Commit Graph

78 Commits

Author SHA1 Message Date
martinlanghoff 6406bef13e Fixed typo in configuration of ldap_memberattribute for RFC2307-style LDAP servers. Should fix handling of iscreator group. Thanks to Teemu Haapoja for the diagnosis and fix. 2005-06-02 09:55:06 +00:00
martinlanghoff b50eee807b Almost there with config_plugins work!
* More solid checking for auth GET/POST var.
 * print_auth_lock_options() now handles user field mapping options for LDAP and similar modules
 * user mapping options have moved to config_plugins table
 * LDAP module has migrated to using new field mapping vars -- simplified config.html a lot
 * strings are mostly resolved
 * a bit of work pending on CAS and DB modules
 * need an upgrade path for field-mapping config entries -- limited to LDAP only
2005-06-01 04:44:17 +00:00
moodler 27437410f4 file survey.php was added on branch MOODLE_15_STABLE on 2006-03-10 07:27:54 +0000 2005-04-05 20:54:43 +00:00
moodler 0b5f5c0de0 Some old fix, that wasn't checked in 2006-01-05 06:30:12 +00:00
martinlanghoff ff2cbb73a9 Merged from MOODLE_15_STABLE - auth/ldap: Fix support for AD -- thanks to Inaki, in more than one sense ;-) 2005-12-12 04:58:11 +00:00
martinlanghoff a4e3e98f08 Merged from MOODLE_15_STABLE - Updated the definition of member for AD - thanks to Inaki for the tip! 2005-11-07 01:00:05 +00:00
martinlanghoff 85523834e7 auth/ldap: Better warnings and handling of updaging multi-source LDAP fields
+ Raise a warning if the auth_ldap_get_entries for one user record
   returns more than one record (!?)
 + Resolved some subtle bugs when updating a remote LDAP repo from user
   updates. The logic is now simpler too.
 + Simplified the code that compares old/new values

Merged from MOODLE_15_STABLE
2005-11-07 00:53:07 +00:00
martinlanghoff 33b29afb8f Merged from MOODLE_15_STABLE - Fix for bug 3141 - Can't update external data with LDAP authentication 2005-10-06 02:24:03 +00:00
martinlanghoff 16582b8500 Merged from MOODLE_15_STABLE - Fix for bug 3992 - LDAP password including a quote does not work - credits go to Kita 2005-10-06 02:19:38 +00:00
martinlanghoff 8be24a07d0 auth/ldap: Merging pending patches from MOODLE_15_STABLE 2005-10-06 02:11:34 +00:00
martinlanghoff 98ee505608 Merged from MOODLE_15_STABLE - auth/ldap: fixed typo in auth_user_activate() - bug #3594 - thanks to ze @ nbox.org 2005-09-09 00:28:09 +00:00
martinlanghoff cb2b145f50 Merged from MOODLE_15_STABLE - auth/ldap - sync_users script bugfix x2: it was deleting fields that were not supposed to be synched to ldap and it was failing to set auth_forcepasswordchange 2005-09-02 06:56:32 +00:00
martinlanghoff b8a0a101e5 Merged from MOODLE_15_STABLE - auth/ldap: Fixed handling of multi-source field mapping. Now fields with non-empty values have precedence over empty fields, regardless of order. Fields will be set to empty only if all ldap source fields are empty. 2005-08-25 04:58:59 +00:00
martinlanghoff 1ec75a2446 Merged from MOODLE_15_STABLE - Temp table now matches idnumber length with username - thanks to Yves Roy for pointing this out. 2005-08-12 02:31:34 +00:00
martinlanghoff 2a37498d85 Merged from MOODLE_15_STABLE - Fix for small syntax error that was hiding debug info from an error msg. #3527 - Credits to cangussu@gmail.com 2005-08-11 23:02:40 +00:00
martinlanghoff b957a44bb6 Merged from MOODLE_15_STABLE - Fix for using dn as idnumber - thanks to Jeff Graham - http://moodle.org/mod/forum/discuss.php?d=28840 2005-08-11 22:48:33 +00:00
martinlanghoff a40803130b Per-auth-backend field locks support. Merged from MOODLE_15_STABLE
* Extended set_config()
 * Implemented get_config() which takes over $CFG loading in setup.php
 * admin/auth.php has special handling if post vars starting in pluginconfig_
 * admin/auth.php print_auth_lock_options() prints a form fragment -- being called from most plugins now
 *  user/edit.php follows the new convention when locking down fields, both javascript UI and on POST.
 * admin/auth: More solid checking for auth GET/POST var.
 * admin/auth: print_auth_lock_options() now handles user field mapping options for LDAP and similar modules
 * admin/auth: user mapping options have moved to config_plugins table
 * auth/ldap module has migrated to using new field mapping vars -- simplified config.html a lot
 * auth settings migration to config_plugins
2005-06-02 05:39:41 +00:00
stronk7 ef9b35a01b Tabs are out 2005-05-16 19:38:21 +00:00
paca70 e8a7fa9afd Added missing argumet 2005-04-04 10:16:28 +00:00
martinlanghoff 989fa91059 Now CAS-supplied tokens can override LDAP auth - fixed 2005-03-16 10:23:16 +00:00
martinlanghoff 1f568ab426 Generalized more references to LDAP so as to be reusable by the CAS module 2005-03-16 09:17:00 +00:00
martinlanghoff dd49e6f657 Now CAS-supplied tokens can override LDAP auth 2005-03-16 09:13:15 +00:00
martinlanghoff 56cfbcd5c9 Allow LDAP logic to be reused by other modules 2005-03-15 20:52:34 +00:00
martinlanghoff fc44d2121f Fixed a misnamed/renamed variable probably due to a recent merge from stable that used the old var name. 2005-03-14 19:34:21 +00:00
paca70 879d932815 Fixed mistake on url-trimming and added some debug info. 2005-03-09 20:24:13 +00:00
martinlanghoff cecfc11d81 Merged from MOODLE_14_STABLE - Better handling of trailing semicolons and spaces in LDAP configs. Fixes a regression from 1.4.2, plus fixed typo: == should be = 2005-03-01 03:10:34 +00:00
martinlanghoff b36a8fc4f5 Auth/LDAP
Bugfix - value truncation to fit Moodle database
- Added truncate_userinfo() to cleanup data coming from external auth
- Fixed auth_user_create() to truncate user info as appropriate

Auth_ldap_user_sync
- created external script that calls the function
- much faster update strategy on postgres and mysql: auth_sync_users now to uses bulk inserts into a temp table, and then use LEFT JOINs and plain old SELECTs to determine what users it has to insert.
- we now loop over smaller sets of data -- we are still memory-bound, but (a) it'll be easy to use LIMIT to manage that and (b) memory use is much lower now in all cases.
- postgres: phased commits in auth_user_sync() for the batch user upload phase
- Several feature and performance enhancements:
  - if a value is removed from ldap, it will be cleared from moodle
  - no-op updates (where the data does not change) are skipped
  - if a user disappears and then reappears in LDAP in two separate calls to auth_user_sync(),the account will be marked deleted and then be revived. before, the account would have been deleted and created anew.

Multi-source ldap values:

The LDAP auth module now accepts a comma separated set of LDAP field names. When creating or updating a user record, auth/ldap will retrieve all the relevant fields. The right-most values overwrites all the others.

This is particularly useful when updating the user's email address from an LDAP source, which may contain the email address in one of several fields (traditionally: mail, mailForwardingAddress, mailAlternateAddress).

If a value is updated and is set to update external auth and this field is using this multi-source ldap configuration, the auth/ldap module will retrieve the old value, find which field it was sourced from, and update that field in LDAP. If it fails to find the original source of the value, it will log it in error_log.


Log of patchsets applied:
	arch-eduforge@catalyst.net.nz--2004/moodle--eduforge--1.3.3--patch-131
	arch-eduforge@catalyst.net.nz--2004/moodle--eduforge--1.3.3--patch-137
	arch-eduforge@catalyst.net.nz--2004/moodle--eduforge--1.3.3--patch-139
	arch-eduforge@catalyst.net.nz--2004/moodle--eduforge--1.3.3--patch-172
	arch-eduforge@catalyst.net.nz--2004/moodle--eduforge--1.3.3--patch-173
	arch-eduforge@catalyst.net.nz--2004/moodle--eduforge--1.3.3--patch-189
	arch-eduforge@catalyst.net.nz--2004/moodle--eduforge--1.3.3--patch-190
	arch-eduforge@catalyst.net.nz--2004/moodle--eduforge--1.3.3--patch-208
	arch-eduforge@catalyst.net.nz--2004/moodle--eduforge--1.3.3--patch-212
	arch-eduforge@catalyst.net.nz--2004/moodle--eduforge--1.3.3--patch-216
	arch-eduforge@catalyst.net.nz--2004/moodle--eduforge--1.3.3--patch-279
	arch-eduforge@catalyst.net.nz--2004/moodle--eduforge--1.3.3--patch-282
	arch-eduforge@catalyst.net.nz--2004/moodle--eduforge--1.3.3--patch-287
	arch-eduforge@catalyst.net.nz--2004/moodle--eduforge--1.3.3--patch-294
2004-11-22 07:46:10 +00:00
paca70 8021cc54c1 Allow config how aliases are derefered. 2004-11-08 18:13:00 +00:00
paca70 52192a5ce7 Prevent error messages when username is not member of group 2004-11-08 10:55:57 +00:00
paca70 585c23419d Some more code to support password expiration 2004-10-28 11:40:55 +00:00
paca70 e0f5a5be1d Allow auth_ldap_connect() to take binddn ja bindpwd
CVS: ----------------------------------------------------------------------
2004-10-18 16:33:25 +00:00
paca70 e472709ddd Usersync is almost working now. Only unescaped dots etc.. can broke
database updates.
2004-10-17 18:04:26 +00:00
paca70 986feea0b8 Sync is almost working now... 2004-10-15 07:24:10 +00:00
paca70 6c7f68c73d Firstsync seems to work, but basic sync is broken right now.
I'll return to this in two days.
2004-10-14 11:31:53 +00:00
paca70 3d449701d0 More updates... auth_sync_users will work dome day.... 2004-10-14 10:43:59 +00:00
paca70 b7af1ee832 Checked in some work with user syncronization 2004-10-14 10:03:38 +00:00
paca70 d0e2f755ea Some updates to sync code 2004-10-14 05:06:35 +00:00
paca70 fb9206ca09 Started rewrite of auth_sync_users 2004-10-13 12:23:20 +00:00
paca70 911aba7dd8 Return null in case creators are not defined 2004-10-13 06:50:13 +00:00
paca70 e542033a19 Added selective user disable, activate and creation. 2004-10-10 07:54:42 +00:00
paca70 2be3872c88 Moved configuration defaults to new function auth_ldap_getdefaults()
Now the information can be used anywhere. config.html comes to mind at first.
2004-10-01 04:39:03 +00:00
paca70 8347b5628a Corrections to phpdoc comments. 2004-09-30 18:38:40 +00:00
paca70 13dcf22d39 Added phpdoc comments
Moved from ldap_get_entries to binarysafe auth_ldap_get_entries().

Added 'count'-attribute to auth_ldap_get_entries() result.
2004-09-30 11:34:38 +00:00
paca70 c72eac85d7 Added basic configuration for rfc2307bis 2004-09-28 12:50:33 +00:00
paca70 089b19f631 Fixed bug 2012
Started work with bug 2007
Bug 1969 is partacaly fixed. ldap-module supports now password expiration.
Some work with bugs 761 and 1730

Changes in login/index.php
Reordered some code to make variables reusable in multiple places.
Added redirection in case of expired password
2004-09-28 12:39:20 +00:00
paca70 d89430abdf Changes to configuration interface 2004-09-27 14:19:32 +00:00
paca70 65012195ef Fixed typo 2004-09-24 08:56:47 +00:00
paca70 686650dd3e Added easy interface to specify ldap-attribute types and objectclasses.
Just select ldap-server type and you are done. Old variables can still be used
to override builtin settings.
2004-09-24 06:49:57 +00:00
paca70 8dad1541a2 Added utf8_decode when reading info from ldap.
Thanks to stronk7 pointing this out.
2004-09-22 18:50:03 +00:00
paca70 026e8973a9 Fixed missed variable name 2004-09-22 11:33:41 +00:00