Your Moodle version

Authentication: LDAP server (Sync Plus)

auth_ldap_syncplus
Maintained by Picture of University of Ulm University of Ulm, Picture of Alexander Bias Alexander Bias
Moodle authentication method which provides all functionality of auth_ldap, but supports advanced features for the LDAP synchronization script and LDAP authentication.
3k
129
4

  • It adds the possibility to the LDAP synchronization script to suspend users which have disappeared in LDAP for a configurable amount of days and delete them only after this grace period (the Moodle core LDAP synchronization script only provides you the option to suspend _or_ delete users which have disappeared in LDAP - MDL-47018).
  • You can prevent the LDAP synchronization script from creating Moodle accounts for all LDAP users if they have never logged into Moodle before (the Moodle core LDAP synchronization script always creates Moodle accounts for all LDAP users - MDL-29249).
  • You can fetch user details from LDAP on manual user creation (MDL-47029).
  • It supports login via email for first-time LDAP logins (Moodle core only supports login via email for existing Moodle users - MDL-46638)
  • It adds several line breaks to the output of the LDAP synchronization script to improve readability (MDL-30589).

See README file for details

Screenshots

Screenshot #0

Contributors

Picture of University of Ulm
University of Ulm (Lead maintainer)
Picture of Alexander Bias
Alexander Bias: Developer
Please login to view contributors details and/or to contact them

Comments RSS

Show comments
  • Picture of Alexander Bias
    Mon, May 26, 2014, 2:22 PM
    Dear plugins bot, as this is only a authentication plugin, there is no screenshot which would make sense smile
  • Picture of David Mudrák
    Mon, May 26, 2014, 3:06 PM
    Hi Alexander. Nice to hear from you again. Please excuse our new staff member for being rather blunt. It is still learning how to do its job properly smile I fully understand there is probably not much to show in this case. Looking forward to review your plugin - asap. Thanks for understanding and being patient.
  • Picture of Alexander Bias
    Mon, May 26, 2014, 3:37 PM
    Thanks, David smile
  • Anthony Borrow
    Mon, May 26, 2014, 10:46 PM
    Alexander - You could show the settings page - especially the section that highlights what is distinctive about ldap_plus - for example, the Cron synchronization script section. Peace - Anthony
  • Anthony Borrow
    Tue, May 27, 2014, 3:31 AM
    Alexander - Ideally it is encouraged to avoid underscores in the names of the plugins. I emphasize that this is an ideal and not a requirement. I try to get things as close to ideal at the beginning because once approved to change it involves a great deal more work. Would it be worth it to consider renaming the folder ldapsyncplus or would you prefer to leave it as it is? Either way is fine but without the underscore would theoretically be better (but practically the same). If you have any questions just let us know. Peace - Anthony
  • Picture of David Mudrák
    Tue, May 27, 2014, 6:56 AM
    For the record, underscores are prohibited in activity modules and tolerated (still discouraged) in other plugin types. Having them has some impractical consequences (such as higher risk of a function/class name conflict with auth_ldap plugin in this case or extra characters in DB table names that have pretty limited length etc). Therefore we encourage plugin authors to avoid them if possible. Once the plugin is deployed to production sites, the change is very difficult, as Anthony says.
  • Picture of Alexander Bias
    Tue, May 27, 2014, 2:58 PM
    Dear David, dear Anthony,

    I have added a screenshot with the special section in the settings page.

    Concerning the underscore: Normally, I try to follow Moodle coding guidelines as best as possible. I was not aware that there are problems with underscores in plugin names - quite the contrary, I thought that it would be better to use underscores to separate words than dashes. Perhaps I misunderstood the Frankenstyle guidelines in this particular part. But is there a wiki page where it is mentioned that underscores are prohibited in plugin names?

    Originally, I added the _syncplus suffix to make clear that this is a subplugin for auth_ldap and it does not work without it. And I already have other plugins with underscores in the plugins repository (https://moodle.org/plugins/view.php?plugin=local_resort_courses and https://moodle.org/plugins/view.php?plugin=block_login_userinfo)...

    To sum it up, I would be willing to change the name to a version without underscores. Unfortunately, we already are at the point that the plugin is in production at some Moodle instances in germany. So, my question is: Is the absence of underscores a must-have or would you be willing to wave the plugin through this time?

    PS: The additions in auth_ldap_syncplus to auth_ldap are minimal. And I think these additional features could simply be included to auth_ldap. For the plugin's "grace period" functionality, there is no tracker item yet, but for the other two of the plugin's functionalities, I already created tracker items on https://tracker.moodle.org/browse/MDL-29249 and https://tracker.moodle.org/browse/MDL-30589.

    Thanks,
    Alex
  • Picture of David Mudrák
    Tue, May 27, 2014, 3:26 PM
    Thanks for adding the screenshot. As I was trying to explain above - underscore are not prohibited. The only plugin type they can't be used is the Activity module (mod). And that has deep historical reasons dating back to early years of Moodle development. As you know, activity modules are frankenstyle exception in that sense that that do not use the mod_ prefix in many places where other plugins use it (function names, classes names, DB table names, string files etc). If underscore was allowed there and there was an activity module like foo_bar, the Moodle core would have no idea if that means the 'boo' plugin of the 'foo' type or if it is mod_foo_bar. All other modules use prefix so the Moodle core can detect the plugintype correctly (by using the part of the name before the first underscore).

    If your auth plugin is already in production, there is really no need to worry with the renaming. There is no strict policy on this subject and even some core plugins use the underscore in the name. I am going to finish the review of this plugin now. Thanks Alexander.
  • Picture of David Mudrák
    Wed, May 28, 2014, 6:55 PM
    Thanks for submitting this Alexander. I am going to approve the plugin now. I appreciate you designed your plugin so that it inherits as much from the auth_ldap as possible, without copying the code. It is a nice example of customizing standard Moodle behaviour without the need to patch it.

    I found the extended behaviour of your plugin pretty reasonable. Let me encourage you to try and prepare a patch for the core's auth_ldap that would include both your plugin features.

    Said that, runway free and cleared to land. Welcome to Plugins directory!
  • Picture of David Andrew
    Wed, Dec 3, 2014, 12:25 PM
    Firstly This works great.
    I work for a government agency that has recently merged and hence we run 2 AD's at the moment so I am using ldap_syncplus and the default.
    Each can then search against different directories. The 2 domains trust each other and I am using the 1 AD account to search both domains. Is there a problem witht he way I am doing this, and is there a better way?
  • Picture of Alexander Bias
    Wed, Dec 3, 2014, 3:56 PM
    David,

    Although the plugin was not developed for scenarios like yours, I see nothing wrong with your setup. You will have two auth plugins which can be configured independently and which use the same functions under the hood.

    The only downside I see is that each Moodle user has the auth plugin to use set in his profile. This means that user A who uses auth_ldap will only be searched in the LDAP Server configured in auth_ldap. There is no possibility to migrate users from one LDAP server to the other LDAP server without changing the auth plugin in Moodle.

    I don't know if there are better solutions for your problem and if auth_ldap can be configured to contact two LDAP servers or if you can configure only one LDAP server in Moodle and this LDAP server hands over the auth request to a second LDAP server if he can't find a user in his directory. Please turn to the Moodle forums if you want to get a better solution.

    Thanks,
    Alex
  • Picture of Esther J
    Mon, Mar 23, 2015, 8:25 PM
    Hi Alex,
    Hope you are well!.
    I have download Ldap plugin and installed via "Install plugins". After successful validation, redirected to "Manage authentication" to enable "LDAP server (Sync Plus)". Upon click of Settings, shows this message " The PHP LDAP module does not seem to be present. Please ensure it is installed and enabled if you want to use this authentication plugin." I have uncommented ldap.dll in php.ini file however error message remains there.

    Additional information,
    1. MOODLE_28_STABLE
    2. PHP 5.5.11
    2 phpMyAdmin 4.1.12
    3 Database server - MySql 5.6.16
    4 Apache 2.4.9 

    Plz help to fix this problem.
  • Picture of Alexander Bias
    Mon, Mar 23, 2015, 8:37 PM
    Hi Ester,

    the error message you have posted tells me that your webserver does not have the php-ldap module loaded which is necessary for this plugin. I assume that this is not a problem of our plugin, you probably won't be able to use the Moodle core LDAP authentication, too.

    You say that you have uncommented ldap.dll in php.ini. .dll files correspond to Windows and I am no Windows expert.
    The only thing I can tell you is that on Linux, there must be a line
    extension=ldap.so
    in php.ini and this extension file must be installed, of course. Please talk to your webserver admins if they can help you getting this PHP extension running.

    Thanks,
    Alex
  • Picture of Esther J
    Mon, Mar 23, 2015, 9:23 PM
    Hi Alex,

    Thank you for your reply. I will considered this "extension=ldap" when I do/reply in linux.

    To anwser to your question, yes I'm unable to use core LDAP also (has same error message)
  • Picture of Esther J
    Mon, Mar 23, 2015, 9:24 PM
    Hi Alex,

    Thank you for your reply. I will consider this "extension=ldap" when I do/reply in linux.

    To anwser to your question, yes I'm unable to use core LDAP also (has same error message)
1 2
Please login to post comments