LDAP - synchronization

LDAP - synchronization

by nik user -
Number of replies: 9

Hallo everyone

I have looked around but do not seem to be able to find a suitable answer to my problem:

I am using LDAP for user authentication in moodle. It works fine amd users can login but they do not appear in the moodle user list until their first login from LDAP. My problem is that I want to be able to enrol students and teachers beforehand, so when they login for the first time, they will already be assigned to their relative courses, according to their roles. So I am looking for a way to make them 'virtually' login for the first time so that they appear in the moodle user list.

Looking around, I found a script called auth_ldap_sync_users.php. But I am not sure if it works as if all the users logged once or if it copies the users to a moodle internal database thus eliminating the use of LDAP? I hope my question is not too stupid.

Thanks in advance for your responses

Average of ratings: -
In reply to nik user

Re: LDAP - synchronization

by Visvanath Ratnaweera -
Picture of Particularly helpful Moodlers Picture of Translators
Hi

Authentication is not my dept. Still I take a shot, hope the experts here will check the facts.

You wrote:
> I am using LDAP for user authentication in moodle. It works fine amd users can login ...

You must have meant http://docs.moodle.org/en/LDAP_authentication. Yes, I can confirm for Moodle 1.x.

> but they do not appear in the moodle user list until their first login from LDAP.

That is correct. Moodle creates its own records once the user logs in.

> My problem is that I want to be able to enrol students and teachers beforehand, so when they login for the first time, they will already be assigned to their relative courses, according to their roles.

http://docs.moodle.org/en/LDAP_enrolment does exactly that. Again, works from 1.6 to 1.9, haven't tested 2.x. It looks like http://docs.moodle.org/20/en/LDAP_enrolment and http://docs.moodle.org/21/en/LDAP_enrolment are OK but not http://docs.moodle.org/22/en/LDAP_enrolment which says "This page requires updating for Moodle 2.2. Please do so and remove this template when finished.".

> I found a script called auth_ldap_sync_users.php. But I am not sure if it works as if all the users logged once or if it copies the users to a moodle internal database thus eliminating the use of LDAP?

Yes, once you run it through the web interface or the PHP cli interpreter, it creates records for all the users in the Moodle database. But it does not eliminate LDAP, when the user logs in, the password, for example, is checked against LDAP.
Average of ratings: -
In reply to Visvanath Ratnaweera

Re: LDAP - synchronization

by Visvanath Ratnaweera -
Picture of Particularly helpful Moodlers Picture of Translators
Forgot to mention earlier: There is enrol/ldap/enrol_ldap_sync.php which similar to auth/ldap/auth_ldap_sync_users.php but creates all the courses instead.

If you run them in the correct order, first auth/ldap/auth_ldap_sync_users.php then enrol/ldap/enrol_ldap_sync.php, then the courses will be created and the users correctly enrolled.
Average of ratings: -
In reply to Visvanath Ratnaweera

Re: LDAP - synchronization

by John Reese -

VR is correct...

run the script "/yourmoodlelocation/auth/ldap/auth_ldap_sync_users.php"  via cron to get all the users from your ldap over to moodle.

Be careful not to delete any ones that are already in Moodle but not in your LDAP directory. In other words, if you just want to add and not "remove", make sure the option to not delete is checked

Average of ratings: -
In reply to John Reese

Re: LDAP - synchronization

by David Bolger -

Hi,

Is there a requirement that this runs from cron? I am trying to automatically load users from LDAP into Moodle without them having to log in first. I have found the auth_ldap_sync_users.php script, but when I try to run it manually (using "./auth_ldap_sync_users.php" I get a load of 'command not found' errors.


Is there other configuration required before I run this script? At present I have LDAP authentication turned on, so users are created from LDAP the first time a user tries to log in.

Thanks,

David

Average of ratings: -
In reply to David Bolger

Re: LDAP - synchronization

by Visvanath Ratnaweera -
Picture of Particularly helpful Moodlers Picture of Translators
php files need the PHP interpreter! The prescribed way is to change to the main moodle directory and call the PHP interpreter with the rights of the owner of the web server. For example,
$ cd /path/to/your/moodle/dir
$ sudo -u apache /usr/bin/php admin/cli/somescript.php --params

For details see http://docs.moodle.org/en/Administration_via_command_line.
Average of ratings: -
In reply to John Reese

Re: LDAP - synchronization

by Visvanath Ratnaweera -
Picture of Particularly helpful Moodlers Picture of Translators
On 12 April 2012 John Reese wrote:
> run the script "/yourmoodlelocation/auth/ldap/auth_ldap_sync_users.php" via cron to get all the users from your ldap over to moodle.

Just a caution: Keep in mind that auth_ldap_sync_users.php is not one three things, depending on Administration -> Users -> Authentication -> LDAP server -> Cron synchronization script = Keep internal or Suspend internal or Full delete internal. See http://moodle.org/mod/forum/discuss.php?d=201783.
Average of ratings: -
In reply to Visvanath Ratnaweera

Re: LDAP - synchronization

by Iñaki Arenaza -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers

http://docs.moodle.org/en/LDAP_enrolment does exactly that. Again, works from 1.6 to 1.9, haven't tested 2.x. It looks like http://docs.moodle.org/20/en/LDAP_enrolment and http://docs.moodle.org/21/en/LDAP_enrolment are OK but not http://docs.moodle.org/22/en/LDAP_enrolment which says "This page requires updating for Moodle 2.2. Please do so and remove this template when finished.".

Yeah, that works in Moodle 2.x (including 2.2 wink) The sentence about updating the page for Moodle 2.2 comes from the fact that the settings have changed in Moodle 2.x (so the wiki pages for 2.0 and 2.1 should have the same sentence in fact). There are some changed and a few added settings, which make the enrolment plugin a bit more flexible and featureful (for example, if you are using MS Active Directory, nested groups are supported for course enrolments).

Other than that, the same functionality that was available in Moodle 1.x is available in 2.x (plus some more wink)

Saludos. Iñaki.

Average of ratings: -
In reply to nik user

Re: LDAP - synchronization

by nik user -

thanks everyone for your help and sorry for my late respons but there have been some rather urgent matters I had to attend.

Anyway, my moodle version is 2.1 and there is no 'auth_ldap_sync_users.php'. I have located a small script, though, called 'sync_users.php' in /auth/ldap/cli/ which seems to do the same job, since the core 2 lines are almost identical:

$ldapauth = get_auth_plugin('ldap');
$ldapauth->sync_users(true);

John Reese mentioned that the script can overwrite existing users unless the option to not delete is checked. I want to keep the existing users(especially the admin user who is not in LDAP) but i cannot locate the option to not delete.

Can you offer some advice?
Average of ratings: -
In reply to nik user

Re: LDAP - synchronization

by Thomas Bachert -

Nik,

We are having issues with our LDAP Auth Cron.  Our Moodle's LDAP setting is set to "Full delete internal", but after running cron the student that has been deleted from the LDAP server, is not being removed from Moodle.  

I checked to confirm that auth_ldap_sync_users.php includes the lines;

$ldapauth = get_auth_plugin('ldap');
$ldapauth->sync_users(true);

And cron.php page has the auth cron method enabled.

After running cron, I confirmed that the auth crons were run;

"Running auth crons if required..."

I ran Debugging in Developer mode and it did not display any errors.

Where should I look next?

 

Thank you for your time,

Thomas Bachert

Average of ratings: -