Hello,
I'm using Moodle 1.7 and I want to enable user creation with email confirmation in the Windows 2003 Active Directory.
What changes I need to do in the auth_user_create() function?
Many Thanks
Duarte S.
Enable user creation with email confirmation in the Windows 2003 Active Directory
بواسطة - Duarte Silvestre
عدد الردود: 46
رداً على Duarte Silvestre
Re: Enable user creation with email confirmation in the Windows 2003 Active Directory
بواسطة - Duarte Silvestre
My Moodle instalation is doing the LPAD authentication in the Windows Active Directory and everything works fine.
Now I want to enable the Moodle user creation with email confirmation and the automic user creation in the Windows 2003 Active Directory.
رداً على Duarte Silvestre
Re: Enable user creation with email confirmation in the Windows 2003 Active Directory
بواسطة - Duarte Silvestre
The setting "ldap_create_context" from LDAP Authentication says "If you enable user creation with email confirmation, specify the context where users are created. This context should be different from other users to prevent security issues. You don't need to add this context to ldap_context-variable, Moodle will search for users from this context automatically.
Note! You have to modify function auth_user_create() in file auth/ldap/lib.php to make user creation work ".
I think this is already working for the Novell Directory. But what modifications I must do to the auth_user_create() function for this also to work for the Windows Active Directory?
I really need this for my Moodle implementation.
Many Thanks
Duarte S.
رداً على Duarte Silvestre
Re: Enable user creation with email confirmation in the Windows 2003 Active Directory
بواسطة - Iñaki Arenaza
I'm not really sure how to do it, as I've never created users in AD via LDAP before.
But I wonder, are you really sure you want anyone to create users in your LDAP server? (this is what you get when anyone requests and confirms their Moodle user at your site). This could create a nice 'mess' in your LDAP server.
Saludos. Iñaki.
But I wonder, are you really sure you want anyone to create users in your LDAP server? (this is what you get when anyone requests and confirms their Moodle user at your site). This could create a nice 'mess' in your LDAP server.
Saludos. Iñaki.
رداً على Iñaki Arenaza
Re: Enable user creation with email confirmation in the Windows 2003 Active Directory
بواسطة - Duarte Silvestre
Hello Iñaki,
I implemented a LDAP server only to support Moodle and our synchronous elearning platform for live meetings (Centra).
I did this because I think is the only way to do the login in Moodle and in Centra with the same user accounts.
I planned the following: A user register the account in the Moodle site by email confirmation. Automatically the user account is create in the LDAP server and users can also access to Centra using the same username and password.
When my training courses coordinators want to create a discipline in Moodle or a live meeting in Centra, they only need to select the users because they are already created in the LDAP server.
This is why I like this "mess" in the Active Directory that will only support both systems (Moodle and Centra). ;)
Saludos. Duarte S.
رداً على Duarte Silvestre
Re: Enable user creation with email confirmation in the Windows 2003 Active Directory
بواسطة - Duarte Silvestre
"I implemented a LDAP server only to support Moodle and our synchronous elearning platform for live meetings (Centra). "
This LDAP server will never have our internal user accounts.
We are a non-profit organization that provides free vocational training for external users.
This is why we will publish Moodle and Centra to the Internet and this is why we want the external creating their own accounts. And we need to use simultaneously these accounts for Moodle and Centra.
A better way is to implement a SSO between Moodle and Centra, but I don't know how to do it....
Gracias
Saludos. Duarte S.
رداً على Iñaki Arenaza
Re: Enable user creation with email confirmation in the Windows 2003 Active Directory
بواسطة - Duarte Silvestre
“ I'm not really sure how to do it, as I've never created users in AD via LDAP before.”
But Iñaki,
If you check the function auth_user_create() at auth/ldap/lib.php can you confirm this is already implemented to the Novell LDAP?
Sorry, but I’m a PHP newbie…
Many thanks
Duarte S.
رداً على Duarte Silvestre
Re: Enable user creation with email confirmation in the Windows 2003 Active Directory
بواسطة - Iñaki Arenaza
It seems so, but I don't have any Novel LDAP server arount to test it, so I can neither confirm nor deny it works.
The good news is that I played a bit with the code yesterday and it seems I already have a piece of code that is able to create accounts in Active Directory. But they are disabled by default, as I couldn't enable them unless I set them a password. But we don't have the password available in auth_user_create(), so I need to polish the code a bit before it's usable in a real environment.
[Edit: It seems we have the full blown user object in auth_user_create(), so we _do_ have the password.... Mental note to myself: do not work in Moodle code late at night
]
Saludos. Iñaki.
The good news is that I played a bit with the code yesterday and it seems I already have a piece of code that is able to create accounts in Active Directory. But they are disabled by default, as I couldn't enable them unless I set them a password. But we don't have the password available in auth_user_create(), so I need to polish the code a bit before it's usable in a real environment.
[Edit: It seems we have the full blown user object in auth_user_create(), so we _do_ have the password.... Mental note to myself: do not work in Moodle code late at night
Saludos. Iñaki.
رداً على Iñaki Arenaza
Re: Enable user creation with email confirmation in the Windows 2003 Active Directory
بواسطة - Duarte Silvestre
Muchas Gracias Iñaki. Indeed you are a good man.
At ...\auth\ldap\lib.php there are also these functions: auth_user_activate() and a auth_user_disable().
I think the intention is to create the user account in the LDAP server disabled until the user don't confirm his email.
And automatically enable the account in the LDAP server after this email confirmation.
I hope you can find a way...
Saludos.
Duarte S.
P.S.: And do not work in Moodle code late at night... 
رداً على Duarte Silvestre
Re: Enable user creation with email confirmation in the Windows 2003 Active Directory
بواسطة - Iñaki Arenaza
At ...\auth\ldap\lib.php there are also these functions: auth_user_activate() and a auth_user_disable().
I think the intention is to create the user account in the LDAP server disabled until the user don't confirm his email.
And automatically enable the account in the LDAP server after this email confirmation.
Hummm, that makes things even easier
I'll cook a patch in a few hours and test it a little bit before posting it here.
Saludos. Iñaki.
رداً على Iñaki Arenaza
Re: Enable user creation with email confirmation in the Windows 2003 Active Directory
بواسطة - Iñaki Arenaza
I don't have much time to test it right now, so I'm posting the patch here as-is (i.e., with no warranties at all 
)
If someone can test it, it'd be great.
Remember you need LDAP+SSL, the mbstring extension and a bind user with account creation + password reset priviledges.
Saludos. Iñaki.
If someone can test it, it'd be great.
Remember you need LDAP+SSL, the mbstring extension and a bind user with account creation + password reset priviledges.
Saludos. Iñaki.
رداً على Iñaki Arenaza
Re: Enable user creation with email confirmation in the Windows 2003 Active Directory
بواسطة - Duarte Silvestre
Hello Iñaki,
I will try in a few hours from now.
Muchas Gracias!
Duarte S.
رداً على Iñaki Arenaza
Re: Enable user creation with email confirmation in the Windows 2003 Active Directory
بواسطة - Duarte Silvestre
Hello Iñaki,
I have some errors when I try to integrate the diff file with patch.exe in the auth/ldap/lib.php
I only have success with the function auth_user_activate(). Only this one appears in the lip.php after I aplly the patch.
I used a lib.php file without modifications but with the same problems.
I will try to integrate manually.
Saludos
Duarte S.
رداً على Duarte Silvestre
Re: Enable user creation with email confirmation in the Windows 2003 Active Directory
بواسطة - Iñaki Arenaza
This may be due to the fact that I made the diff against the very latest 1.6.3+ version, and you probably are using an older version.
Tell me what version you are using and I'll try to rebase the patch on it.
I intend to test the patch myself, but I wanted to release it as soon as possible 'cause I'll be a bit busy until Wednesday.
Saludos. Iñaki.
Tell me what version you are using and I'll try to rebase the patch on it.
I intend to test the patch myself, but I wanted to release it as soon as possible 'cause I'll be a bit busy until Wednesday.
Saludos. Iñaki.
رداً على Iñaki Arenaza
Re: Enable user creation with email confirmation in the Windows 2003 Active Directory
بواسطة - Duarte Silvestre
Hello Iñaki,
I'm using the 1.7 version.
Saludos. Duarte S.
رداً على Duarte Silvestre
Re: Enable user creation with email confirmation in the Windows 2003 Active Directory
بواسطة - Iñaki Arenaza
Strange, I've been able to apply the patch to a 1.7 version with only a couple of warnings due to a different offset to apply the hunks.
Anyway, here's a patch against latest 1.7.
Saludos. Iñaki.
Anyway, here's a patch against latest 1.7.
Saludos. Iñaki.
رداً على Iñaki Arenaza
Re: Enable user creation with email confirmation in the Windows 2003 Active Directory
بواسطة - Duarte Silvestre
Hello,
What I did:
- Download the latest 1.7 and tried to patch against a fresh lip.php copy;
- When I try to patch with patch.exe from http://unxutils.sourceforge.net/ I receive the following message:
patching file `lib.php'
Assertion failed: hunk, file patch.c, line 321
- When I try to patch with Patch for windows I receive the following message:
patching file lib.php
Assertion failed: hunk, file ../patch-2.5.9-src/patch.c, line 339
- I can patch the file ad-pwd-change-17.diff (also build by you) with no errors;
- Then I integrated manually the file ad-user-creation-17.diff and tested. However when I create a user with email confirmation, the user account don't appears in the Windows Active Directory. Even after the email confirmation, the user account is not created in the AD.
- LADPS is running fine, because I can change the password of the users accounts that are already in the AD.
And thanks again Iñaki for all you work
Duarte S.
رداً على Duarte Silvestre
Re: Enable user creation with email confirmation in the Windows 2003 Active Directory
بواسطة - Iñaki Arenaza
The account should be created when you request a new Moodle account (albeit disabled). If Moodle can't create the user (or set the password), you should be getting an error screen.
I'll try to test/debug it out this week, but I'll need some time, as I need to setup a w2003 server just for the test (don't want to mess around with our production servers).
Saludos. Iñaki.
I'll try to test/debug it out this week, but I'll need some time, as I need to setup a w2003 server just for the test (don't want to mess around with our production servers).
Saludos. Iñaki.
رداً على Iñaki Arenaza
Re: Enable user creation with email confirmation in the Windows 2003 Active Directory
بواسطة - Iñaki Arenaza
I have just tested it with a 1.7 installation, and it worked from the first time (much to my surprise ).
I have tested it with a W2003 AD Domain migrated from a NT 4.0 Domain, with Windows 2000 functional level. I've used the domain administrator account to bind to AD from Moodle, using LDAPS, and the default security policies (both for the domain and the domain controllers).
The moodle server is a Debian Sarge installation, with PHP 4.3.10, OpenLDAP 2.1.30 client libraries and openssl 0.9.7e.
So I guess something is different in our setups.
Saludos. Iñaki.
I have tested it with a W2003 AD Domain migrated from a NT 4.0 Domain, with Windows 2000 functional level. I've used the domain administrator account to bind to AD from Moodle, using LDAPS, and the default security policies (both for the domain and the domain controllers).
The moodle server is a Debian Sarge installation, with PHP 4.3.10, OpenLDAP 2.1.30 client libraries and openssl 0.9.7e.
So I guess something is different in our setups.
Saludos. Iñaki.
رداً على Iñaki Arenaza
Re: Enable user creation with email confirmation in the Windows 2003 Active Directory
بواسطة - Iñaki Arenaza
Ooops! I really did the test with a 1.8-dev version of Moodle. Anyway, I think the versions are equal wrt LDAP authentication as of now, so it shouldn't make a difference.
Saludos. Iñaki.
Saludos. Iñaki.
رداً على Iñaki Arenaza
Re: Enable user creation with email confirmation in the Windows 2003 Active Directory
بواسطة - Duarte Silvestre
Hello Iñaki,
I'm trying to test in a new server, but I have the following problem...:
http://moodle.org/mod/forum/discuss.php?d=58852
Saludos
Duarte S.
رداً على Iñaki Arenaza
Re: Enable user creation with email confirmation in the Windows 2003 Active Directory
بواسطة - Duarte Silvestre
Hello Inãki,
I setup a new server to test, but nothing happens. Nothing changes in the Active Directory. No new account is created.
To check if we are talking about the same thing, see the document in attach please.
Saludos
Duarte S.
PS - I had again problems to patch the file...
رداً على Iñaki Arenaza
Re: Enable user creation with email confirmation in the Windows 2003 Active Directory
بواسطة - Duarte Silvestre
I did the first test in a machine with Windows 2003 and AD (Domain Cointroller)and Moodle 1.7 in the same server.
This second test, the new server has:
- Windows 2003 Server R2
- Moodle 1.7 and 1.6.3
- AD (Domain Controller - not the Global Catalog server)
I did a new test with Moodle 1.6.3 and with the same results: no account is created in AD...
Do have an ideia?...
Saludos~
Duarte S.
PS: Again I had some problems do patch the diff file and with the same error:
"File to patch: I:\Geral\moodle\auth\ldap\lib.php
patching file I:\Geral\moodle\auth\ldap\lib.php
missing header for unified diff at line 75 of patch
can't find file to patch at input line 75"
رداً على Iñaki Arenaza
Re: Enable user creation with email confirmation in the Windows 2003 Active Directory
بواسطة - Duarte Silvestre
Iñaki,
“The account should be created when you request a new Moodle account (albeit disabled). If Moodle can't create the user (or set the password), you should be getting an error screen.”
The accounts are created in Moodle, but not in AD. I don’t get any error screen.
Just one thinking (if i'm doing the same as you):
- First I set all the things in the Moodle authentication method form for option “Use an LDAP server” and then save.
- After, I must change the authentication method in Moodle for “Email-based authentication” and save.
If I don’t do this the instructions to create a new account and the button “Create NewAccount” are not present in the login screen.
Saludos
Duarte S.
------
My LDAP settings:
Choose an authentication method : Use an LDAP server
Use an LDAP server
Settings
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
رداً على Duarte Silvestre
Re: Enable user creation with email confirmation in the Windows 2003 Active Directory
بواسطة - Iñaki Arenaza
After, I must change the authentication method in Moodle for “Email-based authentication” and save.
Ooops! Not so
If I don’t do this the instructions to create a new account and the button “Create NewAccount” are not present in the login screen.
I faced this same problem too. And then I had a look at the code and realized that I needed to fill in some text in the 'instructions' text box. Otherwise I wouldn't get any account creation instructions and the associated 'Create Account' button. Yea, the help text doesn't say anything about this
I suspect this is the real root of your problem.
Saludos. Iñaki.
P.S. I'm attaching my lib.php here (it's for 1.7+ / 2006101007)
رداً على Iñaki Arenaza
Re: Enable user creation with email confirmation in the Windows 2003 Active Directory
بواسطة - Duarte Silvestre
YESSSSSSSS!!
That was the problem!
Again many hours I spend because the the help text doesn't say anything about that....
MANY THANKS IÑAKI ! AS I SAID, INDEED YOU ARE A GOOD MAN !
Now, from Moodle the accounts creation and activation in AD is working!
-----------------------------
Just two things more:
- The function auth_user_disabled is called when ?
- A new challenge... : When deleted an account in Moodle, the account must also be deleted in AD... .
With this my training coordinators only need to manage the accounts in Moodle... If the accounts are not in Moodle, then also are not in AD and also no access to other applications (like Centra).
---------------------------
SALUDOS E MUCHAS, MUCHAS GRACIAS !
Duarte S.
رداً على Duarte Silvestre
Re: Enable user creation with email confirmation in the Windows 2003 Active Directory
بواسطة - Iñaki Arenaza
- The function auth_user_disabled is called when ?
Never, in the current code
- A new challenge... wink : When deleted an account in Moodle, the account must also be deleted in AD... .
This will have to wait some time. First off, the current API doesn't include user deletion (users are not really deleted, but just flagged as deleted, so there is no mechanism in place to tell the authentication plugins they should delete the user externally).
Second, I'll be a bit busy next week
Saludos. Iñaki.
رداً على Duarte Silvestre
Re: Enable user creation with email confirmation in the Windows 2003 Active Directory
بواسطة - Duarte Silvestre
Hello Inãki,
It worked fine until the upgrade to Moodle 1.7.1+ .
I explain:
Till the Moodle 1.7+ the version of lib.php was 1.83.2.1 . With Moodle 1.7.1+ the version of lib.php is 1.83.2.2 .
The difference between the two versions of lib.php is the following line in the end of function auth_user_create (only the new version has this line):
$uadd = ldap_add($ldapconnection, $CFG->ldap_user_attribute."=$userobject->username,".$CFG->ldap_create_context, $newuser);
After applied the patch you did for the user creation in AD in a lib.php file with this line, when I try to create a user I obtain the following error:
“Cannot create the new account in Active Directory. 'Make sure you meet all the requirements for this to 'work (LPADS connection, bind user with adequate 'rights, etc.”
If I comment out this line, apparently, everything still works fine.
Thanks and Muchas Gracias
Um abraço de Portugal
Duarte S.
رداً على Duarte Silvestre
Re: Enable user creation with email confirmation in the Windows 2003 Active Directory
بواسطة - Iñaki Arenaza
Hi Duarte,
I'm afraid I don't understand you. Exactly what lines do you add and which ones do you remove? And does it work or not?
Saludos. Iñaki.
I'm afraid I don't understand you. Exactly what lines do you add and which ones do you remove? And does it work or not?
Saludos. Iñaki.
رداً على Iñaki Arenaza
Re: Enable user creation with email confirmation in the Windows 2003 Active Directory
بواسطة - Duarte Silvestre
Hi Iñaki,
It works until Moodle 1.7 .
With Moodle 1.7.1+ the lib.php, without any modifications made by me, have more this line:
$uadd = ldap_add($ldapconnection, $CFG->ldap_user_attribute."=$userobject->username,".$CFG->ldap_create_context, $newuser);
With this line, after applied the patch you did for the user creation in AD, when I try to create a user I obtain the following error:
“Cannot create the new account in Active Directory. 'Make sure you meet all the requirements for this to 'work (LPADS connection, bind user with adequate 'rights, etc.”
Only the user creation present this problem. The other functions made by you still working fine.
If I comment out this line, apparently, everything works fine.
رداً على Duarte Silvestre
Re: Enable user creation with email confirmation in the Windows 2003 Active Directory
بواسطة - Iñaki Arenaza
I'm really confused (nothing new, you know )
auth/ldap/lib.php has only a very small change between 1.7+ and 1.7.1+ (or the very new 1.7.2+) and it has nothing to do with the piece of code we touch with my AD user creation patch.
In fact, I have just tried to patch 1.7.2+ with my original patch for 1.7+ and it applies cleanly, so it should work just fine (if it previously did, of course)
I just don't get it. If you could paste the content of function auth_user_create() once you have patched it, I'd be very grateful
Saludos. Iñaki.
auth/ldap/lib.php has only a very small change between 1.7+ and 1.7.1+ (or the very new 1.7.2+) and it has nothing to do with the piece of code we touch with my AD user creation patch.
In fact, I have just tried to patch 1.7.2+ with my original patch for 1.7+ and it applies cleanly, so it should work just fine (if it previously did, of course
I just don't get it. If you could paste the content of function auth_user_create() once you have patched it, I'd be very grateful
Saludos. Iñaki.
رداً على Iñaki Arenaza
Re: Enable user creation with email confirmation in the Windows 2003 Active Directory
بواسطة - Duarte Silvestre
Hello Iñaki,
Sorry for only answer now.
In attach I send the auth/ldap/lib.php I'm using.
The line "$uadd = ldap_add($ldapconnection, $CFG->ldap_user_attribute."=$userobject->username,".$CFG->ldap_create_context, $newuser); " still commented out for the user creation to work.
Thanks and Best Regards
Duarte S.
رداً على Duarte Silvestre
Re: Enable user creation with email confirmation in the Windows 2003 Active Directory
بواسطة - Iñaki Arenaza
Oh, now I see. But this line should be removed if you apply my patch. So yes, you need to comment it out , or simply delete it.
Saludos. Iñaki.
Saludos. Iñaki.
رداً على Iñaki Arenaza
Re: Enable user creation with email confirmation in the Windows 2003 Active Directory
بواسطة - Duarte Silvestre
Iñaki,
I strongly suggest that you open a new entry Improvement in the tracker with this patch.
I do this suggestion because:
- I already tested and put the patch in production environment and every thing works fine;
- I know many people that are using the patch and they are satisfied.
I think this patch must be included in CVS as soon as possible.
Do already have the patch working for Moodle 1.8?
And thanks for everything
Obrigado
Duarte S.
رداً على Duarte Silvestre
Re: Enable user creation with email confirmation in the Windows 2003 Active Directory
بواسطة - Johnbin Wang
Hi, I am integrating Iñaki's codes on "ldap_user_creat" for AD into Moodle 1.8. Because Moodle 1.8 use oop mechanism, so I have to change something to make the ldap_user _create work. And now I met a problem. That is I can not ldapmodify the user password when I created the user account(but i can create a user accout without pwd!). The LDAPS, binded user's right are all right.,But it still failed when I set the pwd. I attached my auth.php. Hope someone can modify it and make it work. If anyone have some idea, please tell me, thanks!
رداً على Johnbin Wang
Re: Enable user creation with email confirmation in the Windows 2003 Active Directory
بواسطة - Duarte Silvestre
Hello JohnBin,
Try the auth.php in attach.
It works for me in Moodle 1.8.
I had a small problem with user_activate because the function auth_ldap_get_entries changed the name to ldap_get_entries. The same in user disable.
After change the name of "auth_ldap_get_entries" to "ldap_get_entries" everything seems to work fine.
Best regards
Duarte S.
رداً على Duarte Silvestre
回复: Re: Enable user creation with email confirmation in the Windows 2003 Active Directory
بواسطة - Johnbin Wang
Hi Duarte, I still met the same problem(can not set the password), do you show me your server environment (i.e. what's your php version ?do your server support mbstring extension or iconv extension or some else?) Maybe my windows 2003 server's environment config can not allow me modify pwd, but I don't know where I can give my program the power to set the pwd.
Thanks!
Johnbin Wang
رداً على Johnbin Wang
Re: 回复: Re: Enable user creation with email confirmation in the Windows 2003 Active Directory
بواسطة - Duarte Silvestre
Hello Johnbin,
Counting from the end see the second and third message in this post: http://moodle.org/mod/forum/discuss.php?d=56485#262214
(are the last messages in the post).
My server environment: Moodle 1.8 + (2007021503); PHP 5.1.6; Apache 2.2; Windows 2003
In attach I send my php.ini
رداً على Johnbin Wang
Re: 回复: Re: Enable user creation with email confirmation in the Windows 2003 Active Directory
بواسطة - Duarte Silvestre
Johnbin,
Try a password with 8 or more digits.
The result is the same?
You Don't receive any error message in the screen or in PHP log?
رداً على Duarte Silvestre
回复: Re: 回复: Re: Enable user creation with email confirmation in the Windows 2003 Active Directory
بواسطة - Johnbin Wang
Hi Duarte,
The error is "No.53: Server is unwilling to perform" .And my server hasnot any pwd limit. My php(5.2.1) runs IIS6.0, not apache. Maybe it is the problems?
I copied your php.ini to my php folder, changed it a little to fit my environ and then tried , but failed again.
Now I know what have been done to change the AD pwd:
1 ldaps --- yes, I have configed it.
2 bind a user who have the right to change the pwd. --- I did it.
3 AD pwd limit. My server has no limit.
4 php mbstring extension ----- yes, i enabled it.
what else do I need to do?
Thanks for your reply, Duarte,
Johnbin Wang
رداً على Johnbin Wang
Re: 回复: Re: 回复: Re: Enable user creation with email confirmation in the Windows 2003 Active Directory
بواسطة - Iñaki Arenaza
Server is unwilling to perform
You usually get this error when your connection is not using SSL. AD refuses to do any modifications to its data if you are not using SSL.
Saludos. Iñaki.
رداً على Johnbin Wang
Re: 回复: Re: 回复: Re: Enable user creation with email confirmation in the Windows 2003 Active Directory
بواسطة - Duarte Silvestre
Johnbin,
like Iñaki said it seems that the server with Moodle is not doing a LDAP over SSL conection with the server who is the AD Domain Controller.
Running the ldp.exe in the server with Moodle try to do a LDAP over SSL (ldaps) conection with the server who is the AD Domin Controller.
In ldp.exe change the TCP port from 389 (ldap) to 636 (ldaps) and check the SSL option.
Humm...thinking better this is not the problem, because if Moodle can write in the AD all the user account data except the password, then he is doing already a ldaps conection...
رداً على Duarte Silvestre
回复: Re: 回复: Re: 回复: Re: Enable user creation with email confirmation in the Windows 2003 Active Directory
بواسطة - Johnbin Wang
"because if Moodle can write in the AD all the user account data except the password, then he is doing already a ldaps conection..."
Yes, I have already a ldaps connection. I still cannot find where is wrong . I also try to use the ADSI "LDAP" COM object to set a pwd for the account but failed again. It seems as if my server has something wrong. A alternative way is using C# dotnet make a exe file that realizes the function of setting pwd and changing pwd. Then I use php to call it. I think I should have a try.
رداً على Johnbin Wang
Re: 回复: Re: 回复: Re: 回复: Re: Enable user creation with email confirmation in the Windows 2003 Active Directory
بواسطة - Duarte Silvestre
Johnbin,
Two things:
- This happens only when you create a new user account in Moodle, when you reset a password or in both?
- I suggest that you put running a packet sniffer (like MS Network Monitor), to see what Moodle is sending to Domain Controller.
Start the packet capture, then try the operation in Moodle and then analyze what Network Monitor captured.
Perhaps you can't find the password in simple text in the packets captured by Network Monitor, because you are using ldaps. Then, before you try the operation in Moodle, set Moodle to do only ldap and not ldaps connection with domain controller. With this situation you can't write in AD, but you can check what Moodle is sending to Domain Controller and conclude if the problem is in Moodle or in your Windows.
Even if your Domain Controller and Moodle are in the same machine, you can do this.
Best regards
Duarte S.
Duarte S.
رداً على Duarte Silvestre
Re: Enable user creation with email confirmation in the Windows 2003 Active Directory
بواسطة - Iñaki Arenaza
Do already have the patch working for Moodle 1.8?
No, I don't (because I don't use this patch at all; I did it just for you and whoever was interested in using it )
I'll have a look at it in the next few days.
Saludos. Iñaki.
رداً على Duarte Silvestre
Re: Enable user creation with email confirmation in the Windows 2003 Active Directory
بواسطة - Iñaki Arenaza
I strongly suggest that you open a new entry Improvement in the tracker with this patch.
Ok, there you have it: MDL-9626.
I've just requested inclusion for 1.8 or newer versions, as I don't think they are going to add ti to earlier ones.
Saludos. Iñaki.
رداً على Iñaki Arenaza
Re: Enable user creation with email confirmation in the Windows 2003 Active Directory
بواسطة - Iñaki Arenaza
By the way, I've fixed a stupid bug in the patch for 1.8.x (the patches for the previous versions are not affected).
You have to change the line that reads:
$newuser['unicodePwd'] = mb_convert_encoding('"'.$plainpass.'"',
to:
$newuser['unicodePwd'] = mb_convert_encoding('"'.$extpassword.'"',
Otherwise, the user gets a wrong password. I'm not sure if this could be related to the problem Johnbin is having, but I could be...
Sorry for the mistake
Saludos. Iñaki.