Auto enrolment using Active Directory groups

Auto enrolment using Active Directory groups

by aamran aamran -
Number of replies: 13

Dear All, 

We have recently started using Moodle with LDAP integration with an Active Directory server. Our student are usually enrolled on Intakes which include a number of course for example: 

Intake 1 has the following courses: 
- E-Commerce
- Marketing
- Team Project 
- Many more 

 

Intake 2 has the following courses: 
- Marketing 
- Finance
- Accounting
- many more 

 

Each intake will have a number of students enrolled on. The way we did this on moodle was to create Intakes as categories which will include the relevant courses. 

Now to enrol students to each course is a tedious task due to the large number of student and courses. Therefore we assign students to roles on the category level which does the trick. 

We would like to take this further to have less burden on the shoulders on the administrators by auto-entrolling students to roles on the category level of moodle using AD groups which are already assigned. 

Now to the question, Is there a way in moodle to auto assign students to roles on the category level using specific AD groups which are already being maintained by our network admins? 

 

I would appreciate your guidance. 

 

Thank you,

Average of ratings: -
In reply to aamran aamran

Re: Auto enrolment using Active Directory groups

by Iñaki Arenaza -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers
I'm afraid there's no way to do that in Moodle (without modifying the code).

Saludos.
Iñaki.
Average of ratings: -
In reply to Iñaki Arenaza

Re: Auto enrolment using Active Directory groups

by aamran aamran -

Thank you you for the reply Inaki. 

 

I will try to sync groups as cohorts as suggested below then post my findings! - Thanks again smile

Average of ratings: -
In reply to aamran aamran

Re: Auto enrolment using Active Directory groups

by Seb Harrington -

As Inaki says, there's no easy way to do this.

I have just spent two or three months looking in to something similar.

The best I can suggest is this project here: https://github.com/patrickpollet/moodle_local_ldap

This will allow you to sync AD groups as cohorts then associate the resulting cohorts to a course. Any new students then will automatically be enrolled into the correct courses (when the script is run).

Hope that helps you a bit further along!

Average of ratings: -
In reply to Seb Harrington

Re: Auto enrolment using Active Directory groups

by aamran aamran -

Thank you Seb ! 

If I can get groups as cohorts then this will really do the trick! .. Thank you for saving me days of trial and error ^ ^

Average of ratings: -
In reply to aamran aamran

Re: Auto enrolment using Active Directory groups

by Seb Harrington -

No problem. If you need help with what settings go in which box etc. then just ask - happy to provide a screen shot of what works for me!

Average of ratings: -
In reply to Seb Harrington

Re: Auto enrolment using Active Directory groups

by Patrick Pollet -

Hi,

       Glad to see that my scripts do work against AD. Since we do not have it here, I shall be more than happy to see samples of working configuration screens, maybe to add them to the documentation https://github.com/patrickpollet/moodle_local_ldap/wiki 

        Please note that similar scripts are available for Mahara <1.8  https://github.com/patrickpollet/mahara_ldap_sync . For Mahara 1.8 and above, they are now included in Mahara standard distribution https://mahara.org/interaction/forum/topic.php?id=5833

 

Cheers.

            

Average of ratings: -
In reply to Seb Harrington

Re: Auto enrolment using Active Directory groups

by aamran aamran -

Dear Seb, 

I copied over the plugin replacing ldap folder. Then I ran the script sync_cohorts.php and the script ran fine, however, no cohorts were created and the console screen showed 0 cohorts synced or something along these lines. 

I'm sure I have the wrong settings, I will appreciate sharing your settings to make it work! 

 

Appreciated. Thank you.

Average of ratings: -
In reply to aamran aamran

Re: Auto enrolment using Active Directory groups

by Patrick Pollet -

> I copied over the plugin replacing ldap folder.

Strange. These scripts should be located in local/ldap folder and not overwrite any existing ldap folder of standard Moodle distribution.

Cheers

Average of ratings: -
In reply to aamran aamran

Re: Auto enrolment using Active Directory groups

by Seb Harrington -

Hiya,

As Patrick says, the script should be extracted into moodle/local/ldap, you shouldn't need to overwrite anything. If you have backups I would suggest rolling back and placing the script in the suggested place.

My values for the script are as follows:

Verbose mode: unchecked

Group attribute: cn

Group class: group

Real user class: sAMAccountName 

Process nested groups: checked

Auto create missing cohorts: checked

Everything under the "Synch Moodle's cohorts with LDAP attribute" title is then left as is.

I'm assuming at this point you are also using LDAP Authentication. If this is the case you will need to check under Site Administration > Plugins > Authentication > LDAP Authentication and make sure the 'Contexts' has an ou of the location in AD where your groups you want to create exist e.g ou=Groups,dc=example,dc=local.

A couple of other things to note. 

I'm pretty sure the ID number specified under the LDAP Authentication settings (as above) has to match the 'Real user class:' specified above, however the value input in LDAP Authentication will reformat itself on submission where as the setting for 'Real user class:' is case sensitive and needs to be as specified.

Be aware this script will make cohorts for all groups with users in under the context you entered, which may extend the running time of the script. If you don't need all the groups you may want to look at making an dedicated ou for moodle groups.

I'm using LDAP enrolment as well at the moment, if this is something you want to look into or need help with then just ask.

Average of ratings: -
In reply to Seb Harrington

Re: Auto enrolment using Active Directory groups

by aamran aamran -

Dear Seb, 

First of all, I greatly appreciate your generous support. 

 

I have managed to get it a step further. Now I can see that the script is reading the groups' names correctly, however it fails to auto-create the cohorts saying that cohorts are empty. 

 

Message form script: 

.. 

.

processing LDAP group Intake14-Group2
not autocreating empty cohort Intake14-Group2
processing LDAP group Intake14-Group4
not autocreating empty cohort Intake14-Group4
processing LDAP group Intake15-Group1
not autocreating empty cohort Intake15-Group1
processing LDAP group Intake15-Group2
not autocreating empty cohort Intake15-Group2
processing LDAP group Intake16-Group1
not autocreating empty cohort Intake16-Group1
processing LDAP group Intake16-Group2
not autocreating empty cohort Intake16-Group2

..

 

I'm quite sure that these groups include students (Image attached of AD group Intake15-Group1)

 

Could you kindly let me know if i'm doing anything wrong here? - I'm quite new to moodle. Apologies. 

 

Thank you, 

Aamran

Attachment ADgroups.JPG
Attachment LDAPsettings.jpg
Average of ratings: -
In reply to aamran aamran

Re: Auto enrolment using Active Directory groups

by Seb Harrington -

Dear Aamran,

Please see below, I've included a copy of my LDAP settings which you included in your previous post.

The members of the intake groups you are trying to synchronise into moodle, are their primary groups in AD set to the the intake group?

Sorry for the late reply I've been away from my computer for the weekend.

Thanks,

Seb

Average of ratings: -
In reply to Seb Harrington

Re: Auto enrolment using Active Directory groups

by aamran aamran -

Dear Seb, 

I have change LDAP settings as you specified above. However, still I get the same error. 

Intake groups are not primary groups on our AD settings. 

 

I tried to create a dummy group, added some students to it and set that group to be primary. Then: 

1) ran sync_user.php script

2) ran sync_cohorts.php script

However, still I couldn't see any cohorts being synced. 

 

Apologies for my frequent questioning, but we are planning to go live with moodle only for this final issue. It will be a mountain climbing task to assign users manually and it will also require lots of maintenance in the future. 

 

Thank you,

Average of ratings: -
In reply to aamran aamran

Re: Auto enrolment using Active Directory groups

by Seb Harrington -

Hi,

I've uploaded a screengrab of all my LDAP settings:

  • LDAP Authentication
  • LDAP Enrolment
  • LDAP Cohort Sync

They are available here: http://cdal.co.uk/2013/12/05/moodle-ldap-setup-for-ldap-auto-enrolment/

I think you should be able to achieve what you're looking for with LDAP Enrolment (if you can't get cohort sync working)

The basics are:

You have two OUs in AD, one for student groups and one for teachers. Within these ou you have groups which represent courses. In your case, under students, you would make a group for each course and then add the intake group to each group. You would then need to make the same structure under the teacher OU and add teachers to those groups. One thing to watch out for is the pre windows 2000 group in AD. LDAP enrolment doesn't use these names but you can't have two groups with the same pre 2000 name in AD so I just append "- Student" or "- Teacher" depending on which OU they are in.

If you want further help on this then please let me know!

Thanks,

Seb

Average of ratings: Useful (1)