Iñaki,
Any chance of a patch for cloning for 4.1 or 4.2 with PHP 8.1 - I am having issues with a paged_results component killing my older ldap clone when upgrading to php8.1
Thanks in advance!!!
Hi Emma,
I finally decided to heed your advice to save everyone having to search for the LDAP clones patch in the forum threads and I have created a Github repository (https://github.com/iarenaza/moodle-ldap-clones) with all the versions of the patch that I had in my machine (even the very old ones).
That should include any version I posted in the forums in the past, unless I deleted any of them locally by mistake. Included in the list are a couple of patches for 4.2.0 and 4.2.1.
I'm in the process of creating the patches for the 4.0.x and 4.1.x series, and I will push them to that repository gradually as I create them.
Of course, I still need to link to that repo from the LDAP documentation page.
Saludos.
Iñaki.
Awesome - thanks Inaki - I will update the Documentation page for you if you haven't done that already.
HI,
What is the chances if you have the clone thing for Moodle 4.4 cause when i try the one for Moodle 4.2 it says some error. below.
php -f ldapname.php ldapbdb
sh: line 1: patch: command not found
=====================================================================
If you are using Internet Information Server (IIS) to run your Moodle
installation, please adjust the permissions of the
/var/www/html/Ilearn/auth/ldapbdb directory.
patch.exe for Windows removes some essential permissions from the
patched files, that make some of then unreadable by IIS.
The simplest way to fix them is to use Windows Explorer to show the
properties of the /var/www/html/Ilearn/auth/ldapbdb directory, go to the
Security tab, click on the 'Advanced' button on the bottom right,
select the checkbox called 'Replace permission entries on all child
objects with entries shown here that apply to child objects', click
on the 'OK' button and confirm the dialog box.
=====================================================================
The chances are moderate (as I may have some spare free time this weekend), but the problem you are immediately facing is not due to an incompatible version.
As the error clearly says, the patch command is not found Which means you haven't installed the
patch tool, which is a required pre-requisite to be able to use the clones. If you are using Linux to host your Moodle site, install the patch package from your Linux distribution.
If you are using Windows, have a look at https://docs.moodle.org/dev/How_to_apply_a_patch#Apply_a_Patch_in_Windows_using_gnuwin32 to see how you can download and install the patch.exe executable. Make sure you install patch.exe in a directory that is on the PATH, or modify the PATH variable to also include the directory where you installed it.
Saludos. Iñaki.
I will remove patch and install it again tonight, Cant really do it during the day when the system is busy. Maybe it failed and i did not see the patch install fail.
and thank you so much for your time. Appreciate it.
and thank you so much for your time. Appreciate it.
Maybe the install didn't fail. Maybe you just don't have the patch.exe executable (I'm assuming you are using MS Windows) in your PATH.
Saludos.
Iñaki.
no im using fedora 40. i unfortunately did not get around to test this yet. did do yum install patch again and it said the package was damaged so i purged it and it installed successfully, but thats where i stopped. insufficient time at the moment.
I was able to get the 4.2 patch to work with 4.4 but it is throwing a few errors with debugging on -
Deprecated: Creation of dynamic property auth_plugin_ecb::$pluginconfig is deprecated in /var/www/moodle/auth/ecb/auth.php on line 93
Deprecated: Creation of dynamic property auth_plugin_ecb::$roleauth is deprecated in /var/www/moodle/auth/ecb/auth.php on line 125
Deprecated: Creation of dynamic property auth_plugin_ecb::$pluginconfig is deprecated in /var/www/moodle/auth/ecb/auth.php on line 93
Deprecated: Creation of dynamic property auth_plugin_ecb::$pluginconfig is deprecated in /var/www/moodle/auth/ecb/auth.php on line 93
Deprecated: Creation of dynamic property auth_plugin_ecb::$roleauth is deprecated in /var/www/moodle/auth/ecb/auth.php on line 125
Deprecated: Creation of dynamic property auth_plugin_ecb::$pluginconfig is deprecated in /var/www/moodle/auth/ecb/auth.php on line 93
Hi Emma,
as I said in my post this morning, there are 4.4.0 and 4.4.1 version of the patch already published to the git repository.
Those version shouldn't throw any errors or warnings, unless the original LDAP plugin does
Saludos.
Iñaki
Yes, I saw this right after I posted that! And of course, you posted those probably within hours of me using the 4.2 version!! No big deal, thanks for updating and I will uninstall, repatch and move forward with the new patch!
Hello,
looks like moodle are around at least 20 years, why there is still this default LDAP plugin with only one LDAP path? Why not to include: Add additional LDAP path option (additional service account and Organizational Unit too) - within the default plugin. So we don't need to do this clone workaround, if there is more than one Active Directory
if i have a 3.10.11 version,
can i take patch for earlier version 3.10.6 https://github.com/iarenaza/moodle-ldap-clones/tree/master/moodle-3.10 ?
or better to take patch for more recent, for example 3.11 version..
or better to follow the manual and try to make a custom clone?
Btw, is it true, if i try to update moodle to more recent versions, it could brake some plugins?
Thank You
I would recommend patching according to your moodle version. I then run them until they break and then I repatch! You are correct though that it would be great if Moodle would change the original plugin but I tend to think that you would need all the settings for each domain in some cases. I know that in mine, I have separate domains for different user types and so all the settings are different. I suspect a lot of people have a student and teacher domain and so they also would want different settings for each domain. Not sure what the best solution is but very thankful to Iñaki for making these patches for us!!
my current version are 3.10.11
on the patch link, there is no patch for that specific version, only till 3.10.6, and then next available starting from 3.11
That's why asked what would be better..
But looks like need to test
Lots of manual work involved btw. it's not like a click and play
i am more familiar with windows AD, wanted to resolve this two AD issue
Already installed LDAP sync plus, but after saving new user, it shows:
Exception - Call to protected method auth_plugin_base::update_user_record() from context ''
that's because of something changed in moodle version, but sync plus plugin not updated accordingly, otherwise that would be a solution
https://moodle.org/mod/forum/discuss.php?d=371622#p1499022
i'm not sure yet what this error affects.. This is a second day with moodle..
Thanks for the tips.
on the patch link, there is no patch for that specific version, only till 3.10.6, and then next available starting from 3.11
That's why asked what would be better..
But looks like need to test
Lots of manual work involved btw. it's not like a click and play
i am more familiar with windows AD, wanted to resolve this two AD issue
Already installed LDAP sync plus, but after saving new user, it shows:
Exception - Call to protected method auth_plugin_base::update_user_record() from context ''
that's because of something changed in moodle version, but sync plus plugin not updated accordingly, otherwise that would be a solution
https://moodle.org/mod/forum/discuss.php?d=371622#p1499022
i'm not sure yet what this error affects.. This is a second day with moodle..
Thanks for the tips.
Providing some specific info on:
"Btw, is it true, if i try to update moodle to more recent versions, it could brake some plugins?"
To help with plugins (addons)
In a $release = '3.11.18 (Build: 20231211)' release, there is
uninstall_plugins.php script ... if give it the --show-contrib switch it will list addons. It will also un-install plugins. See the help in that script.
If you install moosh, and issue:
moosh -n plugin-list
moosh will list all plugins in Moodle plugins and show the highest version (match with core)
and provide the URL to download the zip file.
Example:
tool_uploadpage,3.10,3.11,3.2,3.3,3.4,3.5,3.6,3.7,3.8,3.9,https://moodle.org/plugins/download.php/22253/tool_uploadpage_moodle311_2020081700.zip
Highest available for the example plugin is 3.11 so it will probably break going to 4.x.
Note: themes are plugins ... if you are using a 3rd party theme as default theme for the site, strongly suggest forcing the theme to boost via entry in config.php
$CFG->theme='boost';
and leave it throughout your march.
Some notes:
In version 4.0 of moodle, assignment 2.2 and examview question type will be removed from core. That uninstall script comes in handy there.
At 3.11.x you are looking at a march of your moodle - cannot hyperjump to the latest and greatest. Along the way you will have to upgrade your PHP version and DB server.
See Mr.V's handy chart for planing your march.
http://www.syndrega.ch/blog/#php-and-dbms-compatibility-of-major-moodle-releases
As well as using your own Site Admin -> Server -> Environment Check (update component) then select each moodle higher than your 3.11.x to see what REDS you will need to address before going to that version.
If your site isn't using git versioning, now would be the time ... looking at a march, using CLI git upgrading is by far the best way to march.
https://docs.moodle.org/405/en/Git_for_Administrators
'SoS', Ken
Thanks for the suggestions
i found this too https://docs.moodle.org/405/en/Upgrading
and heard from someone, that needs to be careful when updating moodle versions.
may have to meditate for several hours afterwards..
Maybe Someone are able to fix that ldap_syncplus plugin/addon, it is out of date:
i found this too https://docs.moodle.org/405/en/Upgrading
and heard from someone, that needs to be careful when updating moodle versions.
may have to meditate for several hours afterwards..
Maybe Someone are able to fix that ldap_syncplus plugin/addon, it is out of date:
was easy to install it via web page - install plugin, but:
after saving new user, it shows:
Exception - Call to protected method auth_plugin_base::update_user_record() from context ''
Exception - Call to protected method auth_plugin_base::update_user_record() from context ''
i believe, need to take something from the default LDAP plugin (let it be from the most up to day version), and apply it to the ldap_syncplus related to this:
For developers: The "Call to protected method auth_plugin_base::update_user_record() from context ''" error is due to an internal change mentioned in auth/upgrade.txt:
* The auth_db and auth_ldap plugins' implementations of update_user_record() have been removed and both now
call the new implementation added in the base class.
The moved update_user_record() method is now protected.
For the ldap clone, try the 3.10 patch. Why are you using ldap_plus_sync - what is it achieving for you? Why are you stuck on such an old version of moodle? I would really look into upgrading...yes, there are big changes but good big changes!
we will try to upgrade moodle, and then to clone LDAP plugin
i am not the admin of it..
just wanted to resolve that multi AD LDAP issue with some easy solutions.
Yes, I wish it was easier too - I suggest putting something on Moodle Tracker and see if it gets any traction. If you have server access, the patch is really very easy though. I have three different ldap connections and it takes me a couple of minutes to repatch - the settings all apply if you name them the same.
Hello,
Wanted to ask,
Wanted to ask,
we cloned default LDAP plugin to be able to connect a second Active Directory domain
Cloned plugin works, users are synced and able to log in
i created a new Cohort group with the same name as the Security group, which is located in second domain.
After running involved task
Synchronize cohorts from LDAP groups
\local_ldap\task\group_sync_task
Members from second domain are not added to this new Cohort group automatically.
i am able to search user, and add it to this Cohort group manually
For users of the default LDAP plugin - connected to primary Active Directory, this Cohort group member synchronization works
The default LDAP plugin task is named as follows
LDAP users sync job
\auth_ldap\task\sync_task
The cloned Plugin task is named as follows
LDAP ldap2 users sync job
\auth_ldap2\task\sync_task
i tried to look at the configuration, but no luck so far
looks like this config file is involved in Cohort member sync
/var/www/lms.ourdomain.com/htdocs/local/ldap/locallib.php
looks like - this cloned LDAP2 path are not included or covered within Cohort member sync config
Has Anyone solved this, and could share some ideas or necessary config update please?
Thanks
Cloned plugin works, users are synced and able to log in
i created a new Cohort group with the same name as the Security group, which is located in second domain.
After running involved task
Synchronize cohorts from LDAP groups
\local_ldap\task\group_sync_task
Members from second domain are not added to this new Cohort group automatically.
i am able to search user, and add it to this Cohort group manually
For users of the default LDAP plugin - connected to primary Active Directory, this Cohort group member synchronization works
The default LDAP plugin task is named as follows
LDAP users sync job
\auth_ldap\task\sync_task
The cloned Plugin task is named as follows
LDAP ldap2 users sync job
\auth_ldap2\task\sync_task
i tried to look at the configuration, but no luck so far
looks like this config file is involved in Cohort member sync
/var/www/lms.ourdomain.com/htdocs/local/ldap/locallib.php
looks like - this cloned LDAP2 path are not included or covered within Cohort member sync config
Has Anyone solved this, and could share some ideas or necessary config update please?
Thanks
Yes unfortunately most of the syncing tools are only designed to work with a single ldap connection (the default one normally). I was fortunate that I could sync from my global catalog and then authenticate from separate domains in the same forest but if your domains are totally separate, I am not sure how that would work. A work around would be sync custom profile fields from your AD and then use dynamic cohorts plugin to create your cohorts.
Hello,
Thank You for willingness to help, it's a nice thing to do under the sun.
i managed to run this Cohort synchronization with a cloned LDAP plugin as well.
i had to add a number 2 within the /var/www/hostname.com/htdocs/local/ldap/locallib.php file:
Thank You for willingness to help, it's a nice thing to do under the sun.
i managed to run this Cohort synchronization with a cloned LDAP plugin as well.
i had to add a number 2 within the /var/www/hostname.com/htdocs/local/ldap/locallib.php file:
require_once($CFG->dirroot . '/group/lib.php');
require_once($CFG->dirroot . '/cohort/lib.php');
require_once($CFG->dirroot . '/auth/ldap2/auth.php');
/**
* LDAP cohort sychronization.
*
* @package local_ldap
* @copyright 2013 onwards Patrick Pollet
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
class local_ldap extends auth_plugin_ldap2 {
/** @var array Avoid infinite loop with nested groups in 'funny' directories. */
private $antirecursionarray;
/** @var array Cache for found group dns. */
private $groupdnscache;
/**
* Constructor.
*/
public function __construct() {
// Revision March 2013 needed to fetch the proper LDAP parameters
// host, context ... from table config_plugins see comments in https://tracker.moodle.org/browse/MDL-25011.
if (is_enabled_auth('cas')) {
$this->authtype = 'cas';
$this->roleauth = 'auth_cas';
$this->errorlogtag = '[AUTH CAS] ';
} else if (is_enabled_auth('ldap2')) {
$this->authtype = 'ldap2';
$this->roleauth = 'auth_ldap2';
$this->errorlogtag = '[AUTH LDAP2] ';
} else {
return false;
}
Then i ran this scheduled task and the Cohort members from the second domain were synchronized:
Home/Site administration/Server/Tasks/Scheduled tasks: Synchronize cohorts from LDAP groups
Later, will try to update existing script or create another scheduled script with number 2 included.
Reminder - Active Directory Security group name must be the same as the manually added Cohort group name for this member sync script to work.
Well that is a work around but you will need to change it back of course for the original ldap to sync so not the best solution.