Commit Graph

91 Commits

Author SHA1 Message Date
martinlanghoff e7cfc5325f auth/ldap: Better warnings and handling of updaging multi-source LDAP fields
+ Raise a warning if the auth_ldap_get_entries for one user record
   returns more than one record (!?)
 + Resolved some subtle bugs when updating a remote LDAP repo from user
   updates. The logic is now simpler too.
 + Simplified the code that compares old/new values
2005-11-07 00:38:23 +00:00
martinlanghoff 985cd79efa Updated the definition of 'member' for AD - thanks to I?aki for the tip! 2005-10-31 22:43:44 +00:00
martinlanghoff 2cf2079188 Fix for bug 3141 - Can't update external data with LDAP authentication 2005-10-06 02:23:40 +00:00
martinlanghoff 67149b4d2c Fix for bug 3992 - LDAP password including a quote does not work - credits go to Kita 2005-10-06 02:18:16 +00:00
martinlanghoff 085366cfa0 auth/ldap fix typo - thanks to Skodak for spotting it! 2005-09-16 23:29:26 +00:00
paca70 fddbea82ac To get rid of some cosmetic (hopefully) error messages. 2005-09-09 11:29:11 +00:00
paca70 7aaabae78e Corrected some typos and mistakes 2005-09-09 10:42:08 +00:00
martinlanghoff 59b5352b51 auth/ldap: fixed typo in auth_user_activate() - bug #3594 - thanks to ze @ nbox.org 2005-09-09 00:25:50 +00:00
martinlanghoff a705afc7da auth/ldap - sync_users script bugfix x2: it was deleting fields that were not supposed to be synched to ldap and it was failing to set auth_forcepasswordchange 2005-09-02 06:55:28 +00:00
martinlanghoff 2a069aa1f2 auth/ldap: Fixed handling of multi-source field mapping. Now fields with non-empty values have precedence over empty fields, regardless of order. Fields will be set to empty only if all ldap source fields are empty. 2005-08-25 04:56:13 +00:00
martinlanghoff 812fe4c5fc Temp table now matches idnumber length with username - thanks to Yves Roy for pointing this out. 2005-08-12 02:30:30 +00:00
martinlanghoff 4fd1373c7e Fix for small syntax error that was hiding debug info from an error msg. #3527 - Credits to cangussu@gmail.com 2005-08-11 23:01:12 +00:00
martinlanghoff 44944d8466 Fix for using dn as idnumber - thanks fo Jeff Graham - http://moodle.org/mod/forum/discuss.php?d=28840 2005-08-11 22:42:46 +00:00
martinlanghoff 6406bef13e Fixed typo in configuration of ldap_memberattribute for RFC2307-style LDAP servers. Should fix handling of iscreator group. Thanks to Teemu Haapoja for the diagnosis and fix. 2005-06-02 09:55:06 +00:00
martinlanghoff b50eee807b Almost there with config_plugins work!
* More solid checking for auth GET/POST var.
 * print_auth_lock_options() now handles user field mapping options for LDAP and similar modules
 * user mapping options have moved to config_plugins table
 * LDAP module has migrated to using new field mapping vars -- simplified config.html a lot
 * strings are mostly resolved
 * a bit of work pending on CAS and DB modules
 * need an upgrade path for field-mapping config entries -- limited to LDAP only
2005-06-01 04:44:17 +00:00
moodler 27437410f4 file survey.php was added on branch MOODLE_15_STABLE on 2006-03-10 07:27:54 +0000 2005-04-05 20:54:43 +00:00
moodler 0b5f5c0de0 Some old fix, that wasn't checked in 2006-01-05 06:30:12 +00:00
martinlanghoff ff2cbb73a9 Merged from MOODLE_15_STABLE - auth/ldap: Fix support for AD -- thanks to Inaki, in more than one sense ;-) 2005-12-12 04:58:11 +00:00
martinlanghoff a4e3e98f08 Merged from MOODLE_15_STABLE - Updated the definition of member for AD - thanks to Inaki for the tip! 2005-11-07 01:00:05 +00:00
martinlanghoff 85523834e7 auth/ldap: Better warnings and handling of updaging multi-source LDAP fields
+ Raise a warning if the auth_ldap_get_entries for one user record
   returns more than one record (!?)
 + Resolved some subtle bugs when updating a remote LDAP repo from user
   updates. The logic is now simpler too.
 + Simplified the code that compares old/new values

Merged from MOODLE_15_STABLE
2005-11-07 00:53:07 +00:00
martinlanghoff 33b29afb8f Merged from MOODLE_15_STABLE - Fix for bug 3141 - Can't update external data with LDAP authentication 2005-10-06 02:24:03 +00:00
martinlanghoff 16582b8500 Merged from MOODLE_15_STABLE - Fix for bug 3992 - LDAP password including a quote does not work - credits go to Kita 2005-10-06 02:19:38 +00:00
martinlanghoff 8be24a07d0 auth/ldap: Merging pending patches from MOODLE_15_STABLE 2005-10-06 02:11:34 +00:00
martinlanghoff 98ee505608 Merged from MOODLE_15_STABLE - auth/ldap: fixed typo in auth_user_activate() - bug #3594 - thanks to ze @ nbox.org 2005-09-09 00:28:09 +00:00
martinlanghoff cb2b145f50 Merged from MOODLE_15_STABLE - auth/ldap - sync_users script bugfix x2: it was deleting fields that were not supposed to be synched to ldap and it was failing to set auth_forcepasswordchange 2005-09-02 06:56:32 +00:00
martinlanghoff b8a0a101e5 Merged from MOODLE_15_STABLE - auth/ldap: Fixed handling of multi-source field mapping. Now fields with non-empty values have precedence over empty fields, regardless of order. Fields will be set to empty only if all ldap source fields are empty. 2005-08-25 04:58:59 +00:00
martinlanghoff 1ec75a2446 Merged from MOODLE_15_STABLE - Temp table now matches idnumber length with username - thanks to Yves Roy for pointing this out. 2005-08-12 02:31:34 +00:00
martinlanghoff 2a37498d85 Merged from MOODLE_15_STABLE - Fix for small syntax error that was hiding debug info from an error msg. #3527 - Credits to cangussu@gmail.com 2005-08-11 23:02:40 +00:00
martinlanghoff b957a44bb6 Merged from MOODLE_15_STABLE - Fix for using dn as idnumber - thanks to Jeff Graham - http://moodle.org/mod/forum/discuss.php?d=28840 2005-08-11 22:48:33 +00:00
martinlanghoff a40803130b Per-auth-backend field locks support. Merged from MOODLE_15_STABLE
* Extended set_config()
 * Implemented get_config() which takes over $CFG loading in setup.php
 * admin/auth.php has special handling if post vars starting in pluginconfig_
 * admin/auth.php print_auth_lock_options() prints a form fragment -- being called from most plugins now
 *  user/edit.php follows the new convention when locking down fields, both javascript UI and on POST.
 * admin/auth: More solid checking for auth GET/POST var.
 * admin/auth: print_auth_lock_options() now handles user field mapping options for LDAP and similar modules
 * admin/auth: user mapping options have moved to config_plugins table
 * auth/ldap module has migrated to using new field mapping vars -- simplified config.html a lot
 * auth settings migration to config_plugins
2005-06-02 05:39:41 +00:00
stronk7 ef9b35a01b Tabs are out 2005-05-16 19:38:21 +00:00
paca70 e8a7fa9afd Added missing argumet 2005-04-04 10:16:28 +00:00
martinlanghoff 989fa91059 Now CAS-supplied tokens can override LDAP auth - fixed 2005-03-16 10:23:16 +00:00
martinlanghoff 1f568ab426 Generalized more references to LDAP so as to be reusable by the CAS module 2005-03-16 09:17:00 +00:00
martinlanghoff dd49e6f657 Now CAS-supplied tokens can override LDAP auth 2005-03-16 09:13:15 +00:00
martinlanghoff 56cfbcd5c9 Allow LDAP logic to be reused by other modules 2005-03-15 20:52:34 +00:00
martinlanghoff fc44d2121f Fixed a misnamed/renamed variable probably due to a recent merge from stable that used the old var name. 2005-03-14 19:34:21 +00:00
paca70 879d932815 Fixed mistake on url-trimming and added some debug info. 2005-03-09 20:24:13 +00:00
martinlanghoff cecfc11d81 Merged from MOODLE_14_STABLE - Better handling of trailing semicolons and spaces in LDAP configs. Fixes a regression from 1.4.2, plus fixed typo: == should be = 2005-03-01 03:10:34 +00:00
martinlanghoff b36a8fc4f5 Auth/LDAP
Bugfix - value truncation to fit Moodle database
- Added truncate_userinfo() to cleanup data coming from external auth
- Fixed auth_user_create() to truncate user info as appropriate

Auth_ldap_user_sync
- created external script that calls the function
- much faster update strategy on postgres and mysql: auth_sync_users now to uses bulk inserts into a temp table, and then use LEFT JOINs and plain old SELECTs to determine what users it has to insert.
- we now loop over smaller sets of data -- we are still memory-bound, but (a) it'll be easy to use LIMIT to manage that and (b) memory use is much lower now in all cases.
- postgres: phased commits in auth_user_sync() for the batch user upload phase
- Several feature and performance enhancements:
  - if a value is removed from ldap, it will be cleared from moodle
  - no-op updates (where the data does not change) are skipped
  - if a user disappears and then reappears in LDAP in two separate calls to auth_user_sync(),the account will be marked deleted and then be revived. before, the account would have been deleted and created anew.

Multi-source ldap values:

The LDAP auth module now accepts a comma separated set of LDAP field names. When creating or updating a user record, auth/ldap will retrieve all the relevant fields. The right-most values overwrites all the others.

This is particularly useful when updating the user's email address from an LDAP source, which may contain the email address in one of several fields (traditionally: mail, mailForwardingAddress, mailAlternateAddress).

If a value is updated and is set to update external auth and this field is using this multi-source ldap configuration, the auth/ldap module will retrieve the old value, find which field it was sourced from, and update that field in LDAP. If it fails to find the original source of the value, it will log it in error_log.


Log of patchsets applied:
	arch-eduforge@catalyst.net.nz--2004/moodle--eduforge--1.3.3--patch-131
	arch-eduforge@catalyst.net.nz--2004/moodle--eduforge--1.3.3--patch-137
	arch-eduforge@catalyst.net.nz--2004/moodle--eduforge--1.3.3--patch-139
	arch-eduforge@catalyst.net.nz--2004/moodle--eduforge--1.3.3--patch-172
	arch-eduforge@catalyst.net.nz--2004/moodle--eduforge--1.3.3--patch-173
	arch-eduforge@catalyst.net.nz--2004/moodle--eduforge--1.3.3--patch-189
	arch-eduforge@catalyst.net.nz--2004/moodle--eduforge--1.3.3--patch-190
	arch-eduforge@catalyst.net.nz--2004/moodle--eduforge--1.3.3--patch-208
	arch-eduforge@catalyst.net.nz--2004/moodle--eduforge--1.3.3--patch-212
	arch-eduforge@catalyst.net.nz--2004/moodle--eduforge--1.3.3--patch-216
	arch-eduforge@catalyst.net.nz--2004/moodle--eduforge--1.3.3--patch-279
	arch-eduforge@catalyst.net.nz--2004/moodle--eduforge--1.3.3--patch-282
	arch-eduforge@catalyst.net.nz--2004/moodle--eduforge--1.3.3--patch-287
	arch-eduforge@catalyst.net.nz--2004/moodle--eduforge--1.3.3--patch-294
2004-11-22 07:46:10 +00:00
paca70 8021cc54c1 Allow config how aliases are derefered. 2004-11-08 18:13:00 +00:00
paca70 52192a5ce7 Prevent error messages when username is not member of group 2004-11-08 10:55:57 +00:00
paca70 585c23419d Some more code to support password expiration 2004-10-28 11:40:55 +00:00
paca70 e0f5a5be1d Allow auth_ldap_connect() to take binddn ja bindpwd
CVS: ----------------------------------------------------------------------
2004-10-18 16:33:25 +00:00
paca70 e472709ddd Usersync is almost working now. Only unescaped dots etc.. can broke
database updates.
2004-10-17 18:04:26 +00:00
paca70 986feea0b8 Sync is almost working now... 2004-10-15 07:24:10 +00:00
paca70 6c7f68c73d Firstsync seems to work, but basic sync is broken right now.
I'll return to this in two days.
2004-10-14 11:31:53 +00:00
paca70 3d449701d0 More updates... auth_sync_users will work dome day.... 2004-10-14 10:43:59 +00:00
paca70 b7af1ee832 Checked in some work with user syncronization 2004-10-14 10:03:38 +00:00
paca70 d0e2f755ea Some updates to sync code 2004-10-14 05:06:35 +00:00