap/cli/sync_cohorts.php: call to auth_plugin_cohort->ldap_get_group_members_ad()

* line 653 of /auth/ldap/cli/sync_cohorts.php: call to auth_plugin_cohort->ldap_get_group_members()


!!! Fehler in der Kodierung gefunden, den nur ein Programmierer korrigieren kann: textlib_get_instance() can not be used any more, please use core_text::functioname() instead. !!!

Average of ratings: -
In reply to Jörg Tuttas

Re: How to get a cohort being synchronised with a ldap server ?

by Christine Legemble -

Hi Jörg ,

I have the same problem with my Moodle 2.9.1 (the plugin worked well before with older versions of Moodle).  

Have you find a solution ?

Best regards.

Christine

Average of ratings: -
In reply to Christine Legemble

Re: How to get a cohort being synchronised with a ldap server ?

by Séverin Terrier -
Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Testers Picture of Translators

Hi,

Sadly, Patrick Pollet died in january sad

But it seems someone found a solution for Moodle 2.9, exposed in a french discussion. Have also a look at this bug (with solution).

Séverin

Average of ratings: -
In reply to Séverin Terrier

Re: How to get a cohort being synchronised with a ldap server ?

by Robert Holt -

Hi, 

Very sorry to hear

we have upgraded to 3.0+ , i have been trying to get this plugin to work as i can't find any alternative and it is perfect for our needs.

i have got it installed but when i run it, it gets as far as collecting the groups and the users within the groups from LDAP but then throws an error: membre : xxx not found. 

I have poured over the settings and code but am stumped, don't suppose anyone knows what i'm doing wrong or know of any solution. 


Many Thanks

Rob


Average of ratings: -
In reply to Jörg Tuttas

Re: How to get a cohort being synchronised with a ldap server ?

by Charles Fulton -
Picture of Core developers Picture of Plugin developers Picture of Testers

Hello everyone,

I've updated the plugin to support Moodle 3.1 and the new scheduled task infrastructure. The plugin is now available on the plugins repository: https://moodle.org/plugins/local_ldap. It still supports both OpenLDAP and Active Directory but I've no way to test the latter.

Best,

Charles

Average of ratings: -
In reply to Charles Fulton

Re: How to get a cohort being synchronised with a ldap server ?

by Matjaž Mozetič -

Hi Charles.


Thank you for your effort to make this plugin work on newer versions of Moodle. Unfortunately for me is not working on Active Directory. I'm pretty sure I configured everything correctly. I also tried to run the script in command line and received just this info:

Execute scheduled task: Synchronize cohorts from LDAP groups (local_ldap\task\group_sync_task)

... used 0 dbqueries

... used 0.099068880081177 seconds

Scheduled task complete: Synchronize cohorts from LDAP groups (local_ldap\task\group_sync_task)

Can anyone else please test this plugin to confirm if it is working/not working on Active Directory?


Regards,

Matjaž

Average of ratings: -
In reply to Matjaž Mozetič

Odp: Re: How to get a cohort being synchronised with a ldap server ?

by Paweł Gaw -

Hello, I have the same problem. What did You set that it works? Do You have any screenshots of settings? 

Average of ratings: -
In reply to Charles Fulton

Re: How to get a cohort being synchronised with a ldap server ?

by Matjaž Mozetič -

Hi.


Actually it seems it is working!! I just configured wrong some things.

Charles thank you for bringing back this plugin!


Regards,

Matjaž

Average of ratings: -
In reply to Matjaž Mozetič

Re: How to get a cohort being synchronised with a ldap server ?

by Reed Glasener -

Thats great we still have not been able to get the group cohort sync to work what did you configure on the Group Class for Windows AD?




We have a windows 2008r2 and are able snyc users to moodle and wanted to sync cohorts
The AD group is CN=Engineering,OU=Training,OU=Domain Groups,DC=example,DC=com

We tried the following changes on the plugin the Group attribute as cn even tried department and tried Group Class as both group and groupOfNames 

Also used combinations of the following for the chort but still no sync.
Cohort 
Name Engineering
Chort ID CN=Engineering,OU=Training,OU=Domain Groups,DC=example,DC=com

Cohort 
Name Engineering
Chort ID Engineering

Cohort 
Name Engineering
Chort ID CN=Engineering

Average of ratings: -
In reply to Reed Glasener

Re: How to get a cohort being synchronised with a ldap server ?

by Reed Glasener -

We got it going the plugin Linux permissions when installed did not allow execute on the PHP files.


Below is or settings for Windows AD to sync groups to cohorts.


We used in the plugin field names.

cn

group

sAMAccountName



Also on the LDAP authentications originally it was search two user OUs  we also added the OU where the groups are stored



Attachment Cohort-group-sync.PNG
Average of ratings: -
In reply to Reed Glasener

Re: How to get a cohort being synchronised with a ldap server ?

by santosh dharamsale -

Hi All,


I Moodle 3.3 Bitnami and fresh configuration and when I am trying to sync cohorts I am getting the following message and no cohorts are getting sync in Moodle, we have production rollout not sure how to address if anyone has fix please let me know and I tried all the steps mentioned.


C:\Bitnami\moodle\php>php C:\Bitnami\moodle\apps\moodle\htdocs\admin\tool\task\c
li\schedule_task.php --execute=\local_ldap\task\group_sync_task
Execute scheduled task: Synchronize cohorts from LDAP groups (local_ldap\task\gr
oup_sync_task)
... used 1063 dbqueries
... used 27.389446020126 seconds
Scheduled task complete: Synchronize cohorts from LDAP groups (local_ldap\task\g
roup_sync_task)

Average of ratings: -
In reply to Charles Fulton

Re: How to get a cohort being synchronised with a ldap server ?

by Guybrush Threepwood -

Hi,

The cohort sync with our AD groups is not working for me.

Using latest moodle version 3.4.2+

Users sync is working well however.

Here are the config I used:

  • group_attribute: cn
  • group_class: group
  • real_user_attribure: sAMAccountName (also tried empty)
  • process_nested_groups: disabled (also tried enabled)
  • cohort_synching_ldap_groups_autocreate_cohorts: enabled.


When I launche the scheduled task, I have many warnings:

PHP Notice:  Undefined index: memberof;range=0-* in [...]\root\local\ldap\locallib.php on line 312

PHP Warning:  count(): Parameter must be an array or an object that implements Countable in [...]\root\local\ldap\locallib.php on line 312


The cohorts are not even created.


I tried to create a cohort with "Cohort ID" as same as the group name, it's not populated.


The test script root\local\ldap\tests\sync_test.php don't give any output...


Is there a way to have a verbal output like the previons version using "\root\local\ldap\cli\sync_cohorts.php"?


Any help will be appreciated!


Average of ratings: -
In reply to Guybrush Threepwood

Re: How to get a cohort being synchronised with a ldap server ?

by Emma Richardson -
Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Plugin developers

real_user_attribute should be empty.

Are your groups within the ou that your ldap server is accessing?

Average of ratings: -
In reply to Emma Richardson

Re: How to get a cohort being synchronised with a ldap server ?

by Guybrush Threepwood -

Hello,

I have the same behavior when real_user_attribute is empty.

Yes, the groups are in the sub OUs from the contexts defined in LDAP server settings.

Average of ratings: -
In reply to Guybrush Threepwood

Re: How to get a cohort being synchronised with a ldap server ?

by Emma Richardson -
Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Plugin developers

Can you try one more time with attribute empty and process nested groups enabled?

I know when I am testing it is easy to bounce through settings and never quite try the right combination...

Average of ratings: -
In reply to Emma Richardson

Re: How to get a cohort being synchronised with a ldap server ?

by Guybrush Threepwood -

Same behaviour (warning, no cohort created or pupulated) with the settings as below:


Attachment moodle.png
Average of ratings: -
In reply to Guybrush Threepwood

Re: How to get a cohort being synchronised with a ldap server ?

by Emma Richardson -
Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Plugin developers

Any error message when you run it?  Does your bind user have the appropriate permissions on the groups/ou's containing groups?

Average of ratings: -
In reply to Guybrush Threepwood

Re: How to get a cohort being synchronised with a ldap server ?

by Guybrush Threepwood -

Hi,

with the new version of the plugin as of today (2018050400), the output is slighty different:

Execute scheduled task: Synchronize cohorts from LDAP groups (local_ldap\task\group_sync_task)
... started 12:56:49. Current memory use 6.2Mo.
... used 1358 dbqueries
... used 48.352494955063 seconds
Scheduled task complete: Synchronize cohorts from LDAP groups (local_ldap\task\group_sync_task)

But the result is still the same: no cohort is created (or even synchronized for existing correlating one).


If I run the script using --showsql parameter, I can see that it is enumerating the different AD Groups:

SELECT * FROM mdl_cohort WHERE idnumber = ?
[array (
  0 => 'GGM_S2M_ET_Classes_2HMI',
)]
--------------------------------
Query took: 0.0034809112548828 seconds.


What is going wrong?

Average of ratings: -
In reply to Guybrush Threepwood

Re: How to get a cohort being synchronised with a ldap server ?

by Emma Richardson -
Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Plugin developers

So you have never got it working?

Did you check the bind user permissions as suggested before?

Average of ratings: -
In reply to Emma Richardson

Re: How to get a cohort being synchronised with a ldap server ?

by Guybrush Threepwood -

No, it never worked.

The bind user has the good permissions, as LDAP users synchronization and authentication is working.

Furthermore, the cohort script output is showing the groups... but not creating cohorts as requested.

Average of ratings: -
In reply to Emma Richardson

Re: How to get a cohort being synchronised with a ldap server ?

by Guybrush Threepwood -

I tried to synchronize a cohort with a group using LDAP Attribute instead of Groupe membership and it worked. The existing cohort has been correctly populated. However using an attribute is not a good option for me...

Average of ratings: -
In reply to Guybrush Threepwood

Re: How to get a cohort being synchronised with a ldap server ?

by Marlise Nauer -

Hi, i have the same problem like Guybrush

What can we check more, thanks for ideaswink

Best regards

Marlise

Average of ratings: -
In reply to Guybrush Threepwood

Re: How to get a cohort being synchronised with a ldap server ?

by Visvanath Ratnaweera -
Picture of Particularly helpful Moodlers Picture of Translators
Guybrush Threepwood wrote:
> I tried to synchronize a cohort with a group using LDAP Attribute instead of Groupe membership and it worked. The existing cohort has been correctly populated. However using an attribute is not a good option for me...

I can confirm. There is a bug. See https://moodle.org/mod/forum/discuss.php?d=378935.

Moodle 3.5.3+ (Build: 20181116)
LDAP syncing scripts: v3.4.1 (2018090700)
Average of ratings: -
In reply to Guybrush Threepwood

Re: How to get a cohort being synchronised with a ldap server ?

by Charles Fulton -
Picture of Core developers Picture of Plugin developers Picture of Testers

I've identified and fixed a couple bugs in the Active Directory code related to pagination. I can't say for sure that these changes will resolve the issues folks are seeing, but they might. The code is available here: https://github.com/LafColITS/moodle-local_ldap/releases/tag/v3.4.1-rc.1. I'd love to hear from folks on Active Directory before I publish a formal release.

Thanks,

Charles

Average of ratings: -
In reply to Charles Fulton

Re: How to get a cohort being synchronised with a ldap server ?

by Guybrush Threepwood -

Hello Charles,

I tried the new version of the plugin (2018090700), but the cohort are not synchronised.

I can see that the task iterates the groups well:

--------------------------------
SELECT * FROM mdl_cohort WHERE idnumber = ?
[array (
  0 => 'GGM_S2L_EAM_Utilisateurs_Eleves_1COIB',
)]
--------------------------------
Query took: 0.00063800811767578 seconds.
--------------------------------

but the cohort isn't created.

In the case of an existing cohort, the group members are not added to the cohort:

--------------------------------
SELECT * FROM mdl_cohort WHERE idnumber = ?
[array (
  0 => 'GGM_S2L_EAM_Utilisateurs_Eleves_2COIA',
)]
--------------------------------
Query took: 0.00070786476135254 seconds.
--------------------------------
--------------------------------
 SELECT u.id,u.username
                          FROM mdl_user u
                         JOIN mdl_cohort_members cm ON (cm.userid = u.id AND cm.cohortid = ?)
                        WHERE u.deleted=0
[array (
  0 => '40',
)]
--------------------------------
Query took: 0.00065398216247559 seconds.
--------------------------------

Best regards

Average of ratings: -
In reply to Charles Fulton

Re: How to get a cohort being synchronised with a ldap server ?

by Guybrush Threepwood -

Hi!


Reading Visvanath Ratnaweera's deep dive (https://moodle.org/mod/forum/discuss.php?d=378935), it helped me to point what was wrong in my configuration: in my Moodle auth_ldap configuration, memberattribute was empty. I set it to "member" and now cohorts are created in populated correctly.

Now I want to have the "displayName" attribute of the groupe to be used instead of the name (CN).

The plugin dot now allow to change this unfortunately.

Looking into the code, it looks like the name of the group is specified on line 163 in localib.php:

array_push($fresult, ($groups[$i][$this->config->group_attribute][0]));


How to replace "groupe_attribute", that is CN, with the "displayName" attribute?

Average of ratings: -
In reply to Guybrush Threepwood

Re: How to get a cohort being synchronised with a ldap server ?

by Guybrush Threepwood -

I managed the change in code to use the DisplayName (if set) of a group instead of the CN.

In locallib.php.

In function ldap_get_grouplist

line 148:

$ldapresult = ldap_search($ldapconnection, $context, $filter, array ($this->config->group_attribute));

becomes

$ldapresult = ldap_search($ldapconnection, $context, $filter, array ($this->config->group_attribute, "displayName"));


line 151:

$ldapresult = ldap_list($ldapconnection, $context, $filter, array ($this->config->group_attribute));

becomes

$ldapresult = ldap_list($ldapconnection, $context, $filter, array ($this->config->group_attribute, "displayName"));


line 162:

array_push($fresult, ($groups[$i][$this->config->group_attribute][0]));

becomes

array_push($fresult, ($groups[$i]));


in function sync_cohorts_by_group

replace line 639:

foreach ($ldapgroups as $groupname) {

with

foreach ($ldapgroups as $ldapgroup) {
   $groupname = $ldapgroup[$this->config->group_attribute][0];
   if($ldapgroup["displayname"][0]===NULL){
    $displayName = $groupname;
   }
   else{
    $displayName = $ldapgroup["displayname"][0];
   }

could be improved with the use of a variable for the displayname of the cohort...

Average of ratings: Useful (1)