Moodle plugins directory: LDAP server (Sync Plus) | Moodle.org
LDAP server (Sync Plus)
Moodle core's auth_ldap authentication plugin is a great basis for authenticating users in Moodle. However, as Moodle core's auth_ldap is somehow limited in several aspects and there is no prospect to have it improved in Moodle core, we have implemented an extended version for LDAP authentication with these key features:
- The most important part: All functions from auth_ldap are still working if you use this authentication plugin.
- The plugin adds the possibility to the LDAP synchronization task to suspend users which have disappeared in LDAP for a configurable amount of days and delete them only after this grace period (the Moodle core LDAP synchronization task only provides you the option to suspend _or_ delete users which have disappeared in LDAP - MDL-47018).
- You can prevent the LDAP synchronization task from creating Moodle accounts for all LDAP users if they have never logged into Moodle before (the Moodle core LDAP synchronization task always creates Moodle accounts for all LDAP users - MDL-29249).
- You can fetch user details from LDAP on manual user creation (MDL-47029).
- It supports login via email for first-time LDAP logins (Moodle core only supports login via email for existing Moodle users - MDL-46638)
- It adds several line breaks to the output of the LDAP synchronization task to improve readability (MDL-30589).
Please see README file for details about the usage and features of this plugin.
No support in the comments section on this page
Please note that we don't provide any support for this plugin in the comments section on this page anymore.
We appreciate your commendation and reviews for this plugin in the comments. For bug reports and support requests, please read the extensive information in the plugin's README file first and create, if needed, a ticket in the bug tracker which is linked below.
Thanks for your cooperation.
Although the plugin was not developed for scenarios like yours, I see nothing wrong with your setup. You will have two auth plugins which can be configured independently and which use the same functions under the hood.
The only downside I see is that each Moodle user has the auth plugin to use set in his profile. This means that user A who uses auth_ldap will only be searched in the LDAP Server configured in auth_ldap. There is no possibility to migrate users from one LDAP server to the other LDAP server without changing the auth plugin in Moodle.
I don't know if there are better solutions for your problem and if auth_ldap can be configured to contact two LDAP servers or if you can configure only one LDAP server in Moodle and this LDAP server hands over the auth request to a second LDAP server if he can't find a user in his directory. Please turn to the Moodle forums if you want to get a better solution.
Thanks,
Alex
Hope you are well!.
I have download Ldap plugin and installed via "Install plugins". After successful validation, redirected to "Manage authentication" to enable "LDAP server (Sync Plus)". Upon click of Settings, shows this message " The PHP LDAP module does not seem to be present. Please ensure it is installed and enabled if you want to use this authentication plugin." I have uncommented ldap.dll in php.ini file however error message remains there.
Additional information,
1. MOODLE_28_STABLE
2. PHP 5.5.11
2 phpMyAdmin 4.1.12
3 Database server - MySql 5.6.16
4 Apache 2.4.9
Plz help to fix this problem.
the error message you have posted tells me that your webserver does not have the php-ldap module loaded which is necessary for this plugin. I assume that this is not a problem of our plugin, you probably won't be able to use the Moodle core LDAP authentication, too.
You say that you have uncommented ldap.dll in php.ini. .dll files correspond to Windows and I am no Windows expert.
The only thing I can tell you is that on Linux, there must be a line
extension=ldap.so
in php.ini and this extension file must be installed, of course. Please talk to your webserver admins if they can help you getting this PHP extension running.
Thanks,
Alex
Thank you for your reply. I will considered this "extension=ldap" when I do/reply in linux.
To anwser to your question, yes I'm unable to use core LDAP also (has same error message)
Thank you for your reply. I will consider this "extension=ldap" when I do/reply in linux.
To anwser to your question, yes I'm unable to use core LDAP also (has same error message)
Thanks for your great works. I'm setting Moodle 3.0.2+ (Build: 20160121) on Centos, and want to use LDAP authentication with Windows 2012 R2 AD. I made same settings for both core LDAP plugin and your plugin. When I did manual sync script, core LDAP can create user, and your plug display result as
[AUTH LDAP SYNCPLUS] The users sync cron has been deprecated. Please use the scheduled task instead.
[AUTH LDAP SYNCPLUS] The scheduled task sync_task is enabled, the cron execution has been aborted.
And there is no user been created at all.
Could you give me some suggestions about how to troubleshoot?
Thanks
I think the message says it all - the manual sync script is still there, but is deprecated because it is replaced with a scheduled task within Moodle.
If you really want to use the manual script, please go to Site administration > Server > Scheduled tasks and disable the scheduled task for this plugin.
Thanks,
Alex
when adding the plugin, old users created with the standard LDAP plugin still require it to log-in, with new users being fetched from the LDAP repository are created with the new plugin. Is there any way to "move" users from one plugin to another? If not, then none of the plugins can be ever uninstalled without losing the log-in capabilities to users who where imported with that particular plugin.
In other words: if I disable the standard LDAP plugin, no user that was already in the system can log-in anymore. If I disable the "sync plus" plugin instead, no "new" users that logged in for the first time with this plug-in (higher priority in the authentication list) can log in to the system anymore.
Otherwise great plugin, looking forward to using it fully
I think all you need to know is listed on https://github.com/moodleuulm/moodle-auth_ldap_syncplus/blob/master/README.md, in the last paragraph of section "Usage & settings".
Thanks,
Alex
well, the features which auth_ldap_syncplus adds over auth_ldap are focused at user account lifecycle management. Adding a cohort sync feature would be out of the scope of this plugin.
With moodle_local_ldap, you mean https://github.com/patrickpollet/moodle_local_ldap ? Well, Patrick Pollet died some time ago as far as I know and that is a pretty good reason why the plugin is discontinued...
Please have a look at https://github.com/moodleuulm/moodle-local_profilecohort. This is a plugin which we have developed for a similar purpose and are already using it in production. It just needs some more features and will then be published shortly in the Moodle plugins repo.
Thanks,
Alex
citing our Moodle release support statement from https://github.com/moodleuulm/moodle-auth_ldap_syncplus/blob/master/README.md:
-----
Due to limited resources, block_people is only maintained for the most recent major release of Moodle. However, previous versions of this plugin which work in legacy major releases of Moodle are still available as-is without any further updates in the Moodle plugins repository.
There may be several weeks after a new major release of Moodle has been published until we can do a compatibility check and fix problems if necessary. If you encounter problems with a new major release of Moodle - or can confirm that auth_ldap_syncplus still works with a new major relase - please let us know on https://github.com/moodleuulm/moodle-auth_ldap_syncplus/issues
-----
Currently, we plan to work on 3.1 in July. But as far as I see, there are no fatal errors with the 3.0 version of this plugin on 3.1.
Thanks,
Alex
Moodle Ver. 3.1.1
LDAP Server Sync Plus Ver. v3.1-r1 2016071900
you have also written a private message to me. After your last message, I had the conclusion that the problem you decribed is done, that's why I won't answer on them. If there are any more problems, please come back to me.
Thanks,
Alex