Forums
Documentation
Downloads
Demo
Tracker
Development
Translation
Search

Search
Moodle Sites

Moodle.org

LDAP syncing scripts

General plugins (Local) ::: local_ldap

Maintained by

Charles Fulton,

Andrew Zito

This plugin synchronizes Moodle cohorts against an LDAP directory using either group memberships or attribute values.

Latest release: 12 hours

680 sites

476 downloads

31 fans

Current versions available: 10

This plugin synchronizes Moodle cohorts against an LDAP directory using either group memberships or attribute values. This is a continuation of Patrick Pollet's local_ldap plugin, which in turn was inspired by MDL-25011 and MDL-25054.

This plugin requires that you have either CAS or LDAP enabled as an authentication method. It officially supports OpenLDAP and Active Directory. Both have unit test coverage.

The synchronization tasks are managed as scheduled tasks and are disabled by default.

Useful links

Source control URL

Screenshots

Screenshot #0

Contributors

Charles Fulton (Lead maintainer)

View other contributions

Andrew Zito

View other contributions

Please login to view contributors details and/or to contact them

Comments

Comments

Guybrush Threepwood
Mon, 14 May 2018, 7:34 PM
Hi,

with the new version of the plugin as of today (2018050400), the output is slighty different:

Execute scheduled task: Synchronize cohorts from LDAP groups (local_ldap\task\group_sync_task)
... started 12:56:49. Current memory use 6.2Mo.
... used 1358 dbqueries
... used 48.352494955063 seconds
Scheduled task complete: Synchronize cohorts from LDAP groups (local_ldap\task\group_sync_task)

But the result is still the same: no cohort is created (or even synchronized for existing correlating one).

If I run the script using --showsql parameter, I can see that it is enumerating the different AD Groups:

SELECT * FROM mdl_cohort WHERE idnumber = ?
[array (
0 => 'GGM_S2M_ET_Classes_2HMI',
)]
--------------------------------
Query took: 0.0034809112548828 seconds.

What is going wrong?
Jan Derecz
Tue, 22 May 2018, 6:46 PM
Hi,

Great plugin!

but I've one problem. I use sync cohorts by attribute ("department"). I've user A with value "Dep1" for attribute "department" so he's add to cohorte "Dep1" - it's OK. I changed for this user value of department to "Dep2" and he shows in cohort Dep1 and Dep2

Regards
Jan
Charles Fulton
Tue, 22 May 2018, 8:59 PM
Hi Jan,

That's unexpected. Are there any other users with the department attribute set to Dep1, or is User A the only one now?

Charles
Jan Derecz
Tue, 22 May 2018, 9:08 PM
only one
Charles Fulton
Tue, 22 May 2018, 9:11 PM
Hi Jan,

As there are no users in LDAP with the Dep1 attribute, the plugin isn't syncing the Dep1 cohort at all. If you manually remove User A he shouldn't be re-added.

Charles
Jan Derecz
Wed, 23 May 2018, 1:26 AM
Ok, I think that I know the reason. If I use only cohorts creating from AD then DELETE FROM cohort_members before sync should resolve my problem?
Guybrush Threepwood
Fri, 25 May 2018, 2:55 PM
Still no change to sync cohorts from my AD groups... No cohorts are created and existing cohorts is not populated based on AD Groups... any help would be appreciated. I already asked in the related discussion: https://moodle.org/mod/forum/discuss.php?d=160751.
Marlise Nauer
Mon, 18 June 2018, 10:14 PM
Hi Charles
We use moodle 3.5 with your latest plugin.
We have the same affect like Guybrush.
Is there any solution for that problem?
Best regards Marlise
Charles Fulton
Mon, 18 June 2018, 10:33 PM
Hi Marlise,

I believe what Guybrush is experiencing is a configuration issue and not a problem with the plugin.

Best,

Charles
Zigor Astarbe
Tue, 10 July 2018, 9:16 PM
FEATURE REQUEST:
Hi friends, don't know where to write to make a feature request for this plugin:
- Is it possible to make an option to delete unused cohorts? (with no users in it).
- Is it possible to make an option to detele unsynced cohorts? (cohorts with no group in active directory).

thanks in advance,

Zigor.
Charles Fulton
Tue, 10 July 2018, 9:59 PM
Hi Zigor, you may contribute feature requests at https://github.com/LafColITS/moodle-local_ldap/issues. Best, Charles.
KME Support
Wed, 22 Aug 2018, 3:48 AM
Hi Charles. I have a similar issue to guybrush. When i run the scheduled task i get the same output but no cohorts are synced.
I guess the issue appeared since upgrade to Moodle 3.5 but we haven‘t made any change to the configuration since then, except we changed the ldap username attribute to UPN. I already tried changing it back to samAccount name but it still doesn‘t work.

Any ideas to trace that issue?

Thanks for any reply and your great work.

Simon
Michel Rancourt
Thu, 23 Aug 2018, 5:10 AM
Hi Charles, since upgrade to 3.5 no cohorts updates and no cohorts creation. Same issues.

Thank you
Charles Fulton
Thu, 23 Aug 2018, 5:23 AM
Folks, I'm not sure what to suggest. My institution is running on 3.5.1 and the plugin works. Our backend is OpenLDAP. I don't have an Active Directory environment to test against. If I had to venture a guess, the paged user queries to AD either aren't returning users or are returning them in an unexpected way.
KME Support
Thu, 23 Aug 2018, 8:00 PM
I was able to track down the issue on our side, and it was indeed NOT related to the Plugin, sorry for the confusion. Instead we had two different Problems with the Moodle LDAP Config and inconsistent Groups in Active Directory. Also since Moodle 3.5, only 100 cohorts are listed in the dropdown menu, which made our teachers first think, the cohorts where not created.

Anyway on thing i thought would be great to have, was a debug parameter for the CLI Script sync_cohorts.php to display the results, that are fetched from LDAP. Since i had no clue what the plugin does in the background, i tried to output contents of variables by placing print_r() in different places in the code of the plugin. That's how i finally figured out, that the plugin was actually working correctly ...

Once again thanks for your work!

Please login to post comments