Moodle plugins directory: LDAP server (Sync Plus) | Moodle.org
LDAP server (Sync Plus)
Moodle core's auth_ldap authentication plugin is a great basis for authenticating users in Moodle. However, as Moodle core's auth_ldap is somehow limited in several aspects and there is no prospect to have it improved in Moodle core, we have implemented an extended version for LDAP authentication with these key features:
- The most important part: All functions from auth_ldap are still working if you use this authentication plugin.
- The plugin adds the possibility to the LDAP synchronization task to suspend users which have disappeared in LDAP for a configurable amount of days and delete them only after this grace period (the Moodle core LDAP synchronization task only provides you the option to suspend _or_ delete users which have disappeared in LDAP - MDL-47018).
- You can prevent the LDAP synchronization task from creating Moodle accounts for all LDAP users if they have never logged into Moodle before (the Moodle core LDAP synchronization task always creates Moodle accounts for all LDAP users - MDL-29249).
- You can fetch user details from LDAP on manual user creation (MDL-47029).
- It supports login via email for first-time LDAP logins (Moodle core only supports login via email for existing Moodle users - MDL-46638)
- It adds several line breaks to the output of the LDAP synchronization task to improve readability (MDL-30589).
Please see README file for details about the usage and features of this plugin.
No support in the comments section on this page
Please note that we don't provide any support for this plugin in the comments section on this page anymore.
We appreciate your commendation and reviews for this plugin in the comments. For bug reports and support requests, please read the extensive information in the plugin's README file first and create, if needed, a ticket in the bug tracker which is linked below.
Thanks for your cooperation.
Screenshots
Quick question. Does this plugin update custom fields during ldap_sync?
auth_ldap_syncplus is based on auth_ldap, thus it will sync whatever auth_ldap syncs.
In recent versions of Moodle, you can map custom profile fields to LDAP fields, this is done on /admin/auth_config.php?auth=ldap_syncplus. With this feature, you can fill custom profile fields on user creation and on login.
Unfortunately, this does not work for the scheduled LDAP sync task. There is a ticket on https://tracker.moodle.org/browse/MDL-40613 for Moodle core which is somehow stuck and we didn't have the time to contribute resources for solving this ticket.
Summing up:
* Yes you can map custom profile fields
* This is a feature of Moodle core, not of our plugin
* You can't fully rely that the values in the custom profile fields are up to date for all users as they are only updated on login and not with the (nightly) LDAP sync task.
Hope this helps.
Alex
This is an interesting plugin. My question is: Can this plugin exist next to the standard LDAP plugin, so that a site basically has two LDAP authentication instances which authenticate users from two different active directories?
I have never built a setup like this before myself, but theoretically it should work without problems.
Thanks,
Alex
we will need some more weeks until we can do 3.3 testing due to our delayed internal scheduled.
However, up to now, we haven't received any problem reports with the 3.2 version on 3.3. Please give it a try.
Thanks,
Alex
Just wanted to report that the 3.3 plugin released earlier today (what a coincidence!) installed fine to my 3.4.1, and seemed to successfully sync/create users in Moodle from cron.
Thank you for all your work on this!
I am sorry but this plugin has not been tested for 3.6 yet by us. I have seen that there were, as usual, some changes in auth_ldap in 3.6 which most probably have to be adopted to auth_ldap_syncplus. We will tackle this work throughout the next weeks.
So, running this plugin on 3.6 is at your own risk currently unfortunately.
Cheers,
Alex
the 3.6 version is now tested and released.
Cheers,
Alex
I'm solving a problem with LDAP authentication and synchronization user accounts in multi-domain MS Active Directory tree. I'm using core LDAP plugin and authentication and synchronization are working (SSO to), but, because SamAccountName is not unique in this environment, I'm using userprincipalname like attribute for user identification (user_attribute). And it can be problem, for example when women user get merried and she change her surname, AD manager changes it in AD and userprincipalname are changed too. I would like use SID or GUID like identification users, but in core LDAP it's not possible.
It's posible to use SID or GUID in LDAP syncPlus plugin? And whats about switch ID atribut in live system?
Thanks,
Jirka
In theory, this can be done via user download/upload moodle feature so we don't have to do it directly in database if someone doesn't have direct access to the database.
Explain or clarify why during creation
user account fields such as First Name, Last Name and Email Address are required fields?
Why the System does not allow leaving these fields empty, although the description for this plugin indicates the following «.... The only thing you have to specify correctly is the username (which corresponds to the username in LDAP). All other details like first name or email address can be filled with placeholder content. After you click the "Create user" button, Moodle pulls the other user's details from LDAP and creates the user account correctly with the details from LDAP.»
My organization has been using this plugin to create profiles on Moodle from our active directory, and it works great. I have a question regarding the capability of this plugin. Is it possible that upon profile creation, the plugin automatically enrolls users into specific courses? The ideal scenario is to have employees automatically enrolled into courses upon Moodle profile creation, and before they even login to Moodle for the first time. Is such an action possible? Please let me know. Thanks!
version v3.11-r1 (2021072000) auth_ldap_syncplus