Authentication

Moodle 2.5.: LDAP paged results not supported eventhough LDAP 3 and PHP 5.3.25

 
 
Picture of Iñaki Arenaza
Re: Moodle 2.5.: LDAP paged results not supported eventhough LDAP 3 and PHP 5.3.25
Group DevelopersGroup Documentation writersGroup Particularly helpful Moodlers

Hi Monica,

LDAP paged results are not only used/needed with MS AD. The feature can be used with any LDAP server that supports that feature (which is quite useful if you deal with a large number of users, as it alleviates the load on the LDAP server for large queries).

That's why Moodle shows the message, so you know that you could benefit from the feature if you complied with the requirements. It's neither a warning nor an error, just an informative message and everything should work as usual. I.e., if it worked before this feature went into Moodle, it will work now aswell. And if you had trouble before with large user bases (as was notably the case with MS AD, but again this is not specific to MS AD, as all LDAP servers have limits on the number of "objects" they will return) it will be able to work now, provided you fulfill the conditions to enable the feature.

Answering your specific question (how do I get rid of it?), there's no way to do it unless you edit the code (or you install a suitable PHP version and configure the LDAP plugin to use version 3 of the protocol smile)

Saludos. Iñaki.

 
Average of ratings:Useful (1)
Picture of Monica Franz
Re: Moodle 2.5.: LDAP paged results not supported eventhough LDAP 3 and PHP 5.3.25
 

Hi Inaki!

You took a load off my mind! Thank you, I'll just ignore the message as we are

running LDAP 3 and PHP 5.3.25!

Thanks agian!

Cheers,

Monica

 
Average of ratings: -
Picture of Esteban Naranjo
Re: Moodle 2.5.: LDAP paged results not supported eventhough LDAP 3 and PHP 5.3.25
 

Buenas tardes,

Resulta que he montado un nuevo sitio con la versión 2.5 y quiero importar mis usuarios de AD, pero el sitio me presenta este mensaje y según la documentación, debería actualizar PHP a la versión 5.4, actualmente tengo la versión 5.3.3, existe algún problema si ejecuto el script de importación, que de paso no sé donde está en CentOS, me vendría bien una pequeña ayuda en como importar usuarios ldap desde linux.

Agradecido de cualquier ayuda,

 

Ing. Esteban Naranjo

 
Average of ratings: -
Picture of Yvonne Hamilton
Re: Moodle 2.5.: LDAP paged results not supported eventhough LDAP 3 and PHP 5.3.25
 

Hi, I'm still confused. We have just upgraded a test server from 2.1 to 2.5 and LDAP worked just fine in 2.1 but not once we upgraded. PHP 5.3.3 is installed and version 3 selected but LDAP accounts cannot log in and we get the warning LDAP paged results not supported (either your PHP version lacks support or you have configured Moodle to use LDAP protocol version 2) . The Page Size setting on the LDAP page (has a value of 250 and is greyed out) is new since Moodle 2.1and seems to tie in with syncronisation....our users get their accounts created at first login not via an AD sync process so does this apply to us too? The documentation around what sync does is confusing so can someone advise? does with value still need changing to a higher value if our users get their accounts created at first login? We have 100's of users spread out over multiple OU's in AD.

Regards,

Yvonne

 
Average of ratings: -
Picture of Iñaki Arenaza
Re: Moodle 2.5.: LDAP paged results not supported eventhough LDAP 3 and PHP 5.3.25
Group DevelopersGroup Documentation writersGroup Particularly helpful Moodlers
I'll restate it again: this is not a warning, just an informative notice smile

The code checks if you fulfill all the requirements to benefit from using paged results. If you don't, it tells you so. And doesn't try to use paged results at all, falling back to using the same code that was used before introducing this feature. So either your Moodle site works as before, or gets additional benefits. But never works in inferior conditions compared to older versions of Moodle.

This feature is used (if it can be used at all) especially in the synchronization code (both for LDAP authentication and LDAP enrolment), where queries can return lots of answers. So accounts created at first login should be unaffected by this feature.

By the way, if paged results can't be enabled (you don't fulfill the requirements), the page size setting is disabled (greyed out) and is not used at all. So you can't modify it (it doesn't make sense anyway).

On the other hand, if paged results are enabled, you can choose the page size. You should ideally make it as large as possible, as the larger it is, the more efficient the LDAP queries are. But you need to know the maximum page size your LDAP server allows, because if you specify a page size larger than your LDAP server page size limit, things won't work!. The default page size (250) is very conservative, as it tries to guarantee that using the default value will work with (almost) any LDAP server by default.

Saludos.
Iñaki.
 
Average of ratings:Useful (1)
Sketch...
Re: Moodle 2.5.: LDAP paged results not supported eventhough LDAP 3 and PHP 5.3.25
Group Particularly helpful Moodlers

Thanks Iñaki.

You said "if paged results can't be enabled..." - do you mean "can't be enabled on Active Directory" or is that a Moodle setting?

Does it matter which version of PHP you are running, does paged results require a specific version of PHP?

 
Average of ratings: -
Picture of Iñaki Arenaza
Re: Moodle 2.5.: LDAP paged results not supported eventhough LDAP 3 and PHP 5.3.25
Group DevelopersGroup Documentation writersGroup Particularly helpful Moodlers

Hi Luis,

It's neither an Active Directory setting (I think you can't disable it, and its enabled by default) nor a Moodle setting. It's a PHP feature that is only present in PHP 5.4 and later versions (previous versions lack the required functionality).

Moodle only checks that the required PHP functions are available (ldap_control_paged_result() and ldap_control_paged_result_response()) and that you have configured the plugin to use version 3 of the LDAP protocol (paged results are not supported when using version 2).

Saludos. Iñaki.

 
Average of ratings: -
Sketch...
Re: Moodle 2.5.: LDAP paged results not supported eventhough LDAP 3 and PHP 5.3.25
Group Particularly helpful Moodlers

So, if you're using LDAP authentication then the minimum requirements for Moodle 2.5 is actually PHP version 5.4, not version 5.3.3 as is currently stated on http://download.moodle.org/? Is that correct?

 
Average of ratings: -
Sketch...
Re: Moodle 2.5.: LDAP paged results not supported eventhough LDAP 3 and PHP 5.3.25
Group Particularly helpful Moodlers

I have a test server (copy of production) running:

  • Windows Server 2008 R2 Std SP1
  • PHP 5.3.8
  • Moodle 2.0.4+

It is setup with LDAP authentication (version 3 of the LDAP protocol) and users were able to login with their LDAP/Active Directory credentials. No problem. LDAP authentication worked fine for 5 years...

Then I upgraded that instance of Moodle to version 2.5.2+ Build: 20131101 (via an intermediate upgrade to 2.2.11). After the upgrade to 2.5.2 we are no longer able to login with those same LDAP/Active Directory credentials.

The /admin/auth_config.php?auth=ldap page displays the "LDAP paged results not supported (either your PHP version lacks support or you have configured Moodle to use LDAP protocol version 2)" message. I have confirmed that version 3 of the LDAP protocol is selected.

The Bind and User lookup settings are identical to what they were before the upgrade and LDAP/Active Directory authentication was working.

So, if the message is not a warning, just an informative notice and nothing has changed in my environment (apart from the upgrade to Moodle 2.5.2) then why has the LDAP authentication stopped working?

 
Average of ratings: -
Picture of Iñaki Arenaza
Re: Moodle 2.5.: LDAP paged results not supported eventhough LDAP 3 and PHP 5.3.25
Group DevelopersGroup Documentation writersGroup Particularly helpful Moodlers

Hi Luis,

I don't know why LDAP authentication has stopped working. But there have several changes and feature additions to LDAP auth between 2.0.4+ and 2.5.2+ and any of those could be the reason why it doesn't work any more.

Can you enable full developer debugging and see if anything stands out? If nothing stands out, we could add some additional debugging statements to see what could be going on.

Saludos. Iñaki.

 
Average of ratings: -
Mt. Fuji
Re: Moodle 2.5.: LDAP paged results not supported eventhough LDAP 3 and PHP 5.3.25
 

Hello,

I am joining this discussion mid way through and hope that my inquiry is related to this thread but I'm not sure.

I am using LDAP authentication to create user accounts and authenticate at login. Passwords are not being stored in Moodle. I am on Moodle 2.4.5+ with PHP 5.3.3

I get the "LDAP paged results not supported...." message and have been ignoring it. Our initial LDAP sync worked fine and all user accounts were created. The script runs nightly at 3:04 a.m. Nothing changes unless and account is added, deleted, or modified so normally the script is fast and doesn't do anything as we only make changes to the LDAP data a few times a year.

Anyway, my problem is that a small group of users in our system are not able to login to our Moodle site with the account that is being synced from the LDAP server. The same account is used for their school gmail accounts and they can access those gmail accounts without any problem so there is no question about the accuracy of the information being used. I cannot figure out why only a small group of students is not able to access our site when most of them can....? I have sat down with a student and watched her login to gmail successfully and then try to log into our Moodle site with the same information and have the login fail. 

I noticed that the address that appears in the browser window after the login attempt fails ends with: authldap_skipntlmsso=1

I have no idea if that is a clue to the problem but....

Does anyone have any suggestions for how I might proceed in terms of troubleshooting? 

Any advice will be appreciated.

Jason

 
Average of ratings: -
Mt. Fuji
Re: Moodle 2.5.: LDAP paged results not supported eventhough LDAP 3 and PHP 5.3.25
 

Dear all,

Please ignore my previous inquiry. (I guess you were wink). I figured out the root of my problem and it had nothing to do with our Moodle installation. The school that I work at had/has two LDAP servers running side by side but the one I was allowed access to is/was not updated with the most current data. Why they don't have them synced is beyond me but.....at any rate, sorry for the inquiry that ended up not being related to Moodle in any shape or form.

Jason

 
Average of ratings: -