We've moodle authenticating with an LDAP authenticaton and this works wonderfully.
However, we're having some problems getting LDAP Enrolments working. My guess is that there's some error in my setup of the LDAP context variables. Perhaps with the Student enrolment settings and the Teacher enrolment settings?
Has anyone had success with setting up LDAP Enrollments? If so, would you be willing to attach a short sample .ldif-file that I can look over and load into LDAP to see how this is set up?
Any help with this is greatly appreciated.
Lars.
We are using posix-style "groups" for enrolment. Here's the code that produces the LDIFs from a Postgres database:
http://lists.eduforge.org/cgi-bin/archzoom.cgi/arch-eduforge@catalyst.net.nz--2004/sears-ldap--dev--1.0--patch-98/sears_pg2ldap.pl
http://lists.eduforge.org/cgi-bin/archzoom.cgi/arch-eduforge@catalyst.net.nz--2004/sears-ldap--dev--1.0--patch-98/sears_pg2ldap.pl
Hi Martin,
Thanks for your reply - I have been spending some time trying to replicate your setup from the link you provided, but I'm having some trouble reading the code. Is there any chance that you (or anyone else that has this working) could provide a short sample LDIF-file that works with moodle? A couple of students, teachers and courses would be enough to illustrate the mappings. This would be a great help for anyone trying to set up LDAP Enrolment.
Thanks again for your help.
Lars.
Thanks for your reply - I have been spending some time trying to replicate your setup from the link you provided, but I'm having some trouble reading the code. Is there any chance that you (or anyone else that has this working) could provide a short sample LDIF-file that works with moodle? A couple of students, teachers and courses would be enough to illustrate the mappings. This would be a great help for anyone trying to set up LDAP Enrolment.
Thanks again for your help.
Lars.
OK, below I've included my LDIF setup for LDAP Enrolment. When I login
as the student I expected to see the defined course pop up but nothing
happens when I login. Is my LDAP setup defined incorrectly? Any help or
pointers greatly appreciated.
I'm using a fresh moodle 1.5+ install for testing this, and I'm using LDAP authentication (which works fine).
A student: uid=astudent
A teacher: uid=ljensen
People.ldif:
version: 1
# LDIF Export for: ou=People,dc=localhost,dc=localdomain
# Generated by phpLDAPadmin on June 21, 2005 12:52 am
# Server: My LDAP Server (localhost)
# Search Scope: sub
# Total Entries: 4
# Entry 1: ou=People,dc=localhost,dc=localdomain
dn:ou=People,dc=localhost,dc=localdomain
ou: People
objectClass: top
objectClass: organizationalUnit
# Entry 2: uid=ljensen,ou=People,dc=localhost,dc=localdomain
dn:uid=ljensen,ou=People,dc=localhost,dc=localdomain
uid: ljensen
cn: Lars
sn: Jensen
userPassword: test
loginShell: /bin/bash
homeDirectory: /home/ljensen
shadowMin: -1
shadowMax: 999999
shadowWarning: 7
shadowInactive: -1
shadowExpire: -1
shadowFlag: 0
objectClass: top
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
gidNumber: 100001
uidNumber: 100001
# Entry 3: uid=astudent,ou=People,dc=localhost,dc=localdomain
dn:uid=astudent,ou=People,dc=localhost,dc=localdomain
uid: astudent
cn: Ajohn
sn: Student
userPassword: aaaaaaaaa
loginShell: /bin/bash
uidNumber: 50011
homeDirectory: /home/astudent
shadowMin: -1
shadowMax: 999999
shadowWarning: 7
shadowInactive: -1
shadowExpire: -1
shadowFlag: 0
objectClass: top
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
gidNumber: 50011
# LDIF Export for: ou=Enrolment,dc=localhost,dc=localdomain
# Generated by phpLDAPadmin on June 21, 2005 12:51 am
# Server: My LDAP Server (localhost)
# Search Scope: sub
# Total Entries: 2
# Entry 1: ou=Enrolment,dc=localhost,dc=localdomain
dn:ou=Enrolment,dc=localhost,dc=localdomain
ou: Enrolment
objectClass: top
objectClass: organizationalUnit
# Entry 2: cn=20051MATH152E01,ou=Enrolment,dc=localhost,dc=localdomain
dn:cn=20051MATH152E01,ou=Enrolment,dc=localhost,dc=localdomain
cn: 20051MATH152E01
gidNumber: 200000
objectClass: top
objectClass: posixGroup
memberUid: astudent
# LDIF Export for: ou=TeacherEnrolment,dc=localhost,dc=localdomain
# Generated by phpLDAPadmin on June 21, 2005 12:51 am
# Server: My LDAP Server (localhost)
# Search Scope: sub
# Total Entries: 2
# Entry 1: ou=TeacherEnrolment,dc=localhost,dc=localdomain
dn:ou=TeacherEnrolment,dc=localhost,dc=localdomain
objectClass: top
objectClass: organizationalUnit
ou: TeacherEnrolment
# Entry 2: cn=20051MATH152E01,ou=TeacherEnrolment,dc=localhost,dc=localdo...
dn:cn=20051MATH152E01,ou=TeacherEnrolment,dc=localhost,dc=localdomain
cn: 20051MATH152E01
gidNumber: 200000
objectClass: top
objectClass: posixGroup
memberUid: ljensen
enrol_ldap_student_memberattribute: memberUid
enrol_ldap_teacher_contexts: ou=TeacherEnrolment,dc=localhost,dc=localdomain
enrol_ldap_teacher_memberattribute: memberUid
enrol_ldap_objectclass: posixGroup
enrol_ldap_course_idnumber: cn
I'm using a fresh moodle 1.5+ install for testing this, and I'm using LDAP authentication (which works fine).
My setup:
One course: named 20051MATH152E01A student: uid=astudent
A teacher: uid=ljensen
My LDIF files for LDAP setup:
People.ldif:
version: 1# LDIF Export for: ou=People,dc=localhost,dc=localdomain
# Generated by phpLDAPadmin on June 21, 2005 12:52 am
# Server: My LDAP Server (localhost)
# Search Scope: sub
# Total Entries: 4
# Entry 1: ou=People,dc=localhost,dc=localdomain
dn:ou=People,dc=localhost,dc=localdomain
ou: People
objectClass: top
objectClass: organizationalUnit
# Entry 2: uid=ljensen,ou=People,dc=localhost,dc=localdomain
dn:uid=ljensen,ou=People,dc=localhost,dc=localdomain
uid: ljensen
cn: Lars
sn: Jensen
userPassword: test
loginShell: /bin/bash
homeDirectory: /home/ljensen
shadowMin: -1
shadowMax: 999999
shadowWarning: 7
shadowInactive: -1
shadowExpire: -1
shadowFlag: 0
objectClass: top
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
gidNumber: 100001
uidNumber: 100001
# Entry 3: uid=astudent,ou=People,dc=localhost,dc=localdomain
dn:uid=astudent,ou=People,dc=localhost,dc=localdomain
uid: astudent
cn: Ajohn
sn: Student
userPassword: aaaaaaaaa
loginShell: /bin/bash
uidNumber: 50011
homeDirectory: /home/astudent
shadowMin: -1
shadowMax: 999999
shadowWarning: 7
shadowInactive: -1
shadowExpire: -1
shadowFlag: 0
objectClass: top
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
gidNumber: 50011
(Student) Enrolment.ldif:
version: 1# LDIF Export for: ou=Enrolment,dc=localhost,dc=localdomain
# Generated by phpLDAPadmin on June 21, 2005 12:51 am
# Server: My LDAP Server (localhost)
# Search Scope: sub
# Total Entries: 2
# Entry 1: ou=Enrolment,dc=localhost,dc=localdomain
dn:ou=Enrolment,dc=localhost,dc=localdomain
ou: Enrolment
objectClass: top
objectClass: organizationalUnit
# Entry 2: cn=20051MATH152E01,ou=Enrolment,dc=localhost,dc=localdomain
dn:cn=20051MATH152E01,ou=Enrolment,dc=localhost,dc=localdomain
cn: 20051MATH152E01
gidNumber: 200000
objectClass: top
objectClass: posixGroup
memberUid: astudent
TeacherEnrolment.ldif:
version: 1# LDIF Export for: ou=TeacherEnrolment,dc=localhost,dc=localdomain
# Generated by phpLDAPadmin on June 21, 2005 12:51 am
# Server: My LDAP Server (localhost)
# Search Scope: sub
# Total Entries: 2
# Entry 1: ou=TeacherEnrolment,dc=localhost,dc=localdomain
dn:ou=TeacherEnrolment,dc=localhost,dc=localdomain
objectClass: top
objectClass: organizationalUnit
ou: TeacherEnrolment
# Entry 2: cn=20051MATH152E01,ou=TeacherEnrolment,dc=localhost,dc=localdo...
dn:cn=20051MATH152E01,ou=TeacherEnrolment,dc=localhost,dc=localdomain
cn: 20051MATH152E01
gidNumber: 200000
objectClass: top
objectClass: posixGroup
memberUid: ljensen
Moodle LDAP Enrolment Configuration:
enrol_ldap_student_contexts: ou=Enrolment,dc=localhost,dc=localdomainenrol_ldap_student_memberattribute: memberUid
enrol_ldap_teacher_contexts: ou=TeacherEnrolment,dc=localhost,dc=localdomain
enrol_ldap_teacher_memberattribute: memberUid
enrol_ldap_objectclass: posixGroup
enrol_ldap_course_idnumber: cn
Looks good to me -- nothing obviously wrong.
I would try first just creating the course manually, and assigning it the matching idnumber. The other thing to do is to start the LDAP server (slapd) with an interesting debug setting. I think slapd -d 239 or somewhere around there would show all the incoming queries.
Don't underestimate the posibility of a bug in my code
I would try first just creating the course manually, and assigning it the matching idnumber. The other thing to do is to start the LDAP server (slapd) with an interesting debug setting. I think slapd -d 239 or somewhere around there would show all the incoming queries.
Don't underestimate the posibility of a bug in my code
I've been away in an all-day-meeting, disappeared from the RealWorld. Rereading your config settings, and the warning you mentioned (about ldap_search_sub), it may actually be a valid hint, instead of the harmless warning I thought it was.
That setting must be being saved in the config table with a different name (enrol_ldap_search_sub?), check what is the actual name and perhaps hack the enrol/ldap code -- there it says $CFG->ldap_search_sub replace it with $CFG->enrol_ldap_search_sub.
That setting must be being saved in the config table with a different name (enrol_ldap_search_sub?), check what is the actual name and perhaps hack the enrol/ldap code -- there it says $CFG->ldap_search_sub replace it with $CFG->enrol_ldap_search_sub.
Hi Martin,
If I issue a
grep ldap_search_sub * | grep CFG
in moodle/enrol/ldap, I get
enrol.php: if ($CFG->enrol_ldap_search_sub){
enrol.php: if ($CFG->enrol_ldap_search_sub){
so I don't think this is the problem. The debug error message indicates that it has to do with the $form variable. So I poked around, and changed
choose_from_menu ($choices, "enrol_ldap_search_sub", $form->enrol_ldap_search_sub, "");
in config.html to
choose_from_menu ($choices, "enrol_ldap_search_sub", $frm->enrol_ldap_search_sub, "");
and the error went away... But it doesn't look like this solves my original problem of no course creation...
Further, I noticed another problem on the LDAP Enrollment configuration page:
If I try to change any of the default values for "Update local data" or "Lock value" to "Yes", the changes doesn't stick after saving. Values are reversed back to "No."...
Lars.
If I issue a
grep ldap_search_sub * | grep CFG
in moodle/enrol/ldap, I get
enrol.php: if ($CFG->enrol_ldap_search_sub){
enrol.php: if ($CFG->enrol_ldap_search_sub){
so I don't think this is the problem. The debug error message indicates that it has to do with the $form variable. So I poked around, and changed
choose_from_menu ($choices, "enrol_ldap_search_sub", $form->enrol_ldap_search_sub, "");
in config.html to
choose_from_menu ($choices, "enrol_ldap_search_sub", $frm->enrol_ldap_search_sub, "");
and the error went away... But it doesn't look like this solves my original problem of no course creation...
Further, I noticed another problem on the LDAP Enrollment configuration page:
If I try to change any of the default values for "Update local data" or "Lock value" to "Yes", the changes doesn't stick after saving. Values are reversed back to "No."...
Lars.
Strange. Regardless of the form, what you actually care the most about is what makes it to the config table, and how that relates to the $CFG->something entries in the code of enrol/ldap/enrol.php
My config table looks roughly like this, but I'm using a different, earlier version of plugin:
select name,value from mdl_config where name like 'enrol%';
name | value
------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
enrol | ldap
enrol_allowinternal | on
enrol_ldap_autocreate | 1
enrol_ldap_bind_dn |
enrol_ldap_bind_pw |
enrol_ldap_category | 2
enrol_ldap_course_fullname | description
enrol_ldap_course_idnumber | cn
enrol_ldap_course_shortname | cn
enrol_ldap_course_summary |
enrol_ldap_host_url | ldap://server/
enrol_ldap_objectclass | posixGroup
enrol_ldap_search_sub | 0
enrol_ldap_student_contexts | ou=Enrolment,dc=someorg,dc=ac,dc=nz
enrol_ldap_student_memberattribute | memberUid
enrol_ldap_teacher_contexts | ou=TutorEnrolment,dc=someorg,dc=ac,dc=nz
enrol_ldap_template | TEMPLATE01
enrol_ldap_user_memberfield |
enrol_ldap_version | 3
enrol_localcoursefield |
My config table looks roughly like this, but I'm using a different, earlier version of plugin:
select name,value from mdl_config where name like 'enrol%';
name | value
------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
enrol | ldap
enrol_allowinternal | on
enrol_ldap_autocreate | 1
enrol_ldap_bind_dn |
enrol_ldap_bind_pw |
enrol_ldap_category | 2
enrol_ldap_course_fullname | description
enrol_ldap_course_idnumber | cn
enrol_ldap_course_shortname | cn
enrol_ldap_course_summary |
enrol_ldap_host_url | ldap://server/
enrol_ldap_objectclass | posixGroup
enrol_ldap_search_sub | 0
enrol_ldap_student_contexts | ou=Enrolment,dc=someorg,dc=ac,dc=nz
enrol_ldap_student_memberattribute | memberUid
enrol_ldap_teacher_contexts | ou=TutorEnrolment,dc=someorg,dc=ac,dc=nz
enrol_ldap_template | TEMPLATE01
enrol_ldap_user_memberfield |
enrol_ldap_version | 3
enrol_localcoursefield |
Hi Martin,
My table is almost identical. The only change is that I have a
enrol_ldap_teacher_memberattribute, which is set to memberUid
and my enrol_ldap_category is set to 1 (not 2). -I tried to change this setting to 2, but this didn't cause any courses to be created either...
If you're saying "OK" to my LDAP setup above, I'm at a loss why this isn't working. Any other ideas?
Lars.
My table is almost identical. The only change is that I have a
enrol_ldap_teacher_memberattribute, which is set to memberUid
and my enrol_ldap_category is set to 1 (not 2). -I tried to change this setting to 2, but this didn't cause any courses to be created either...
If you're saying "OK" to my LDAP setup above, I'm at a loss why this isn't working. Any other ideas?
Lars.
No idea either. Do you want to give the original codebase a try? Get from here http://lists.eduforge.org/cgi-bin/archzoom.cgi/arch-eduforge@catalyst.net.nz--2004/moodle--eduforge--1.3.3--patch-626.tar.gz it is the "Eduforge" custom version of 1.4.x.
You probably won't want to use it directly, but if it works, you can replace the enrolment plugin in 1.5 with that one. Let me know if it works.
You probably won't want to use it directly, but if it works, you can replace the enrolment plugin in 1.5 with that one. Let me know if it works.
Hi Martin.
Thanks for the pointer. I installed above version, and at first i was unable to login until I changed line 460 of enrol.php from,
if (!ldap_bind($ldap_connection, $CFG->enrol_ldap_bind_dn,$CFG->enrol_ldap_bind_dn)){
to
if (!ldap_bind($ldap_connection, $CFG->enrol_ldap_bind_dn,$CFG->enrol_ldap_bind_pw)){
After this I was able to login, but still no course creation....
Lars.
Thanks for the pointer. I installed above version, and at first i was unable to login until I changed line 460 of enrol.php from,
if (!ldap_bind($ldap_connection, $CFG->enrol_ldap_bind_dn,$CFG->enrol_ldap_bind_dn)){
to
if (!ldap_bind($ldap_connection, $CFG->enrol_ldap_bind_dn,$CFG->enrol_ldap_bind_pw)){
After this I was able to login, but still no course creation....
Lars.
Lars,
does it work if the course already exists with the matching code in idnumber? I am flat out at the moment with Eduforge-related development work (preview at http://ng.eduforge.org/ ) so I can't do much testing at this end. The code you have (the custom Moodle) is our production code, and has been doing LDAP enrolments since November.
Hmmm. I am not sure whether course _creation_ happens when users login. It *may* depend on running the enrolment cron. Shouldn't be the case, but I don't remember.
does it work if the course already exists with the matching code in idnumber? I am flat out at the moment with Eduforge-related development work (preview at http://ng.eduforge.org/ ) so I can't do much testing at this end. The code you have (the custom Moodle) is our production code, and has been doing LDAP enrolments since November.
Hmmm. I am not sure whether course _creation_ happens when users login. It *may* depend on running the enrolment cron. Shouldn't be the case, but I don't remember.