Started work with bug 2007
Bug 1969 is partacaly fixed. ldap-module supports now password expiration.
Some work with bugs 761 and 1730
Changes in login/index.php
Reordered some code to make variables reusable in multiple places.
Added redirection in case of expired password
When first server(s) are down there delay before connecting secondary servers.
So you system feels slow if first server is down, but Moodle still authenticates to sedondary servers.
Other major change:
auth_ldap_bind fuction is removed.
due phps ldap_connect() limitations auth_ldap_connect() does now also ldap_bind()
to see if server is up.
auth_get_users ()
Returns all userobjects from external database, with userinformation
like address, phone ...
auth_sync_users ()
1. Adds users from externaldatabase to moodle.
2. renamed user in moodles db if renamed in externaldb
3. "Delete" user in moodles db if removed from externaldb
and configuration interface for guid. ;)
Course creators are managed by /admin/creator.php , same way that admins.
Or if authetication module have 'auth_iscreator'-function (right now only ldap-module have) ,
users are added to creators at login time.
Works currently only with ldap-module (tested with e-directory), but
other modules could be extended too by
adding following functions:
function auth_user_exists ($username) {
//returns true if given username already exists on authetication database
}
function auth_user_create ($userobject,$plainpass) {
//create new user to authentication database
//in inactive state (if posible)
//returns true if user is created
}
function auth_user_activate ($username) {
//activate external user after email-address is confirmed
//returns true if user is activated
}
exposes the wide array of authentication possibilities.
Authentication now has it's own page separate from other variables.
Most of this work was done by Petri Asikainen <paca@sci.fi>, who started
these changes off.
I've done some cleanups and additions which is why I'm checking it in.
It's all working pretty well at the moment but could use some testing.
Thanks, Petri! :-)
It contains also experimental auth_get_userinfo() function, what is not used by moodle yet.
If you like to try it, create following $CFG variables to /config.php or directly to config-table and activate
ldap authentication from admin-configuration page.
$CFG->ldap_bind_dn "If your like to use bind-user to search users, specify it here. Someting like 'cn=ldapuser,ou=public,o=org'"
$CFG->ldap_bind_pw "Password for bind-user."
$CFG->ldap_contexts "List of contexts where users are located.
Separate different contexts with ';'. Something like 'ou=users,o=org; ou=other,o=org'"
$CFG->ldap_host_url "Specify LDAP host in URL-form like 'ldap://ldap.myorg.com/' or 'ldaps//ldap.myorg.com/' ";
$CFG->ldap_search_sub "Put value <> 0 if you like to search users from subcontexts.";
$CFG->ldap_user_attribute "What attribute is used to name/search users. Usually 'cn'. ";
More configuration optios are coming. This version is tested against Novell E-Directory without SSL and it works fine.
