Here's what I'd like to see from an LDAP Enrolment plugin - it's a bit different from what happens now, but I wonder if what I want maybe exists elsewhere? Here goes:
As administrator, I want to point my entire moodle installation at an ldap server which holds generic LDAP information about every single user on campus. When my moodle installation looks to grab a list of "potential students", I want that list to come from the LDAP server. Just list all of the users in there.
What this essentially accomplishes is:
1. Gets me out of the job of maintaining a very large text file on behalf of the professors, who really should be able to do this themselves on a per-course basis.
2. Keeps professors from having to give out an enrollment key which is not unique to any one user, and thus can be handed out randomly without any way of knowing who handed out their key.
3. Allows profs to go to the "Enrol Students" page, and see all users in the ldap server in the "potential students" box. Then they can add students to their courses without my being involved whatsoever, and they don't have to send me email for any of this
I realize this feature wouldn't be useful for many online sites and other places, but if you're at a university and all of the possible students are in one place, it would seem that we should be able to use it!
You don't need to use enrol/ldap after that, as LDAP does't contain enrolment info.
you can run it "never" and that's really healthy
This script is quite aggressive with the LDAP server and the Moodle DB, so I'd use it sparingly. We actually run it daily on our main install right after the LDAP directory gets updated --- there's a batch job that updates LDAP, and then calls
The main benefit of this script is that user accounts are generated now instead of waiting until users login.
Also, it appears data pulled from LDAP such as profile fields automatically populated with container tuples such as surname only seem to update when the user himself authenticates (i.e. simply viewing the profile page or even clicking the "login as" button does not) - is this correct or symptomatic of a misconfiguration.
This shouldn't happen. It's either a bug or a misconfiguration. I've fixed some stuff yesterday in 1.5.2+, can you update to it? If you file a bug and assign it to me (With a lot of detail on your config) or just post a new thread in this forum, we'll get it resolved.
Finally I have noticed that ldap fields do not seem to be properly escaped: we have had several problems with users having apostrophes in their username, password and even firstname/lastname ldap fields used to automatically fill the profile (error along the lines of badly formatted ldap query string) - again is this a configuration problem (magic_quotes which I have been hesitent to turn on)?
Also possible bug somewhere. They should be escaped, and they are, as far as I can see. But good quality bug reports are always welcome. Remember to try with the latest 1.5.2+ (soon to be 1.5.3!)
As an aside, whilst we use LDAP for authentication, our enrolment system adds a separate form onto the user/edit page so that the user can select a corresponding record in an external database (SIMS for schools) upon which their enrolments will occur and other profile data is filled in (including mugshot of the student!). This is because the lookup fields in SIMS are firstname/lastname and there's the very high likelihood of multiple records being returned (Joe Bloggs syndrome), and then fills in data contained only in SIMS and not in LDAP such as picture, department etc in the profile based on the record selected.
My question is: does or will the new enrolments system provide the possibility for a plugin to display a page/box on (first time) user login for interaction on more complex enrolment systems?
Also is there the possibility of "chaining" enrolment systems (or inheriting from standard enrolment classes) to produce custom setups such as for profile information where different fields come from different sources (e.g. to use LDAP for username/password authentication but then an external database for fields such as house address)? Just a thought!
You only need to ask for it once for each user -- after that, your enrolment plugin can resolve enrolments on initial login. Sorted ;)
"php /var/www/moodle/auth/ldap/auth_ldap_sync_users.php && php /var/www/moodle/enrol/ldap/enrol_ldap_sync.php"
each night, this syncs up with LDAP nicely once your DB permissions are correct. I was pulling my hair out over this, so I hope this helps someone.
I do have the following settings, and I am still stuck. Do you have any way around this or point for me where is my error?
Course enrolment settings
More over the authentication is working fine with "enrol_ldap_bind_dn:firstname.lastname@example.org", I have also tested using the absolute path "cn=moodle1,ou=allusers,dc=win2k,dc=aub,dc=edu,dc=lb" and I am still stuck.
Any suggestions for the above?
Martin do I need to run certain scripts after that?
Anyone with a documentation around that?