Skip to content
Snippets Groups Projects
Commit 3d80ed82 authored by Alexander Bias's avatar Alexander Bias
Browse files

Adopt code changes in Moodle core auth_ldap, including the new scheduled task feature

parent fecc7626
Branches
No related tags found
No related merge requests found
moodle-auth_ldap_syncplus moodle-auth_ldap_syncplus
========================= =========================
Moodle authentication method which provides all functionality of auth_ldap, but supports advanced features for the LDAP synchronization script: Moodle authentication method which provides all functionality of auth_ldap, but supports advanced features for the LDAP synchronization task:
* It adds the possibility to the LDAP synchronization script to suspend users which have disappeared in LDAP for a configurable amount of days and delete them only after this grace period (the Moodle core LDAP synchronization script only provides you the option to suspend _or_ delete users which have disappeared in LDAP - MDL-47018). * It adds the possibility to the LDAP synchronization task to suspend users which have disappeared in LDAP for a configurable amount of days and delete them only after this grace period (the Moodle core LDAP synchronization task only provides you the option to suspend _or_ delete users which have disappeared in LDAP - MDL-47018).
* You can prevent the LDAP synchronization script from creating Moodle accounts for all LDAP users if they have never logged into Moodle before (the Moodle core LDAP synchronization script always creates Moodle accounts for all LDAP users - MDL-29249). * You can prevent the LDAP synchronization task from creating Moodle accounts for all LDAP users if they have never logged into Moodle before (the Moodle core LDAP synchronization task always creates Moodle accounts for all LDAP users - MDL-29249).
* You can fetch user details from LDAP on manual user creation (MDL-47029). * You can fetch user details from LDAP on manual user creation (MDL-47029).
* It supports login via email for first-time LDAP logins (Moodle core only supports login via email for existing Moodle users - MDL-46638) * It supports login via email for first-time LDAP logins (Moodle core only supports login via email for existing Moodle users - MDL-46638)
* It adds several line breaks to the output of the LDAP synchronization script to improve readability (MDL-30589). * It adds several line breaks to the output of the LDAP synchronization task to improve readability (MDL-30589).
Requirements Requirements
...@@ -19,6 +19,7 @@ This plugin requires Moodle 3.0+ ...@@ -19,6 +19,7 @@ This plugin requires Moodle 3.0+
Changes Changes
------- -------
* 2016-01-01 - Adopt code changes in Moodle core auth_ldap, including the new scheduled task feature. If you have used a LDAP syncronization cron job before, please use the LDAP syncronisation scheduled task from now on (for details, see "Configuring LDAP synchronization task" section below)
* 2016-01-01 - Check compatibility for Moodle 3.0, no functionality change * 2016-01-01 - Check compatibility for Moodle 3.0, no functionality change
* 2015-08-18 - Check compatibility for Moodle 2.9, no functionality change * 2015-08-18 - Check compatibility for Moodle 2.9, no functionality change
* 2015-08-18 - Adopt a code change in Moodle core auth_ldap * 2015-08-18 - Adopt a code change in Moodle core auth_ldap
...@@ -57,11 +58,11 @@ To make use of this plugin, you have to configure it on admin page /admin/auth_c ...@@ -57,11 +58,11 @@ To make use of this plugin, you have to configure it on admin page /admin/auth_c
Please note that there are additional setting items in settings section "Cron synchronization script" compared to the Moodle core LDAP authentication method: Please note that there are additional setting items in settings section "Cron synchronization script" compared to the Moodle core LDAP authentication method:
1. Setting "Removed ext user" has an additional option called "Suspend internal and fully delete internal after grace period". If you select this option, the synchronization script will suspend users which have disappeared in LDAP for a configurable amount of days and delete them only after this grace period. If the user reappears in LDAP within the grace period, his Moodle account is revived and he can login again into Moodle as he did before. 1. Setting "Removed ext user" has an additional option called "Suspend internal and fully delete internal after grace period". If you select this option, the synchronization task will suspend users which have disappeared in LDAP for a configurable amount of days and delete them only after this grace period. If the user reappears in LDAP within the grace period, his Moodle account is revived and he can login again into Moodle as he did before.
2. Setting "Fully deleting grace period": With this setting (Default: 10 days), you can control the length of the grace period until a user account is fully deleted after it has disappeared from LDAP. 2. Setting "Fully deleting grace period": With this setting (Default: 10 days), you can control the length of the grace period until a user account is fully deleted after it has disappeared from LDAP.
3. Setting "Add new users": With this setting (Default: yes), you can prevent the synchronization script from creating Moodle accounts for all LDAP users if they have never logged into Moodle before. 3. Setting "Add new users": With this setting (Default: yes), you can prevent the synchronization task from creating Moodle accounts for all LDAP users if they have never logged into Moodle before.
After configuring the LDAP SyncPlus authentication method, you should activate the plugin on admin page /admin/settings.php?section=manageauths so that users can be authenticated with this authentication method. Afterwars, you can deactivate the Moodle core LDAP authentication method as it is not needed anymore actively. After configuring the LDAP SyncPlus authentication method, you should activate the plugin on admin page /admin/settings.php?section=manageauths so that users can be authenticated with this authentication method. Afterwars, you can deactivate the Moodle core LDAP authentication method as it is not needed anymore actively.
...@@ -69,12 +70,12 @@ Note: If you already have users in your Moodle installation who authenticate usi ...@@ -69,12 +70,12 @@ Note: If you already have users in your Moodle installation who authenticate usi
UPDATE mdl_user SET auth='ldap_syncplus' WHERE auth='ldap' UPDATE mdl_user SET auth='ldap_syncplus' WHERE auth='ldap'
Running LDAP synchronization script Configuring LDAP synchronization task
----------------------------------- -------------------------------------
To leverage the additional LDAP synchronization features of auth_ldap_syncplus, you have to change your synchronization cronjob from /auth/ldap/cli/sync_users.php to /auth/ldap_syncplus/cli/sync_users.php. To leverage the additional LDAP synchronization features of auth_ldap_syncplus, you have to disable the synchronization task of the Moodle core auth_ldap plugin and activate and configure the scheduled task of auth_ldap_syncplus. This is done on Site administration -> Server -> Scheduled tasks.
If you don't know how to setup your synchronization cronjob, see http://docs.moodle.org/en/LDAP_authentication#Setting_up_regular_automatic_synchronisation_using_cron and the comments in /auth/ldap/cli/sync_users.php for details. If you don't know how to setup your synchronization cronjob at all, see https://docs.moodle.org/30/en/LDAP_authentication#Enabling_the_LDAP_users_syncronisation_scheduled_task.
Fetching user details from LDAP on manual user creation Fetching user details from LDAP on manual user creation
......
...@@ -36,13 +36,20 @@ class auth_plugin_ldap_syncplus extends auth_plugin_ldap { ...@@ -36,13 +36,20 @@ class auth_plugin_ldap_syncplus extends auth_plugin_ldap {
/** /**
* Constructor with initialisation. * Constructor with initialisation.
*/ */
function auth_plugin_ldap_syncplus() { public function __construct() {
$this->authtype = 'ldap_syncplus'; $this->authtype = 'ldap_syncplus';
$this->roleauth = 'auth_ldap'; $this->roleauth = 'auth_ldap';
$this->errorlogtag = '[AUTH LDAP SYNCPLUS] '; $this->errorlogtag = '[AUTH LDAP SYNCPLUS] ';
$this->init_plugin($this->authtype); $this->init_plugin($this->authtype);
} }
/**
* Old syntax of class constructor for backward compatibility.
*/
public function auth_plugin_ldap_syncplus() {
self::__construct();
}
/** /**
* Syncronizes user fron external LDAP server to moodle user table * Syncronizes user fron external LDAP server to moodle user table
......
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* Auth plugin "LDAP SyncPlus" - Task definition
*
* @package auth
* @subpackage auth_ldap_syncplus
* @copyright 2014 Alexander Bias, University of Ulm <alexander.bias@uni-ulm.de>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
namespace auth_ldap_syncplus\task;
/**
* The auth_ldap_syncplus scheduled task class for LDAP user sync
*
* @package auth
* @subpackage auth_ldap_syncplus
* @copyright 2014 Alexander Bias, University of Ulm <alexander.bias@uni-ulm.de>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
class sync_task extends \core\task\scheduled_task {
/**
* Return localised task name.
*
* @return string
*/
public function get_name() {
return get_string('synctask', 'auth_ldap_syncplus');
}
/**
* Execute scheduled task
*
* @return boolean
*/
public function execute() {
global $CFG;
if (is_enabled_auth('ldap_syncplus')) {
$auth = get_auth_plugin('ldap_syncplus');
$auth->sync_users(true);
}
}
}
...@@ -27,6 +27,7 @@ define('CLI_SCRIPT', true); ...@@ -27,6 +27,7 @@ define('CLI_SCRIPT', true);
require(dirname(dirname(dirname(dirname(__FILE__)))).'/config.php'); // global moodle config file. require(dirname(dirname(dirname(dirname(__FILE__)))).'/config.php'); // global moodle config file.
require_once($CFG->dirroot.'/course/lib.php'); require_once($CFG->dirroot.'/course/lib.php');
require_once($CFG->libdir.'/clilib.php');
// Ensure errors are well explained // Ensure errors are well explained
set_debugging(DEBUG_DEVELOPER, true); set_debugging(DEBUG_DEVELOPER, true);
...@@ -36,6 +37,14 @@ if (!is_enabled_auth('ldap_syncplus')) { ...@@ -36,6 +37,14 @@ if (!is_enabled_auth('ldap_syncplus')) {
die; die;
} }
cli_problem('[AUTH LDAP SYNCPLUS] The users sync cron has been deprecated. Please use the scheduled task instead.');
// Abort execution of the CLI script if the auth_ldap_syncplus\task\sync_task is enabled.
$taskdisabled = \core\task\manager::get_scheduled_task('auth_ldap_syncplus\task\sync_task');
if (!$taskdisabled->get_disabled()) {
cli_error('[AUTH LDAP SYNCPLUS] The scheduled task sync_task is enabled, the cron execution has been aborted.');
}
$ldapauth = get_auth_plugin('ldap_syncplus'); $ldapauth = get_auth_plugin('ldap_syncplus');
$ldapauth->sync_users(true); $ldapauth->sync_users(true);
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* Auth plugin "LDAP SyncPlus" - Scheduled tasks
*
* @package auth
* @subpackage auth_ldap_syncplus
* @copyright 2014 Alexander Bias, University of Ulm <alexander.bias@uni-ulm.de>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
defined('MOODLE_INTERNAL') || die();
$tasks = array(
array(
'classname' => 'auth_ldap_syncplus\task\sync_task',
'blocking' => 0,
'minute' => '0',
'hour' => '0',
'day' => '*',
'month' => '*',
'dayofweek' => '*',
'disabled' => 1
)
);
...@@ -35,5 +35,6 @@ $string['removeuser_graceperiod'] = 'Fully deleting grace period'; ...@@ -35,5 +35,6 @@ $string['removeuser_graceperiod'] = 'Fully deleting grace period';
$string['removeuser_graceperiod_desc'] = 'After suspending a user internally, the synchronization script will wait for this number of days until the user will be fully deleted internal. If the user re-appears in LDAP within this grace period, the user will be reactivated. Note: This setting is only used if "Removed ext user" is set to "Suspend internal and fully delete internal after grace period"'; $string['removeuser_graceperiod_desc'] = 'After suspending a user internally, the synchronization script will wait for this number of days until the user will be fully deleted internal. If the user re-appears in LDAP within this grace period, the user will be reactivated. Note: This setting is only used if "Removed ext user" is set to "Suspend internal and fully delete internal after grace period"';
$string['sync_script_createuser_enabled'] = 'If enabled (default), the synchronization script will create Moodle accounts for all LDAP users if they have never logged into Moodle before. If disabled, the synchronization script will not create Moodle accounts for all LDAP users.'; $string['sync_script_createuser_enabled'] = 'If enabled (default), the synchronization script will create Moodle accounts for all LDAP users if they have never logged into Moodle before. If disabled, the synchronization script will not create Moodle accounts for all LDAP users.';
$string['sync_script_createuser_enabled_key'] = 'Add new users'; $string['sync_script_createuser_enabled_key'] = 'Add new users';
$string['synctask'] = 'LDAP users sync job (Sync Plus)';
$string['userentriestosuspend'] = 'User entries to be suspended: {$a}'; $string['userentriestosuspend'] = 'User entries to be suspended: {$a}';
$string['waitinginremovalqueue'] = 'Waiting in removal queue for {$a->days} day grace period: {$a->name} ID {$a->id}'; $string['waitinginremovalqueue'] = 'Waiting in removal queue for {$a->days} day grace period: {$a->name} ID {$a->id}';
...@@ -26,8 +26,8 @@ ...@@ -26,8 +26,8 @@
defined('MOODLE_INTERNAL') || die(); defined('MOODLE_INTERNAL') || die();
$plugin->component = 'auth_ldap_syncplus'; $plugin->component = 'auth_ldap_syncplus';
$plugin->version = 2015111600; $plugin->version = 2015111601;
$plugin->release = '3.0 (Build: 2016010100)'; $plugin->release = '3.0 (Build: 2016010101)';
$plugin->requires = 2015111600; $plugin->requires = 2015111600;
$plugin->maturity = MATURITY_STABLE; $plugin->maturity = MATURITY_STABLE;
$plugin->dependencies = array('auth_ldap' => 2015111600); $plugin->dependencies = array('auth_ldap' => 2015111600);
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment