How can I limit authentication to existing users?

How can I limit authentication to existing users?

by Mike Z -
Number of replies: 6

Hello!

I need your help please. It seems that when a user tries to login to Moodle, Moodle tries to authenticate that user even if the login name does not exist in the mdl_user table.  If the authentication method (a custom authentication plugin in our case) returns a positive result, then Moodle creates an entry in mdl_user, and then asks the user to fill in their profile information ("Please tell us more about yourself").

It seems from reading the forums here that this behaviour is normal for Moodle, and not something specific to our authentication plugin. (Please correct me if I am wrong).

However - this behaviour is not what we want. We want to only authenticate existing users, and not allow people to create their own Moodle accounts directly. We have our own process for creating Moodle accounts.

Is there a way to turn off this feature? i.e. to prevent someone from creating a new Moodle account just by authenticating?

Many thanks for your help,

Mike

 

Average of ratings: -
In reply to Mike Z

Re: How can I limit authentication to existing users?

by Iñaki Arenaza -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers

Hi,

If you go to "Site administration >> Plugins >> Authentication >> Manage authentication", you can use the "Prevent account creation when authenticating" setting to control this behaviour.

Saludos. Iñaki.

Average of ratings: -
In reply to Iñaki Arenaza

Re: How can I limit authentication to existing users?

by Mike Z -

Muchas gracias Iñaki.

We are using Moodle 1.9.  I don't see the option you describe, but I do see:

Self registration
"If an authentication plugin, such as email-based self-registration, is selected, then it enables potential users to register themselves and create accounts. This results in the possibility of spammers creating accounts in order to use forum posts, blog entries etc. for spam. To avoid this risk, self-registration should be disabled or limited by Allowed email domains setting."

However this setting is already set to Disabled, so I am surprised by the behaviour described in my original post.

Any thoughts for 1.9? 

Saludos,
Mike

 

Average of ratings: -
In reply to Mike Z

Re: How can I limit authentication to existing users?

by Iñaki Arenaza -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers
Hummm, this was developed for Moodle 2.x (I think 2.3 and above), so 1.9 doesn't have that feature.

If you want to backport it yourself, these are the relevant bug fixes: MDL-29093 and MDL-34101

You can look for those bug numbers in git commits to find out the actual changes.

Saludos.
Iñaki.
Average of ratings: -
In reply to Iñaki Arenaza

Re: How can I limit authentication to existing users?

by Mike Z -

Ok, thanks Iñaki - I really appreciate your help on this.

If it was my Moodle instance, I'd go ahead with your suggested approach.  Unfortunately it is an instance that belongs to a client of mine, and they won't go for this - they are too risk averse for this approach. 

So I will continue to encourage them to upgrade to the latest version of Moodle - this being another reason on the list.  (Of course, they are also averse to upgrading! smile  )

Muchas gracias,

Mike

 

Average of ratings: -
In reply to Mike Z

Re: How can I limit authentication to existing users?

by Iñaki Arenaza -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers
I'm pretty sure you already know this, but I wonder if they know Moodle 1.9 is in critical security bugfix only mode, and only until Dec. 2013. And after that, they'll be alone in the cold dark outside smile

Saludos.
Iñaki.
Average of ratings: -
In reply to Mike Z

Re: How can I limit authentication to existing users?

by Robert Brenstein -
Should you need to implement this in Moodle 1.9 after all, the following may help: MDL-12604 (option to prevent creation of new accounts even if user authenticates in external source -- a working implementation for pop and imap authentication).
Average of ratings: -