Commit Graph

119 Commits

Author SHA1 Message Date
Tim Lock b719bf20b4 MDL-40436: auth_ldap: Fixed warning when adding new LDAP users 2013-07-08 23:02:22 +08:00
Justin Filip 61c9217b2a MDL-39166 auth_ldap Add triggers for user created/updated events. 2013-04-24 16:16:39 -04:00
Iñaki Arenaza 04c258ee19 MDL-38262 auth/{ldap,cas}: Fix undefined property notification on first config
Just move the test after we've set the default configuration values if
they are not defined.

Signed-off-by: Iñaki Arenaza <iarenaza@mondragon.edu>
2013-03-03 21:19:21 +01:00
Iñaki Arenaza 88d48cd51f MDL-37088 auth_ldap: bad operator in ldap sync_user() method 2012-12-10 16:51:49 +01:00
Dan Poltawski ee943e7311 MDL-36119 - fix trailing whitespace 2012-11-08 10:18:06 +08:00
Iñaki Arenaza c090d7c90e MDL-36119: auth_{ldap,cas}: LDAP Sync - implement paged results
Thanks to Jerome Charaoui for the original patch.
2012-11-07 19:13:10 +01:00
Iñaki Arenaza 34b10e26c6 MDL-31968 Make NTLM REMOTE_USER format configurable by the admin
Signed-off-by: Iñaki Arenaza <iarenaza@mondragon.edu>
2012-10-02 16:56:10 +02:00
Petr Škoda fcb46048c1 MDL-34901 fix user login times handling 2012-08-19 15:33:31 +02:00
Ankit Agarwal bf0f06b1be MDL-34471 libraries: Replace all uses of get_context_instance() with respective context_XXXX::instance() method 2012-08-02 15:37:38 +08:00
Dan Poltawski 4e25e4696b Merge branch 'wip_mdl-31540-master' of https://github.com/iarenaza/moodle
Conflicts:
	auth/ldap/auth.php
2012-04-23 13:55:00 +08:00
Petr Skoda a66b2ae4f4 MDL-32434 deprecate drop_temp_table() in favour of drop_table() 2012-04-15 12:23:15 +02:00
Iñaki Arenaza ca769fa7f8 MDL-31540 Try to remove duplicates before storing LDAP search contexts
If the user specifies the same LDAP search context more than once,
when we sync users we retrieve the same set of users twice. When we
try to insert the "duplicated" user in the temp table again, the db
barfs and the db layer aborts the whole transaction.

So we try to detect and remove duplicates. This is a bit tricky (LDAP
is such a complex and wonderful protocol) as the contexts are
distinguished names and the matching/comparison rules are complex. But
assuming that we only use the attribute types used in 99.999% of the
distinguished names used for contexts out there (that is: dc, ou, cn,
o, l and c), and also assuming that the user is not using different
encodings/escapings for the same context, we can lower case the
contexts to compare them (and remove duplicates).

This is safe according to RFC-4517 (section 4.2.15. distinguishedNameMatch)
and RFC-4519 (where the EQUAILITY property is defined for the
different user application attribute types).

This shouldn't break any configuration that wasn't broken before :)

Signed-off-by: Iñaki Arenaza <iarenaza@mondragon.edu>
2012-03-08 21:57:59 +01:00
Petr Skoda 6f3451e540 MDL-31301 remove all uses of moodle_strtolower() and deprecated it 2012-03-03 11:46:26 +01:00
Petr Skoda f8311defeb MDL-31301 use static textlib methods 2012-03-03 11:46:13 +01:00
Iñaki Arenaza fa5f5c206f MDL-28402 LDAP configuration values being stored in lower case, causing misconfiguration
It looks like array_change_key_case() does not work recursively, so we
were not actually lowercasing the expiration attribute key. As the
configuration setting is always lowercase they didn't match.
2011-08-29 01:07:30 +02:00
Petr Skoda f91f3f63a7 MDL-28182 always use full user object when deleting users 2011-07-22 22:46:32 +02:00
Iñaki Arenaza 971db6a110 MDL-24666 sync_users.php can throw db exception on sites upgraded from 1.x
From 2.0 on we lowercase all the settings related to LDAP attributes
to cope with differences in LDAP servers when returning attribute
names as array indices (some lowercase them, some leave them as
specified in the query, some normalize them, etc.).

But we only lowercase them when saving the settings page. So on sites
that have been migrated from 1.x, it may happen that we still have
mixed-case attribute names. And this is fatal for the user_attribute
setting, as we might not detect it in the returned array from LDAP and
it will be empty (and the db layer throws and exception).

So we just make sure the attribute name is lowercased (and trimmed,
in case it's got some white space around it).

Signed-off-by: Iñaki Arenaza <iarenaza@mondragon.edu>
2011-07-04 21:47:43 +02:00
Petr Skoda c6a074f867 MDL-26795 fix incorrect location of email change strings
AMOS BEGIN
 MOV [auth_emailchangecancel,auth_email],[emailchangecancel,core_auth]
 MOV [auth_emailchangepending,auth_email],[emailchangepending,core_auth]
 MOV [auth_emailupdate,auth_email],[emailupdate,core_auth]
 MOV [auth_emailnowexists,auth_email],[emailnowexists,core_auth]
 MOV [auth_emailupdatemessage,auth_email],[emailupdatemessage,core_auth]
 MOV [auth_emailupdatesuccess,auth_email],[emailupdatesuccess,core_auth]
 MOV [auth_emailupdatetitle,auth_email],[emailupdatetitle,core_auth]
 CPY [auth_emailnoemail,auth_email],[noemail,auth_ldap]
AMOS END
2011-03-27 17:19:23 +02:00
Petr Skoda 9449d0c5e8 MDL-25778 fix default country and city on user upload form and revert change in auth plugins
Auth plugins should have separate defaults from site defaults).
2011-02-15 09:13:33 +01:00
Petr Skoda fa7f750c60 MDL-25778 add defaultcity option
This is based on patch by Jonathan Harker.
2011-02-14 20:10:50 +01:00
Petr Skoda 17c70aa007 MDL-16723 automatic redirects to https when loginhttps enabled - this solves accidental usage of http version + it also solves recent navigation regressions + fixed regression from PAGE conversions + deprecated old httpsrequired() and $HTTPSPAGEREQUIRED 2010-10-10 15:04:19 +00:00
Petr Skoda 1dffbae2da MDL-24321 switching to stdClass in /auth/ 2010-09-21 08:09:22 +00:00
Petr Skoda f685e83030 MDL-14679 fixed remaining old style set_field()s 2010-09-03 18:14:55 +00:00
Petr Skoda dd88de0ebd MDL-14679 fixed remaining old style update_record()s 2010-09-03 18:01:25 +00:00
Petr Skoda a9637e7df4 MDL-14679 fixed a lot more old style uses of insert_record() 2010-09-03 17:47:41 +00:00
Petr Skoda 99f9f85f00 MDL-23489 auth plugins can specify own edit profile url - patch submitted by Jay Knight + tweaking change password url to use new moodle_url at the same time, it is backwards compatible, custom plugins may still use string url for now 2010-08-18 22:07:00 +00:00
Inaki 3e5f4b870e auth/ldap MDL-23652 Error in auth_ldap_sync_users.php
We need to specify a valid user id in the call to role_assign(). And we only
have to make the call if the user has been added successfully, not
otherwise.

Also make sure we lowercase the memberuser and group distinguished names
before comparing them. Depending on the LDAP server we can get mixed case
values for the DNs, and the user may have specified the creators group/ou
name in a different case.

By the way, this has been broken for ages (since the auth cleanup in 1.8, in
2007!). It's a bit strange nobody noticed before :-O

Credit goes to Joe Chryst.
2010-08-07 00:40:16 +00:00
Inaki fcf46da1c5 auth/ldap cas/ldap MDL-23371 auth/ldap and auth/cas refactor
They now share most of the code again, this time via subclassing, and they
share some code with enrol/ldap. They have also gained some features and a few
fixes.
2010-07-25 22:36:15 +00:00
Inaki 8dcf8888fe auth/ldap MDL-23418 LDAP version setting reset to version 2
As authentication and enrolment plugins now have a version number, the LDAP
version number setting was "shadowed" by the plugin version number. So we
rename the LDAP setting name to ldap_version, et voila!
2010-07-21 13:09:11 +00:00
Dan Marsden 1aa66713a5 LDAP Auth MDL-23331 fix global calls - thanks to Federico Botti for report/fix 2010-07-16 12:07:09 +00:00
Petr Skoda df997f841f MDL-21782 reworked enrolment framework, the core infrastructure is in place, the basic plugins are all implemented; see the tracker issue for list of unfinished bits, expect more changes and improvements during the next week
AMOS START
    MOV [sendcoursewelcomemessage,core_admin],[sendcoursewelcomemessage,enrol_self]
    MOV [configsendcoursewelcomemessage,core_admin],[sendcoursewelcomemessage_desc,enrol_self]
    MOV [enrolstartdate,core],[enrolstartdate,enrol_self]
    MOV [enrolenddate,core],[enrolenddate,enrol_self]
    CPY [welcometocourse,core],[welcometocourse,enrol_self]
    CPY [welcometocoursetext,core],[welcometocoursetext,enrol_self]
    MOV [notenrollable,core],[notenrollable,core_enrol]
    MOV [enrolenddaterror,core],[enrolenddaterror,enrol_self]
    MOV [enrolmentkeyhint,core],[passwordinvalidhint,enrol_self]
    MOV [coursemanager,core_admin],[coursecontact,core_admin]
    MOV [configcoursemanager,core_admin],[coursecontact_desc,core_admin]
    MOV [enrolledincourserole,core],[enrolledincourserole,enrol_manual]
    MOV [enrolme,core],[enrolme,core_enrol]
    MOV [unenrol,core],[unenrol,core_enrol]
    MOV [unenrolme,core],[unenrolme,core_enrol]
    MOV [enrolmentnew,core],[enrolmentnew,core_enrol]
    MOV [enrolmentnewuser,core],[enrolmentnewuser,core_enrol]
    MOV [enrolments,core],[enrolments,core_enrol]
    MOV [enrolperiod,core],[enrolperiod,core_enrol]
    MOV [unenrolroleusers,core],[unenrolroleusers,core_enrol]
AMOS END
2010-06-21 15:30:49 +00:00
Petr Skoda 6b8ad965dc MDL-16919 we have to really use the username cleaning only when manually adding new accounts, any sync with external system needs the exact match without any cleaning! 2010-06-06 14:06:30 +00:00
Petr Skoda 2c10db3b3c MDL-22060 fixed $a in string to match new rules
AMOS START
 REM fixed $a[] in [auth_dbdeleteuser, auth_db]
 REM fixed $a[] in [auth_dbinsertuser, auth_db]
 REM fixed $a[] in [auth_dbreviveduser, auth_db]
 REM fixed $a[] in [auth_dbsuspenduser, auth_db]
 REM fixed $a[] in [auth_dbupdatinguser, auth_db]
AMOS END
2010-04-11 16:55:17 +00:00
Inaki b8fc9582e6 auth cas/db/ldap: MDL-18689 Fix typos in auth/{cas,db,ldap}/auth.php
Forward-ported from MOODLE_18_STABLE
2010-04-10 15:26:39 +00:00
Petr Skoda 4f0c2d0009 MDL-21655 big scary enrolment and roles improvements - see tacker for list of changes, includes other minor fixes too 2010-03-31 07:41:31 +00:00
Inaki 95cb3955a6 authentication plugins: MDL-21343 Add missing $OUTPUT global variables used in plugins' configuration pages 2010-01-14 18:54:12 +00:00
Rossiani Wijaya 07ed083e4e MDL-16919 - Allow username to contain alphanumeric lowercase characters, underscore (_), hyphen (-), period (.) or at symbol (@) 2010-01-13 06:23:54 +00:00
Petr Skoda 4454447d56 MDL-20700 whitespace terror returns 2009-12-16 22:14:17 +00:00
Petr Skoda edb5da8331 MDL-20934 'not cached' flag used in all auth plugins that do not need the password 2009-11-23 21:50:40 +00:00
Petr Skoda d5a8d9aa71 MDL-20625 new delegated transaction support in DML 2009-11-07 08:52:56 +00:00
Petr Skoda 5117d59899 MDL-20700 coding style cleanup - cvs keywords removed, closign php tag removed, trailing whitespace cleanup 2009-11-01 11:55:14 +00:00
samhemelryk cfc5b79b86 auth MDL-19788 Upgraded print_header and build_navigation calls to use PAGE and OUTPUT equivilants 2009-09-03 05:40:41 +00:00
jerome 2b06294b9a authentication MDL-19182 split auth.php lang file into multiple files separate for each plugin 2009-06-11 03:34:46 +00:00
iarenaza 265edb48f5 ntlmsso login hook: MDL-18596 We need to call httpsrequired() before using httpswwwroot
Merged from MOODLE_19_STABLE
2009-06-04 22:24:13 +00:00
dongsheng b8aa76c1a4 "MDL-19037, use getremoteaddr to get remote ip address" 2009-05-01 03:04:10 +00:00
stronk7 2a88f626f7 MDL-18577 drop enums support - step2: enums out from editor, dbmanager and all upgrade scripts. 2009-05-01 01:19:16 +00:00
iarenaza eee34307b9 Cache LDAP connections: MDL-18130 Properly handle open LDAP connections.
Both CAS and LDAP auth plugins open new connections to the LDAP server
to get the user account details. While this is the desired behaviour
for regular logins (we probably don't have an already open connection
to the LDAP server), this is a ressource hog when we are doing user
synchronization, as the closed connections remain in the TCP_WAIT
state for a while before the server can reuse them. If we are syncing
a lot of users, we can make the server run out of available TCP
ressources.

So we cache the connection the first time we establish it and return
the same connection handle everytime, unless we've closed all the
'open' connections, or the auth object is destroyed.

In addition to that, there were a few missing calls to ldap_close().
2009-02-15 15:03:33 +00:00
iarenaza 16ceeb6436 NTLM SSO: MDL-13760 Speed up ntlm sign on with conditional redirect for msie
Provides an option, configurable by admin, to make the ntlm test happen
only if MSIE is not used. This speeds things up for IE.
2009-02-14 16:21:58 +00:00
iarenaza 4194d32185 NTLM SSO: MDL-14584 Fix for several outstanding NTLM SSO issues.
These include:

MDL-14078: redirect() doubles the specified timeout when we haven't printed
           the page header and uses javascript to execute the redirect. This
           is interacting badly with some versions of IE and FF (at least
           3.0.x Windows version) that fireup javascript timers even if
           we already left the page where we set those up. Just print
           the page header (we are printing other content anyway) to
           make redirect respect our timeouts.

MDL-14071: All the relevant details are in the description of the bug :)

MDL-14297: This is probably the same as MDL-14078
2009-02-14 16:21:14 +00:00
skodak b7b64ff2e0 MDL-17754 next round of session related refactoring 2009-01-02 20:32:05 +00:00