Replace local users with mnet users

Replace local users with mnet users

by David Bogner -
Number of replies: 5
Picture of Core developers Picture of Plugin developers

Hi,

we want to migrate a moodle-site to single-sign-on via mnet. All existing users will be transferred to the main-site and we will have several remote-sites, with single-sign on. the goal of this project is to provide one login for multiple moodle-sites we offer.

Is there a best practice method how to convert local users to remote users, so that the new remote account is mapped to the local account, that means, that the remote account should replace the local account on the site, but keep all course subscriptions, etc. available.

Or would it be possible to write a script? Perhaps a hint how to start for such a script would be nice. Is it possible to replace just all the user ids associated with courses, etc? Could there be any problems doing such a mysql query? Any help is greatly appreciated.

Best regards,

David

Average of ratings: -
In reply to David Bogner

Re: Replace local users with mnet users

by David Mudrák -
Picture of Core developers Picture of Documentation writers Picture of Moodle HQ Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers Picture of Plugins guardians Picture of Testers Picture of Translators

Definitely avoid changing user ids in your databases. It is used as a foreign key almost everywhere and you would face serious issues probably. What should work is the following procedure:

Let us assume you have Moodle A and Moodle B sites right now with their current users, courses and such. Make sure you have backups so if anything goes wrong, you would not blame me too much.

  1. The first thing to do is to set up the Moodle C that is to become the home server of all your users and the entry portal into your MNet network.
  2. Create an empy course at Moodle A and enroll all users into it. Backup it and restore it at Moodle C. This should re-create all user profiles at Moodle C. Repeat the same for Moodle B. Now all your users from both A and B should have their account at C, too.
  3. Set up MNet between A and C (Moodle C to become SSO Identity Provider, Moodle A to become SSO Service Provider) and between B and C, respectively.
  4. In the database of Moodle A, a new MNet host record should be now created in the table "mnet_host" for the remote site C. You need to get know its ID.
  5. For all users at server A that should become remote users, update their records in the table "user" and set "mnethostid" column to the ID from the previous step. Also set their "auth" column to "mnet".
  6. Repeat 4. and 5. at Moodle B, respectively.

I must admit I never did it personally but as far as I know, this should be enough to do. In MNet environment, users are identified by the combination of "username" and "mnethostid". Users' username should retain unchanged during the restore so you just need to set their mnethostid correctly.

Let us know how it goes. And best luck.

Average of ratings: Useful (2)
In reply to David Mudrák

Re: Replace local users with mnet users

by David Bogner -
Picture of Core developers Picture of Plugin developers

Hi David,

thank you for this detailed workflow. We will test this in the next two weeks and I will write how it worked out.

Server C - Main server, Server A and B: future MNET hosts.

Some thoughts before testing ist:

  • Instead of restoring courses with all users from A and B on C, we could use a csv-file. Then there would be more possibilities of controling how users are created / updated on C.
  • Some persons already created accounts on C and B and A, so there could be overlapping accounts. And there is also a possibility that existing usernames on C are identical to A and/or B. The usernames could belong to the same real person, but could also belong to two different persons. That could be a risk to acquire a wrong identity. (We still have to evaluate if this risk is OK for us and how to proceed with identical usernames. A possibility is to only match users with identical username AND email)
  • For step 5: I think this could be done with a csv file too. According to http://docs.moodle.org/22/en/Upload_users the csv fields can contain an auth column, but mnethostid column is not mentioned, so updating mnethostid via csv has to be tested and is not guaranteed to work according to the moodle docs. In case it does not work, a mysql query should do it.

 

I will let you know how the tests worked out.

Best regards,

David

 

Average of ratings: -
In reply to David Bogner

Re: Replace local users with mnet users

by Vernon Spain -
Picture of Plugin developers Picture of Testers

Curious to know... How did you go David?

Regards,

V

Average of ratings: -
In reply to Vernon Spain

Re: Replace local users with mnet users

by David Bogner -
Picture of Core developers Picture of Plugin developers

Hi Vernon,


thank you for reminding me to feedback the outcome of the tests. In fact, if you have a no identical users on the two platforms to merge, the workflof described by David works perfectly.

We did tests and replacing the mnetuserid with the host changes the user to a remote user.

I thought this could be done with csv files. But uploading a csv file with mnethostid is not supported. So you have to do this step with a SQL-query that looks similar to this one

UPDATE mdl_user
SET auth='mnet', mnethostid=mnethostidgoeshere
WHERE msn='changetomnet'

(You have to be careful in this step: Do not change admins mnethostid!!) We marked all users that are to be changed to remote users in the msn field with "changetomnet". None of our users used the msn profile field, so for reasons of simplicity we decided to use the msn profile field (we downloaded all users as csv, then uploaded a csv file with the msn field set to "changetomnet" for users that should be mnet users), if your users use msn profile field, then do not do this, you could setup a custom user profile field, but the SQL query would be more complicated.


We have a more complexe situation because, the platforms we are merging have also identical users (some users are identical on A and B and C). So we find out first who are identical,...

For any further questions just contact me again.


Best regards,

David

Average of ratings: Useful (2)
In reply to David Mudrák

Re: Replace local users with mnet users

by Andrés Doria Corcho -

Hello David!

I'm in charge of administering several moodle instances in a local university where I work. Right now, there are one moodle instance per academic program -actually, 29-, so I think there's a lot of work and the administration becomes tedious and I think it's impractical, because one user -admin, student or teacher- have to log in with different -even being the same username and password- credentials to different moodle instances.

So, I've read about MNet and I've came up with a idea which I describe next:

I think that implementing a central moodle -moodle A- that act as the main moodle where the main information is displayed and where all the users of the university will have their credentials stored. The idea is that this moodle A won't have any academic courses. A moodle B, moodle C and moodle D will correspond to one faculty respectively -for example, Health, Science and Engineering-. This ones are the moodles that will have the active academic courses and where the users will be enrolled in via MNet and SSO. The enrolment method to be used is the External Database to keep our students synchronized with their courses.

Would be any difficulty with this approach? I'd appreciate any help, suggestions or best practices recomendations.

Thanks very much in advance!

Average of ratings: -