moodle-an-hochschulen / moodle-auth_ldap_syncplus Goto Github PK

Could we use the plug-in exclusively to synchronize missing data from the IDM that cannot be retrieved due to Open-ID-Connect authentication like fetch user details from manual user creation?

In our specific use case, we are using Open ID Connect with Azure AD without important data such as student matriculation numbers and other sensitive information, which theoretically could be available through LDAP.

Moodle 3.6
Ubuntu 18.04.2 LTS
PostgreSQL 10.9
apache 2.4.29
php 7.2.19

There is no way to remove the plugin. In the list of plugins in the line there is no "delete" button.

Hi,

We use your plugin in our virtual learning environment (Moodle 3.7.2). Recently, we have been receiving reports from our LDAP account users that the link in the password reset emails that they receive failed to display (see screenshot below).

While the message for manual accounts users work fine (see screenshot below).

Please can you help us to look into this issue? Thank you!

On https://github.com/moodleuulm/moodle-auth_ldap_syncplus/blob/master/settings.php#L30, a notification banner is rendered.

Unfortunately, this notification banner has a close button which does not really make sense.
But implementing the notification banner differently, the close button can be removed.
See https://github.com/moodleuulm/moodle-local_profiletheme/blob/master/classes/profilefields.php#L220-L223 for a working example.

Hello, we want to use this function: synchronize the attribute "suspended" - but it doesn't work, The users with this attribute are not suspended. What do we have to do to make this function work as expected?

version v3.11-r1 (2021072000) auth_ldap_syncplus

Thank you very much for your help

Would be a nice enhancement to not just die in case of malicious data arriving from the LDAP server. Sadly this only reached moodle 4.

• MDL-58395
• Changeset

Is there any workflow on how to notice those changes upstream? git log auth/ldap/auth.php in moodle base repo is helpful to identify those. Backporting is quite painful since it has to be done manually.

Hello,

Moodle 4.1 (221128), MySQL 10.4.27-MariaDB in a local instance.

The Moodle itself is working properly, but it looks like the Syncplus plugin has a problem. Existing users log in properly, but all new users created in my AD are not added properly to the Moodle. They only get added with their first name and username populated. The only was I have to get those accounts to work properly is to manually add the last name and email address to the account.

The log for the programmed task shows that the plugin sees the new users and adds them, and does not throw an error. I assume it's because some information does not make it through from AD to the plugin.

I'd guess this stopped working when I updated the Moodle to 4.1, but I'm really not sure.

I'm not too knowledgeable with Moodle but any help pointing me in the right direction would be appreciated.

Here's what I tried up to now, which is not much, I agree:

• Rebooted the server
• Reverted an update to MySQL
• Tried to determine from the PHP scripts what the SQL statement to add the user. No joy!
• I could not try a revert of Moodle, no backup available to do so.

It's not much, and I not asking for someone to fix the problem for me, I'm just looking for ideas what to try and learn.

Thanks a lot.

HI Team,

When running th sync i get the following error for a server, but i cant find the temp database table to flush the data.
Is there a way to ignore duplicates or to force a full resync?

Execute scheduled task: LDAP users sync job (Sync Plus) (auth_ldap_syncplus\task\sync_task)
... started 17:02:35. Current memory use 8.7MB.
Connecting to LDAP server...

Creating temporary table tmp_extuser

............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... used 1231 dbqueries
... used 2.116021156311 seconds
Scheduled task failed: LDAP users sync job (Sync Plus) (auth_ldap_syncplus\task\sync_task),Error writing to database
Debug info:
Duplicate entry '1-zmhrprdmpdc001$' for key 'mdl_tmpextu_mneuse_uix'
INSERT INTO mdl_tmp_extuser (username,mnethostid) VALUES(?,?)
[array (
0 => 'zmhrprdmpdc001$',
1 => '1',
)]
Backtrace:

• line 1274 of /lib/dml/mysqli_native_moodle_database.php: call to moodle_database->query_end()
• line 1050 of /auth/ldap/auth.php: call to mysqli_native_moodle_database->insert_record_raw()
• line 132 of /auth/ldap_syncplus/auth.php: call to auth_plugin_ldap->ldap_bulk_insert()
• line 56 of /auth/ldap_syncplus/classes/task/sync_task.php: call to auth_plugin_ldap_syncplus->sync_users()
• line 141 of /lib/cronlib.php: call to auth_ldap_syncplus\task\sync_task->execute()
• line 249 of /lib/cronlib.php: call to cron_run_inner_scheduled_task()
• line 91 of /admin/tool/task/schedule_task.php: call to cron_run_single_task()

Hi,

When running th Ldap sync Plus , i get the following error .Plugins works and finds Users but it appears error:
Fatal error: Call to undefined method auth_plugin_ldap_syncplus::get_profile_keys() in /var/www/moodle/auth/ldap_syncplus/auth.php on line 334

Could you Please help me.
Thanks

I have a trouble with the data mapping conecting with Active Directory

I try to get the data of office and doesnt work.

The next field is manager, this field sincronize all the path like CN=Jorge Castrillo,OU=*****,OU=****, .... i just need the CN.

Some know how to mapping this field in the correct mode?

When using LDAP_Syncplus the AD accounts are synchronized as expected but all AD accounts in disabled status are still sync'd. The behavior I would expect is that these would come over and be created (or updated as the cron job runs) with the suspended flag set (preferred) or at least associated with the No Login plugin.

Hello! I have moodle 3.5+ with php 7.1.18, pgsql 9.3.23 and 15100 users by auth_ldap from Active Directory. And now these users in auth_ldap_syncplus (I use "Migrating from auth_ldap to auth_ldap_syncplus" instruction).
I try to run scheduled task "Users Sync Job", and get the error below:

Execute scheduled task: LDAP users sync job (Sync Plus) (auth_ldap_syncplus\task\sync_task)
... started 10:30:53. Current memory use 10.4MB.
Подключение к серверу LDAP ...
Создание временной таблицы tmp_extuser
................................... used 4028 dbqueries
... used 1.4261510372162 seconds
Scheduled task failed: LDAP users sync job (Sync Plus) (auth_ldap_syncplus\task\sync_task), Ошибка записи в базу данных
Debug info:
ERROR:  duplicate key value violates unique constraint "mdl_tmpextu_mneuse_uix"
DETAIL:  Key (mnethostid, username)=(1, msmirnov) already exists.
INSERT INTO mdl_tmp_extuser (username,mnethostid) VALUES($1,$2) 
[array (
  'username' => 'msmirnov',
  'mnethostid' => '1',
)]
Backtrace:
* line 248 of /lib/dml/pgsql_native_moodle_database.php: call to moodle_database->query_end()
* line 969 of /lib/dml/pgsql_native_moodle_database.php: call to pgsql_native_moodle_database->query_end()
* line 952 of /auth/ldap/auth.php: call to pgsql_native_moodle_database->insert_record_raw()
* line 135 of /auth/ldap_syncplus/auth.php: call to auth_plugin_ldap->ldap_bulk_insert()
* line 56 of /auth/ldap_syncplus/classes/task/sync_task.php: call to auth_plugin_ldap_syncplus->sync_users()
* line 105 of /lib/cronlib.php: call to auth_ldap_syncplus\task\sync_task->execute()
* line 297 of /lib/cronlib.php: call to cron_run_inner_scheduled_task()
* line 91 of /admin/tool/task/schedule_task.php: call to cron_run_single_task()

I use last auth_ldap_syncplus version (updated today) - v3.5-r1.
Help, please ;)

Hello,

I have been using this for several years successfully, and it worked great after the upgrade to Moodle 4. Back in October (I don't have to check the plugin status often), I apparently errored out on the users sync job, and I haven't been able to run since then. I've turned on debugging, and this is the output (with usernames removed.

`Execute scheduled task: LDAP users sync job (Sync Plus) (auth_ldap_syncplus\task\sync_task)
... started 16:05:17. Current memory use 13.0 MB.
Connecting to LDAP server...

Creating temporary table tmp_extuser

........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................Got 1128 records from LDAP

No user entries to be revived

No user entries to be suspended
User entries to be removed: 128

Waiting in removal queue for 90 day grace period: user.removed ID 647
Waiting in removal queue for 90 day grace period: user.removed ID 1075

... used 1156 dbqueries
... used 5.1207370758057 seconds
Scheduled task failed: LDAP users sync job (Sync Plus) (auth_ldap_syncplus\task\sync_task),Invalid class module ID
Backtrace:

• line 2235 of /lib/modinfolib.php: call to course_modinfo->get_cm()
• line 1041 of /lib/completionlib.php: call to cm_info::create()
• line 631 of /lib/completionlib.php: call to completion_info->get_data()
• line 1530 of /lib/completionlib.php: call to completion_info->update_state()
• line 1201 of /lib/grade/grade_grade.php: call to completion_info->inform_grade_changed()
• line 302 of /lib/grade/grade_object.php: call to grade_grade->notify_changed()
• line 1122 of /lib/grade/grade_grade.php: call to grade_object->delete()
• line 1541 of /lib/gradelib.php: call to grade_grade->delete()
• line 4133 of /lib/moodlelib.php: call to grade_user_delete()
• line 337 of /auth/ldap_syncplus/auth.php: call to delete_user()
• line 54 of /auth/ldap_syncplus/classes/task/sync_task.php: call to auth_plugin_ldap_syncplus->sync_users()
• line 253 of /lib/cronlib.php: call to auth_ldap_syncplus\task\sync_task->execute()
• line 167 of /admin/cli/scheduled_task.php: call to cron_run_inner_scheduled_task()`

I was able to actually sync about 900 users into the system. Didn't do any other tests with the code anyway.

Hello Friends,

I want to have have the possibility of create users in LDAP if they already exist on moodle or if an admin create on user or submit a CSV. Is this possible with this plugin?

Thanks in advance.

PS: I tried to do these actions, but still no object has been created on the directory.

I configured the plugin and it created accounts but did not pass information in AD fields to Moodle. I also get this error: LDAP paged results not supported (either your PHP version lacks support, you have configured Moodle to use LDAP protocol version 2 or Moodle cannot contact your LDAP server to see if paged support is available.)

Any ideas on how to resolve this?

Hello,
Thanks for the work on this. I have two custom profile fields for students that should pull from "title" and "departmentNumber" from Google's Secure LDAP. The title field pulls reliably, but I can't seem to figure out how to make departmentNumber come in each time. When I do a sync, it changes some of the people, but it appears random. It also doesn't work if I have the fields set to update on each login. Is there some limitation I can't seem to find here?

Hi!

It's possible to add other LDAP search fields for login? For example: mail, samaccountname, cn.... it's was useful because user can choose one to login, if can't remember his common username...

hello,

The active directory allows the uid to have more than one entry. Does the plugin handle this?

As plugin developer, if you do not have a production LDAP server at hand, you can spin up a LDAP server as Docker container on your dev system.

Here's how:

curl -sSL https://raw.githubusercontent.com/bitnami/containers/main/bitnami/openldap/docker-compose.yml > /tmp/ldap-docker-compose.yml
docker-compose -p ldap -f /tmp/ldap-docker-compose.yml up -d
docker network connect moodle-docker-stable400_plugins_pgsql_php74_default ldap-openldap-1 # Adapt the network name to your local setup

Afterwards, you can setup the plugin with settings like these:

auth_ldap_syncplus | host_url: ldap://172.23.0.7:1389
auth_ldap_syncplus | start_tls: No
auth_ldap_syncplus | bind_dn: cn=admin,dc=example,dc=org
auth_ldap_syncplus | bind_pw: adminpassword
auth_ldap_syncplus | contexts: ou=users,dc=example,dc=org
auth_ldap_syncplus | user_attribute: uid

And after that you can log in via LDAP with user01 / password1 and user02 / password2

Now, it would be worthwhile to transfer this setup into Github actions and write some automated tests which cover the unique features of this plugin.

Hello All,

Could you please help me to solve an issue while run LDAP users sync job (Sync Plus).

I go the error message bellow:

LDAP users sync job (Sync Plus)

Execute scheduled task: LDAP users sync job (Sync Plus) (auth_ldap_syncplus\task\sync_task)
... started 15:19:56. Current memory use 8.1MB.
Connecting to LDAP server...

Creating temporary table tmp_extuser

......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................Got 1782 records from LDAP

No updates to be done

User entries to be added: 1775

Exception - Call to protected method auth_plugin_base::update_user_record() from context ''

More information about this error

Please help me, thanks a lot.

Regards,

Trying to sync a temporary table gets built successfully however no users get imported although 127 candidates are being found.
The message is a about a username containing invalid characters

... used 2917 dbqueries
... used 1.1645591259003 seconds
Scheduled task failed: Synchronisierung von LDAP-Nutzerkonten (Sync Plus) (auth_ldap_syncplus\task\sync_task),Der Anmeldename enthält ungültige Zeichen

To me the usernames all look quite reasonable, all lowercase ascii letters and dots only.

Is there any way to get a more detailed error message to find out which specific username is causing problems?

I have a problem, that many of our users does not have email addresses entered in LDAP.
This is because the GDPR does not allow to make email address filling obligatory.
So there are users in the LDAP, who don't have email address.

Since email address field in Moodle is mandatory, it MUST be filled.

Implementing email auto generation feature into ldap_syncplus module could solve this problem by generating fake emails for users, who does not have email address set.

Example fake email addresses:
[email protected]
[username]@[ipaddress]
[username]@[mydomain.com]
[username]@noemail.com

What do you think?
Could be possible to implement this feature?

Hi! After updating Moodle from 3.5 to 3.9 LDAP Sync PLUSS givess error and does not wotrx.
Tasklog shows:

Execute scheduled task: LDAP users sync job (Sync Plus) (auth_ldap_syncplus\task\sync_task)
... started 17:44:00. Current memory use 4.5MB.
Pieslēdzas LDAP serverim...
Creating temporary table tmp_extuser

...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................Got 755 records from LDAP

... used 759 dbqueries
... used 2.7196750640869 seconds
Scheduled task failed: LDAP users sync job (Sync Plus) (auth_ldap_syncplus\task\sync_task),Error reading from database
Debug info:
Illegal mix of collations (utf8mb4_general_ci,IMPLICIT) and (utf8mb4_unicode_ci,IMPLICIT) for operation '='
SELECT u.id, u.username
FROM mdl_user u
JOIN mdl_tmp_extuser e ON (u.username = e.username AND u.mnethostid = e.mnethostid)
WHERE (u.auth = 'nologin' OR (u.auth = ? AND u.suspended = 1)) AND u.deleted = 0
[array (
0 => 'ldap_syncplus',
)]
Backtrace:

• line 1273 of /lib/dml/mysqli_native_moodle_database.php: call to moodle_database->query_end()
• line 303 of /auth/ldap_syncplus/auth.php: call to mysqli_native_moodle_database->get_records_sql()
• line 56 of /auth/ldap_syncplus/classes/task/sync_task.php: call to auth_plugin_ldap_syncplus->sync_users()
• line 248 of /lib/cronlib.php: call to auth_ldap_syncplus\task\sync_task->execute()
• line 120 of /lib/cronlib.php: call to cron_run_inner_scheduled_task()
• line 73 of /lib/cronlib.php: call to cron_run_scheduled_tasks()
• line 81 of /admin/cron.php: call to cron_run()

Any sudgestions?

Hi,

we are using Moodle 3.5.2 (Build: 20180910) and auth_ldap_syncplus v3.5-r1 2018062500.

We've suspended all missing users with the plugin and are now trying to delete those. For this we called: php ./admin/tool/task/cli/schedule_task.php --execute=\\auth_ldap_syncplus\\task\\sync_task --showsql --showdebugging

The script quits with the following error (we could delete that user manually, though):

`SELECT * FROM mdl_context WHERE contextlevel = $1 AND instanceid IS NULL
[array (
0 => 50,
)]

Query took: 0.0005640983581543 seconds.

SELECT id,category FROM mdl_course WHERE id IS NULL
[array (
)]

Query took: 0.0004429817199707 seconds.

... used 27699 dbqueries
... used 27.194963932037 seconds
Scheduled task failed: Synchronisierung von LDAP-Nutzerkonten (Sync Plus) (auth_ldap_syncplus\task\sync_task),Datensatz kann nicht in der Datenbanktabelle course gefunden werden
Debug info:
SELECT id,category FROM {course} WHERE id IS NULL
[array (
)]
Backtrace:

• line 1522 of /lib/dml/moodle_database.php: call to moodle_database->get_record_select()
• line 6556 of /lib/accesslib.php: call to moodle_database->get_record()
• line 70 of /lib/classes/event/grade_deleted.php: call to context_course::instance()
• line 1039 of /lib/grade/grade_grade.php: call to core\event\grade_deleted::create_from_grade()
• line 1516 of /lib/gradelib.php: call to grade_grade->delete()
• line 4074 of /lib/moodlelib.php: call to grade_user_delete()
• line 318 of /auth/ldap_syncplus/auth.php: call to delete_user()
• line 56 of /auth/ldap_syncplus/classes/task/sync_task.php: call to auth_plugin_ldap_syncplus->sync_users()
• line 156 of /admin/tool/task/cli/schedule_task.php: call to auth_ldap_syncplus\task\sync_task->execute()`

Any advice?

Regards
Tobias

Currently, the event observer code of this plugin is located in a location which is not autoloaded.

It would be worthwhile to change the location to a autoloaded class, similar to how it's done in https://github.com/moodleuulm/moodle-local_boostnavigation/blob/master/db/events.php / https://github.com/moodleuulm/moodle-local_boostnavigation/blob/master/classes/eventobservers.php

When using the moodle 3.2 over php 7.0, the configuration screen shows "LDAP paged results not supported" error and the plugin don't work correctly, while core LDAP plugin work perfectly.
With add user option setted to No this plugin create a new user.

Hallo zusammen,

ich habe festgestellt, dass die Löschfunktion bei uns wohl noch nicht richtig eingestellt ist.

Konfiguration: Siehe Anhang 01

Dennoch sind alle inaktiv markiert, werden aber nicht gelöscht.

Haben Sie eine Idee?

Der Sync Befehl läuft jede Nacht:

30 2 * * * www-data /usr/bin/php /var/www/html/moodle.hsnr.de/public_html/auth/ldap_syncplus/cli/sync_users.php 1> /dev/null 2>&1

Vielen Dank.

Viele Grüße

Stefan Ulbrich

hello,when I login moodle with AD_user ,only show that attachments are pages,I click "site home" also show that page,is it any setting with wrong?thank you.