[3.8.2] LDAP enrolments from AD groups with large number of members not working

[3.8.2] LDAP enrolments from AD groups with large number of members not working

by Stefano Krister -
Number of replies: 0
Hi Moodlers!
After a lot of consideration I thought it might be best to put up this question to see what I'm missing.
I've searched in the FAQ and throughout the forums.

I've successfully setup a Moodle site (3.8.2) running on LDAP authentication connected to a MS Active Directory server.
It's synchronizing users at regular intervals (every second minute) through a cron job I've scheduled.
(and also deactivating users based on their account status in AD)

LDAP enrolment is setup to also create new courses and enroling users to created courses.
Even members in AD groups are added.

So far so good. But here is where the fun ends (or starts). smile

Synchronise LDAP enrolments task in Scheduled Tasks adds only a few members from AD groups with large number of members (10 000+).
The task isn't failing according to Task logs.
I can't read out in the log why it's failing (no errors in the log).
I can read out that CLI in the course logs enrols and unenrols a few number of users whenever the task is run by cron.

I've set the task to run each half an hour.
I've tried running it manually from Scheduled Tasks.

But to no avail.

Here is what I've tried:
  • I've installed the plugin LDAP syncing scripts, which works as intended.
    It even synchronizes these AD groups with large number of members.
    But the thing is I have to go manually to each course and add that specific cohort and also update it manually (which is not a satisfying solution in the long run).

  • I've double-checked the contexts (for the user lookup and mapping) so that there are no conflicts.

  • I've changed the setting for External unenrol action to Disable course enrolment instead of the default Unenrol user from course.
    Now I see more suspended users. smile

  • I've tried to change the Page size. Also no difference.

The short version of my question (problem?):
I can't seem to enrol members through LDAP from AD groups with large number of members (10 000+).

And I'd be more than happy to get some direction or pointers to what I should check.
I can do pretty much anything on the server (as long as I know what I'm doing).

All the best!
Stefano
Average of ratings: -