Moodle plugins directory: LDAP server (Sync Plus) | Moodle.org
LDAP server (Sync Plus)
Moodle core's auth_ldap authentication plugin is a great basis for authenticating users in Moodle. However, as Moodle core's auth_ldap is somehow limited in several aspects and there is no prospect to have it improved in Moodle core, we have implemented an extended version for LDAP authentication with these key features:
- The most important part: All functions from auth_ldap are still working if you use this authentication plugin.
- The plugin adds the possibility to the LDAP synchronization task to suspend users which have disappeared in LDAP for a configurable amount of days and delete them only after this grace period (the Moodle core LDAP synchronization task only provides you the option to suspend _or_ delete users which have disappeared in LDAP - MDL-47018).
- You can prevent the LDAP synchronization task from creating Moodle accounts for all LDAP users if they have never logged into Moodle before (the Moodle core LDAP synchronization task always creates Moodle accounts for all LDAP users - MDL-29249).
- You can fetch user details from LDAP on manual user creation (MDL-47029).
- It supports login via email for first-time LDAP logins (Moodle core only supports login via email for existing Moodle users - MDL-46638)
- It adds several line breaks to the output of the LDAP synchronization task to improve readability (MDL-30589).
Please see README file for details about the usage and features of this plugin.
No support in the comments section on this page
Please note that we don't provide any support for this plugin in the comments section on this page anymore.
We appreciate your commendation and reviews for this plugin in the comments. For bug reports and support requests, please read the extensive information in the plugin's README file first and create, if needed, a ticket in the bug tracker which is linked below.
Thanks for your cooperation.
I have added a screenshot with the special section in the settings page.
Concerning the underscore: Normally, I try to follow Moodle coding guidelines as best as possible. I was not aware that there are problems with underscores in plugin names - quite the contrary, I thought that it would be better to use underscores to separate words than dashes. Perhaps I misunderstood the Frankenstyle guidelines in this particular part. But is there a wiki page where it is mentioned that underscores are prohibited in plugin names?
Originally, I added the _syncplus suffix to make clear that this is a subplugin for auth_ldap and it does not work without it. And I already have other plugins with underscores in the plugins repository (https://moodle.org/plugins/view.php?plugin=local_resort_courses and https://moodle.org/plugins/view.php?plugin=block_login_userinfo)...
To sum it up, I would be willing to change the name to a version without underscores. Unfortunately, we already are at the point that the plugin is in production at some Moodle instances in germany. So, my question is: Is the absence of underscores a must-have or would you be willing to wave the plugin through this time?
PS: The additions in auth_ldap_syncplus to auth_ldap are minimal. And I think these additional features could simply be included to auth_ldap. For the plugin's "grace period" functionality, there is no tracker item yet, but for the other two of the plugin's functionalities, I already created tracker items on https://tracker.moodle.org/browse/MDL-29249 and https://tracker.moodle.org/browse/MDL-30589.
Thanks,
Alex
If your auth plugin is already in production, there is really no need to worry with the renaming. There is no strict policy on this subject and even some core plugins use the underscore in the name. I am going to finish the review of this plugin now. Thanks Alexander.
I found the extended behaviour of your plugin pretty reasonable. Let me encourage you to try and prepare a patch for the core's auth_ldap that would include both your plugin features.
Said that, runway free and cleared to land. Welcome to Plugins directory!
I work for a government agency that has recently merged and hence we run 2 AD's at the moment so I am using ldap_syncplus and the default.
Each can then search against different directories. The 2 domains trust each other and I am using the 1 AD account to search both domains. Is there a problem witht he way I am doing this, and is there a better way?