Authentication

 
 
Picture of Robert Rutta
Username Change with External Database Authentication
 

My school is planning to switch from manual authentication to external database to tie in with an SIS we are setting up. Everything tests great, except that I noticed that, when a username is changed in the external db, Moodle attempts to create a duplicate account for the user. Is there a way to prevent this, or at least to make the maintenance effort manageable?

Thanks!

 
Average of ratings: -
Picture of Andrea Bicciolo
Re: Username Change with External Database Authentication
Group DevelopersGroup Particularly helpful MoodlersGroup TestersGroup Translators
Hi Robert,

if you do not want Moodle automatically create users upon authentication against an external backend, you could try to set to No "Prevent account creation when authenticating | authpreventaccountcreation" in Site administration > Plugins > Authentication > Manage authentication. This setting is available from Moodle 2.1 onwards.

 
Average of ratings: -
Picture of Robert Rutta
Re: Username Change with External Database Authentication
 

I had thought of that. However, we would like the external database to create accounts so that when new students enroll we don't have to do the job twice. Any other ideas?

 
Average of ratings: -
Picture of David Aylmer
Re: Username Change with External Database Authentication
 

It's an ongoing flaw with the external db authentication to key on username rather than idnumber.

In your example it manifests as creating duplicates - but it creates other varied problems too, related to mutable usernames.

A solution is to modify the auth and sync to key on idnumber, and populate the idnumber with the primary key of your external database, and ensure idnumber is locked to editing. That way the sync will update the username where the idnumber matches.

Sorry I can't thnk of a simpler solution to this problem.

 
Average of ratings:Useful (1)
Picture of Calvin Bu
Re: Username Change with External Database Authentication
 

Hello David,

Your solution to prevent the duplicate user record when authenticate with an external DB. I am new to Moodle, so I don't understand what you mean by saying "modify the auth and sync to key on idnumber". Would you please explain to me more in detail on how to do this.

Thanks,
Calvin 

 
Average of ratings: -
Picture of Lluís Forns Puigmartí
Re: Username Change with External Database Authentication
 

I have also seen this problem. I could try to modify my local installation of moodle, but the problem would reappear when updating.

Could this be posted as a bug?

 
Average of ratings: -
Picture of David Aylmer
Re: Username Change with External Database Authentication
 

If you open up the file: /auth/db/auth.php and look at the comments to the function sync_users you'll notice this: 

 * Sync should be done by using idnumber attribute, not username.

And that comment has been there for over 5 years smile

You'll want to:
- Change the call to get_userlist() to retrieve a list of idnumbers rather than usernames
- Change the obsolete users check to look at idnumbers rather than usernames
- If you remove users, to do it based on idnumbers rather than usernames
- When updating... to updated based on idnumbers rather than usernames

etc etc...

You might also want to change config.html because you're not interested in 'fielduser' but interested in the external database key field (idnumber) - which shouldn't ever be the username if the username is mutable in your external database (as it probably is in nearly every case).

Or you could wait until it gets fixed (it probably won't get fixed)

 
Average of ratings: -
Picture of David Aylmer
Re: Username Change with External Database Authentication
 

Thinking about this again. To get around this flaw, you could potentially add a database trigger to update the original record with the new username if the idnumber field matches. Just make sure you're populating mdl_user.idnumber with the primary key of your external database.

That could work. Probably better to fix the sync code though... 

 
Average of ratings: -
Picture of Lluís Forns Puigmartí
Re: Username Change with External Database Authentication
 

I was trying to change sync function to, prior to delete/disable a user, check if username was changed. But my function fails when trying to update username (database write error). Any hint?

                    //check if user changed username
                    $user_changed_name=FALSE;
                    if (!empty($user->idnumber)) {
                        $authdb = $this->db_init();
                        $sql="SELECT ".$this->config->field_map_idnumber." AS idnumber , ".$this->config->fielduser." AS username
                                                     FROM {$this->config->table}
                                                     WHERE ".$this->config->field_map_idnumber." = '".addslashes($user->idnumber)."'";
                        $rs = $authdb->GetRow($sql);
                        if ($rs) {
                            $updateuser = new stdClass();
                            $updateuser->id   = $user->id;
                            $updateuser->username = $rs['username'];
                         print_r($updateuser);
                            $authdb->update_record('user', $updateuser);
                            $user_changed_name = TRUE;
                          }
                          $authdb->Close();
                    }

 

I could post full file if needed

 

 
Average of ratings: -
Picture of Lluís Forns Puigmartí
Re: Username Change with External Database Authentication
 

I solved the problem. I added a bug and posted my solution (don't know if this is the best way to do so).

 

https://tracker.moodle.org/browse/MDL-41642

 
Average of ratings: -