Moodle Plugins directory: LDAP syncing scripts | Moodle.org
LDAP syncing scripts
Local plugins ::: local_ldap
Maintained by 
Charles Fulton, 
Andrew Zito
Charles Fulton, Andrew ZitoThis plugin synchronizes Moodle cohorts against an LDAP directory using either group memberships or attribute values.
Latest release:
694 sites
443 downloads
34 fans
Current versions available: 10
This plugin synchronizes Moodle cohorts against an LDAP directory using either group memberships or attribute values. This is a continuation of Patrick Pollet's local_ldap plugin, which in turn was inspired by MDL-25011 and MDL-25054.
This plugin requires that you have either CAS or LDAP enabled as an authentication method. It officially supports OpenLDAP and Active Directory. Both have unit test coverage.
The synchronization tasks are managed as scheduled tasks and are disabled by default.
Useful links
Screenshots
Contributors
Charles Fulton (Lead maintainer)
Andrew Zito
Please login to view contributors details and/or to contact them
root@s2Moodle:/var/www# php /var/www/html/admin/tool/task/schedule_task.php --execute='local_ldap\task\group_sync_task' --showsql
PHP Warning: PHP Startup: Unable to load dynamic library 'openssl' (tried: /usr/lib/php/20190902/openssl (/usr/lib/php/20190902/openssl: cannot open shared object file: No such file or directory), /usr/lib/php/20190902/openssl.so (/usr/lib/php/20190902/openssl.so: cannot open shared object file: No such file or directory)) in Unknown on line 0
PHP Warning: require(../../../config.php): failed to open stream: No such file or directory in /var/www/html/admin/tool/task/schedule_task.php on line 29
PHP Fatal error: require(): Failed opening required '../../../config.php' (include_path='.:/usr/share/php') in /var/www/html/admin/tool/task/schedule_task.php on line 29
# cd /path/to/moodle
# sudo -u www-data [...]
I'm not saying that it is cause of the errors you get, but makes me less reluctant to dive in to your case. Either way, I'm just a user of this plug-in. Hopefully, still the your output might help a developer to help you.
I've run the command with www-data but still the same...
"
root@s2MoodleDev:/home/moodleadmin# sudo -u www-data php /var/www/html/admin/tool/task/schedule_task.php --execute='local_ldap\task\group_sync_task' --showsql
PHP Warning: require(../../../config.php): Failed to open stream: No such file or directory in /var/www/html/admin/tool/task/schedule_task.php on line 29
PHP Fatal error: Uncaught Error: Failed opening required '../../../config.php' (include_path='.:/usr/share/php') in /var/www/html/admin/tool/task/schedule_task.php:29
Stack trace:
#0 {main}
thrown in /var/www/html/admin/tool/task/schedule_task.php on line 29
"
I want to transfer a large number of groups (almost 3000) from LDAP to Moodle. When I run the script for the group synchronization, I get the following output after about 4 minutes after setting the time limits for nginx:
Execute scheduled task: Synchronize cohorts from LDAP groups (local_ldap\task\group_sync_task)
... started 11:04:46. Current memory use 15.0 MB.
... used 2781 dbqueries
... used 243.29541778564 seconds
Scheduled task complete: Synchronize cohorts from LDAP groups (local_ldap\task\group_sync_task)
But no groups are created.
I am using Moodle 4.3.2+ Build: 20240125, i.e. the latest version.
What can I do?
Ralph
Well, it's clearly doing *something*. If you're expecting it to create cohorts that don't exist, you'll need to have "Autocreate missing cohorts" checked. I would also look at the task logs and see what queries are being run.
Charles
nice to read from you. Maybe I'm getting there now.
I have checked "Autocreate missing cohorts", but that doesn't work.
I have made a screenshot for comparison. You can find it under
https://cloudfiles.osz-lise-meitner.eu/index.php/s/rnbP4nbWZQxYcFz
"Autocreate missing cohorts" was checked for the first two lines, but not for the third line. You can clearly see the time differences, but in all cases nothing is written.
Apache directory studio provides this entry for groups: "DN: cn=alumni,ou=groups,dc=example,dc=eu"
Where can I find more log entries?
Ralph
I have adjusted the logging for mariadb.
In the log file, I used grep to search for lines containing "mdl_cohort ".
All lines found were SELECT statements of the form:
SELECT * FROM mdl_cohort WHERE idnumber = 'alumni'
I found exactly as many lines (2782) as there are groups in the LDAP and after idnumber was the group name.
I did not find any lines containing INSERT into mdl_cohort.
Can you help me?
Ralph
Do the users exist on your Moodle environment? This plugin only creates and syncs cohorts; it won't create users.
Charles
Thank you for your reply.
Yes, there are users already set up in Moodle that have a group in LDAP. However, they are members of multiple groups. The memberOf attribute is assigned multiple times. Could this be a problem?
Do I need to do anything special when configuring LDAP in Moodle?
Ralph
The automatic creation of groups in Moodle now works. It was due to the entry "member attribute" in the configuration for LDAP. Instead of "memberOf", it must be "member", because this attribute does not refer to the entry for the LDAP users, but to the entry for the LDAP groups.
However, the process ends with an error message that a lock cannot be set and a temporary "disorientation" of the server or Apache, so I don't really know whether I should let the process run on our production system.
Ralph
I hope that this has solved the problems.
Execute scheduled task: Synchronize cohorts from LDAP groups (local_ldap\task\group_sync_task)
... started 13:59:51. Current memory use 15.7 MB.
... used 626 dbqueries
... used 4.9145879745483 seconds
Scheduled task complete: Synchronize cohorts from LDAP groups (local_ldap\task\group_sync_task)
So its reading 626 things, but it does never write anything, so there are also no cohorts created in moodle.. Any idea?