Authentication: LDAP server (Sync Plus)

auth_ldap_syncplus
Maintained by Picture of Ulm University Ulm University, Picture of Alexander Bias Alexander Bias
Moodle authentication plugin which provides all functionality of auth_ldap, but supports advanced features for the LDAP synchronization task and LDAP authentication.
337 sites
280 downloads
33 fans

Moodle core's auth_ldap authentication plugin is a great basis for authenticating users in Moodle. However, as Moodle core's auth_ldap is somehow limited in several aspects and there is no prospect to have it improved in Moodle core, we have implemented an extended version for LDAP authentication with these key features:

  • The most important part: All functions from auth_ldap are still working if you use this authentication plugin.
  • The plugin adds the possibility to the LDAP synchronization task to suspend users which have disappeared in LDAP for a configurable amount of days and delete them only after this grace period (the Moodle core LDAP synchronization task only provides you the option to suspend _or_ delete users which have disappeared in LDAP - MDL-47018).
  • You can prevent the LDAP synchronization task from creating Moodle accounts for all LDAP users if they have never logged into Moodle before (the Moodle core LDAP synchronization task always creates Moodle accounts for all LDAP users - MDL-29249).
  • You can fetch user details from LDAP on manual user creation (MDL-47029).
  • It supports login via email for first-time LDAP logins (Moodle core only supports login via email for existing Moodle users - MDL-46638)
  • It adds several line breaks to the output of the LDAP synchronization task to improve readability (MDL-30589).

Please see README file for details about the usage and features of this plugin.

No support in the comments section on this page

Please note that we don't provide any support for this plugin in the comments section on this page anymore.

We appreciate your commendation and reviews for this plugin in the comments. For bug reports and support requests, please read the extensive information in the plugin's README file first and create, if needed, a ticket in the bug tracker which is linked below.

Thanks for your cooperation.

Screenshots

Screenshot #0

Contributors

Picture of Ulm University
Ulm University (Lead maintainer)
Picture of Alexander Bias
Alexander Bias: Developer
Please login to view contributors details and/or to contact them

Comments RSS

Show comments
  • Picture of Alexander Bias
    Thu, 28 Jan 2016, 4:19 AM
    Hi Yaoning Tao,

    I think the message says it all - the manual sync script is still there, but is deprecated because it is replaced with a scheduled task within Moodle.
    If you really want to use the manual script, please go to Site administration > Server > Scheduled tasks and disable the scheduled task for this plugin.

    Thanks,
    Alex
  • Picture of Marc Bonaventura
    Mon, 4 Apr 2016, 9:51 PM
    Hi Alex,

    when adding the plugin, old users created with the standard LDAP plugin still require it to log-in, with new users being fetched from the LDAP repository are created with the new plugin. Is there any way to "move" users from one plugin to another? If not, then none of the plugins can be ever uninstalled without losing the log-in capabilities to users who where imported with that particular plugin.
    In other words: if I disable the standard LDAP plugin, no user that was already in the system can log-in anymore. If I disable the "sync plus" plugin instead, no "new" users that logged in for the first time with this plug-in (higher priority in the authentication list) can log in to the system anymore.

    Otherwise great plugin, looking forward to using it fully smile
  • Picture of Alexander Bias
    Tue, 5 Apr 2016, 2:49 AM
    Marc,

    I think all you need to know is listed on https://github.com/moodleuulm/moodle-auth_ldap_syncplus/blob/master/README.md, in the last paragraph of section "Usage & settings".

    Thanks,
    Alex
  • Picture of Sebastian T.
    Thu, 26 May 2016, 5:24 PM
    Hi Guys, thanks for that awesome plugin. Any chance to see LDAP cohort sync for LDAP/AD Groups built into this plugin - it would make it the complete solution especially since the moodle_local_ldap plugin is discontinued and stopped working with MDL 2.8.....
  • Picture of Alexander Bias
    Fri, 27 May 2016, 3:33 AM
    Hi Sebastian,

    well, the features which auth_ldap_syncplus adds over auth_ldap are focused at user account lifecycle management. Adding a cohort sync feature would be out of the scope of this plugin.

    With moodle_local_ldap, you mean https://github.com/patrickpollet/moodle_local_ldap ? Well, Patrick Pollet died some time ago as far as I know and that is a pretty good reason why the plugin is discontinued...

    Please have a look at https://github.com/moodleuulm/moodle-local_profilecohort. This is a plugin which we have developed for a similar purpose and are already using it in production. It just needs some more features and will then be published shortly in the Moodle plugins repo.

    Thanks,
    Alex
  • Picture of Tyler Bogdan
    Wed, 29 Jun 2016, 11:57 PM
    Will the latest version work on 3.1 or will there be a new release?
  • Picture of Alexander Bias
    Mon, 4 Jul 2016, 9:32 PM
    Hi Tyler,

    citing our Moodle release support statement from https://github.com/moodleuulm/moodle-auth_ldap_syncplus/blob/master/README.md:
    -----
    Due to limited resources, block_people is only maintained for the most recent major release of Moodle. However, previous versions of this plugin which work in legacy major releases of Moodle are still available as-is without any further updates in the Moodle plugins repository.

    There may be several weeks after a new major release of Moodle has been published until we can do a compatibility check and fix problems if necessary. If you encounter problems with a new major release of Moodle - or can confirm that auth_ldap_syncplus still works with a new major relase - please let us know on https://github.com/moodleuulm/moodle-auth_ldap_syncplus/issues
    -----

    Currently, we plan to work on 3.1 in July. But as far as I see, there are no fatal errors with the 3.0 version of this plugin on 3.1.

    Thanks,
    Alex
  • Picture of Alan Lowe
    Thu, 28 Jul 2016, 2:35 AM
    Alex, Good day, great plugin m8. We are able to authenticate with LDAP Server Sync Plus, however the scheduled task in the Moodle GUI seems to be having some form of issue as it continues to Fail/Delay. I have verified with the log files that the cron.php for moodle is running without errors, and that the rest of the tasks in the scheduler are running as intended, this is the only one that seems to be having an issue, any ideas?
    Moodle Ver. 3.1.1
    LDAP Server Sync Plus Ver. v3.1-r1 2016071900
  • Picture of Alexander Bias
    Thu, 28 Jul 2016, 1:02 PM
    Hi Alan,

    you have also written a private message to me. After your last message, I had the conclusion that the problem you decribed is done, that's why I won't answer on them. If there are any more problems, please come back to me.

    Thanks,
    Alex
  • Picture of Grzegorz Ziółek
    Tue, 22 Nov 2016, 10:02 PM
    Hello Alex,

    Quick question. Does this plugin update custom fields during ldap_sync?
  • Picture of Alexander Bias
    Tue, 22 Nov 2016, 11:21 PM
    Hi Grzegorz,

    auth_ldap_syncplus is based on auth_ldap, thus it will sync whatever auth_ldap syncs.

    In recent versions of Moodle, you can map custom profile fields to LDAP fields, this is done on /admin/auth_config.php?auth=ldap_syncplus. With this feature, you can fill custom profile fields on user creation and on login.

    Unfortunately, this does not work for the scheduled LDAP sync task. There is a ticket on https://tracker.moodle.org/browse/MDL-40613 for Moodle core which is somehow stuck and we didn't have the time to contribute resources for solving this ticket.

    Summing up:
    * Yes you can map custom profile fields
    * This is a feature of Moodle core, not of our plugin
    * You can't fully rely that the values in the custom profile fields are up to date for all users as they are only updated on login and not with the (nightly) LDAP sync task.

    Hope this helps.

    Alex
  • Picture of Paul Nijbakker
    Fri, 7 Apr 2017, 10:16 PM
    Hi,
    This is an interesting plugin. My question is: Can this plugin exist next to the standard LDAP plugin, so that a site basically has two LDAP authentication instances which authenticate users from two different active directories?
  • Picture of Alexander Bias
    Sat, 8 Apr 2017, 12:52 AM
    Hi Paul,

    I have never built a setup like this before myself, but theoretically it should work without problems.

    Thanks,
    Alex
  • Picture of Yegor Grishko
    Tue, 25 Jul 2017, 12:07 PM
    Hello, any news on when will 3.3 version available? Thank you!
  • Picture of Alexander Bias
    Thu, 27 Jul 2017, 3:26 PM
    Hi Yegor,

    we will need some more weeks until we can do 3.3 testing due to our delayed internal scheduled.

    However, up to now, we haven't received any problem reports with the 3.2 version on 3.3. Please give it a try.

    Thanks,
    Alex
1 2 3
Please login to post comments