Authentication

Warning: array_change_key_case() expects parameter 1 to be array, null given in /var/www/moodle2/auth/ldap/auth.php on line 2066

 
Picture of Visvanath Ratnaweera
Warning: array_change_key_case() expects parameter 1 to be array, null given in /var/www/moodle2/auth/ldap/auth.php on line 2066
Particularly helpful Moodlers
Hi all

We are connecting a Moodle 2.7.latest site to a new ActiveDirectory. It almost works. Every time a user logs in the above warning comes up. One could work after clicking "Continue" though.

I searched this forum and according to the discussion "LDAP sync task - Duplicate user name - Samaccountname" https://moodle.org/mod/forum/discuss.php?d=352329 it could mean duplicate user names.

Can somebody confirm or shed light in to this?

 
Average of ratings: -
Picture of Emma Richardson
Re: Warning: array_change_key_case() expects parameter 1 to be array, null given in /var/www/moodle2/auth/ldap/auth.php on line 2066
Documentation writersParticularly helpful Moodlers

The discussion you linked to has a totally different error message though - did you run the ldap sync and see a message about duplicate usernames?

 
Average of ratings: -
Picture of Visvanath Ratnaweera
Re: Warning: array_change_key_case() expects parameter 1 to be array, null given in /var/www/moodle2/auth/ldap/auth.php on line 2066
Particularly helpful Moodlers
Hi Emma

It is quite possible that my clue was wrong!

No, I didn't run the ldap sync. The local adminstrator does not want it, for the simple reason that it will pull tens of thousends of users in to Moodle where as less than 100 are actually involved.

I have ldapsearch though.
 
Average of ratings: -
Picture of Iñaki Arenaza
Re: Warning: array_change_key_case() expects parameter 1 to be array, null given in /var/www/moodle2/auth/ldap/auth.php on line 2066
Core developersDocumentation writersParticularly helpful MoodlersPlugin developers

Hi Visvanath,

the first warning comes from the ldap membership group checking code. As fas as I can see, that code is only called from the iscreator() method. And that call is only performed if the 'Creators' setting is non-empty. It looks like that setting contains a value that is not an actual existing group distinguished name (or group DNs, separated by semi-colons). That's why you get the warning: the LDAP server can't read (access) that particular LDAP object. So make sure all the configured creators groups are using the right distinguished names (or make sure the setting is completely empty).

The login process can continue regardless of this warning because being a creator (or not) doesn't prevent the user from login. The only difference lays in whether you also get the course creator role or not.

Regarding the second and third notice and warning, they come from the Active Directory password expiration checking code (so I guess you have password expiration checking enabled). Moodle is trying to read the 'maxPwdAge' attribute from Active Directory LDAP root, but it's not getting anything back from LDAP server (which is a bit unexpected). But the code tries to use the expected value anyway. That's why you get the warnings. Again, this does not prevent the user from login, as PHP treats an empty value as 0 (zero), and the AD expiration code interprets that as the AD domain being configured with to ignore password expiration.

I can think of two possible options for this problem to occur:

  1. The configured bind user doesn't have enough permissions to read maxPwdAge (regular users can read that attribute in a default AD setup in Windows 2003, 2008 and 2012, but your AD administrator might have applied more restrictive settings),
  2. Your Moodle site is using a Global Catalog as the LDAP server, where the maxPwdAge attribute is not available.

Saludos. Iñaki.

 
Average of ratings: Useful (2)
Picture of Matteo Scaramuccia
Re: Warning: array_change_key_case() expects parameter 1 to be array, null given in /var/www/moodle2/auth/ldap/auth.php on line 2066
Core developersParticularly helpful MoodlersPlugin developers

Hi Iñaki,
thanks for your deep diving into these warnings Yes (Global Catalog bit included): worth filing an issue to cleanup the code, included comments with some bits of your explanation above?

 
Average of ratings: -
Picture of Visvanath Ratnaweera
Re: Warning: array_change_key_case() expects parameter 1 to be array, null given in /var/www/moodle2/auth/ldap/auth.php on line 2066
Particularly helpful Moodlers
Hi Iñaki

Thanks a lot for such an in-depth report!

The first statement is confirmed in the mean time:
> And that call is only performed if the 'Creators' setting is non-empty. It looks like that setting contains a value that is not an actual existing group distinguished name (or group DNs, separated by semi-colons)

There was a "Course creator" setting which was inherited from the previous AD, which was apparently not being used. Deleted that and the first error message is gone!

I have no control over the other two, the AD comes from another dept. (Even if I had access, I won't understand what you are talking about. ;) Sent the link to the other party and waiting for the reply.
 
Average of ratings: -