LDAP confirming accounts

LDAP confirming accounts

by Dave Stone -
Number of replies: 6


1)
A new staff member arrived today.
She logged into Moodle for the first time, which creates the account (with LDAP password auth).
She filled out the profile with her email, and got the profile message about 'pending email address change'.

Moodle did not send out the confirmation email, and I'll look into that as a separate issue.

My problem is this:

I said to her that I'll just confirm her account through admin.

However, using the confirm = no filter in the bulk user actions page, it did not display her in the results.
So Moodle somehow (wrongly) thought that her account was already confirmed(?)

I then searched for the name and added her to the selection, and selected 'confirm'.
But this did not confirm her account, so she still could not enter courses and got thrown back to her profile page.

2)
Also, I'm stuck with this further issue: Suppose I mess about with different stuff trying to confirm her account.
If the 'confirm' filter is untrustworthy, how am I supposed to ascertain whether a user has been successfully
confirmed? We're using LDAP and I have no access to the list of passwords, so I can't temporarily log in as her
to test the account is working. I can't think of another way to test whether someone can access their account,
except for sitting beside them while they try to log on. We've always got a dozen or so students who claim to
not be able to login, so I need to be able to routinely test accounts are working.

Any ideas and troubleshooting advice?

Thanks.

(Edited by Mary Cooch to clarif title - original submission Wednesday, 14 October 2015, 7:59 PM)

Average of ratings: -
In reply to Dave Stone

Re: LDAP confirming accounts

by Mary Cooch -
Picture of Documentation writers Picture of Moodle HQ Picture of Particularly helpful Moodlers Picture of Testers Picture of Translators

Hi again - sorry I don't know anything about LDAP so I can't help on that score but you dont need to know people's passwords as an admin to log in as them. Click on their profile and you should see a link in the admin block on the side 'Log in as'.

Also, as admin when I want to confirm an account, I go to Site administration >Users >Browse list of users and search for a user by name/email/username whatever and then when I filter them I see the 'confirm' link to the side of their account to confirm. (I assumed if you log in via LDAP that made your account automatically confirmed, but perhaps I am wrong.)

Likewise, as admin I can edit someone's profile and change their email for them if they don't receive the email change confirmation email (which is perhaps what you meant.) You should  be able to do that but again - LDAP might act differently or have an effect on this.

Average of ratings: -
In reply to Mary Cooch

Re: LDAP confirming accounts

by Dave Stone -

> I don't know anything about LDAP

In my role as back-end admin, it doesn't change anything except the password field.
Basically, the password field is always ignored and empty.
LDAP doesn't change the fact that when a user logs in for the first time, their moodle
account is created, and a confirmation email is supposed be sent out to the address
they specify after filling out their profile.

> Click on their profile and you should see a link in the admin block on the side 'Log in as'.

I didn't notice that! That's very useful for accounts that are working normally. I wonder if what
I see as admin reflects unconfirmed accounts though - logged in as the new teacher, I expected
to be unconfirmed, 'pending email' and stuck at the profile page as she was four hours ago.

However, logged in as her just now I could use the site as though she was confirmed.
Either this feature doesn't reflect the true status or the account, or her account is fixed.
I'll be able to confirm which tomorrow.


> when I filter them I see the 'confirm' link to the side of their account to confirm

Nope. Never seen that. I have to choose 'confirm' from the actions dropdown box.


> I can edit someone's profile and change their email for them if they don't receive the email
> change confirmation email

So editing the profile as admin automatically confirms the information/account?
I'll need to test that. I know creating an account as admin automatically confirms it.
But editing the account that she created didn't seem waiver the confirmation process.

Average of ratings: -
In reply to Dave Stone

Re: LDAP confirming accounts

by Visvanath Ratnaweera -
Picture of Particularly helpful Moodlers Picture of Translators
Hi

Since the experts are having a break, I'll take a shot: "For Moodle the LDAP database is fully read-only". Would that help?
Average of ratings: -
In reply to Dave Stone

Re: LDAP confirming accounts

by Emma Richardson -
Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Plugin developers

1.  Depending on how you set up the LDAP authentication, it can change all kinds of fields including password, email, etc...you just need to map the fields.  The password field remains empty unless you select to store passwords in Moodle (not really a good idea).  You can update passwords in Moodle and they will be reflected in LDAP if the bind user has write permissions and if using MSAD, you are using ldaps.

2.  Login as normally does reflect the true status so I believe this is fixed.

4.  If you update a user's email that is in the pending email verification mode, it DOES automatically verify their account and fixes the issue.  You need to edit it in Moodle and make sure that the LDAP is mapping and syncing the email address across so that LDAP doesn't update it incorrectly on next login or sync.




Average of ratings: Useful (1)