by Grant Wright.
Thank you! Exactly what I was looking for.
Yes we are in the middle of an O365 transition.
↧
Re: AD UPN changed, users can't access Moodle Accounts
↧
Disable Username and Email Enumeration in New Account Form
by Roger Mepham.
Hi
A recent penetration test identified a security flaw in our Moodle 2.7's self registration process which allows a potential hacker to discover whether a username or email is valid by using either in the new user sign up form and then getting the "This username already exists, choose another" or the "This email address is already registered. New password?" message.
Does anyone have a suggestion as to how to bypass this message and just display a "thank you for registering" message?
Thanks for any suggestions and comments.
Roger Mepham
↧
↧
Re: Er: Re: How to use multiple LDAP servers with Moodle 2.0(!)
by Georges O..
Hi Inigo,
I was able to do authication to multiple ldap servers along with NTLM SSO referring to the post of Inaki however there is a problem that the username is stored in Moddle without the domain if I retrieve sAMAccountName from AD and stored as user@domain.com if I use userPrincipalName from AD.
However NTLM works only with sAMAccountName as in userPrincipalName I have to retype username as password to login.
My problem is that I have duplicate usernames between the domains, for example:
domainname1\userIntitial17
domainname2\userIntitial17
and without having this combination, the second user is not able to authenticate.
Best regards,
Georges
↧
Re: How to use multiple LDAP servers with Moodle 2.0(!)
by Emma Richardson.
Is it enabled? And what error do you get when you try to log in with one of those accounts?
↧
Re: How to use multiple LDAP servers with Moodle 2.0(!)
by Georges O..
yes it enabled and I the first user is able to authenitcate correctly however the second one is redirected to enter a user/pass
I have also created the following to test how it is displayed
<?php
if (isset($_SERVER['REMOTE_USER']) && !empty($_SERVER['REMOTE_USER'])) {
echo "<p>NTLM authentication seems to be working. User: " . $_SERVER['REMOTE_USER'] . "</p>";
} else {
echo '<p>NTLM is not working</p>';
}
?>
it is giving for each:
Domain1\MyUserName17
Domain2\MyUserName17
However, if you go inside Moodle into:
Dashboard
Users
MyUserName17
Preferences
User account
Edit profile
the username will be: MyUserName17 instead of Domain1\MyUserName17
↧
↧
Re: How to use multiple LDAP servers with Moodle 2.0(!)
by Emma Richardson.
Sorry, got confused because you are in an old post with so many messages. I replied to some other message that is in the middle of yours. It is so much better to start a fresh thread.
However, are you sure it is wrong? Just because the username does not include the domain, the users will be distinguished by authentication method...
↧
Er: Re: Er: Re: How to use multiple LDAP servers with Moodle 2.0(!)
by Iñigo Zendegi Urzelai.
Hi Georges,
I'm not 100% sure but I'd say that with this method you cannot validate identic usernames from different domains because, as Emma said, the domain is stored in the authentication method and the username must be unique.
For example, if you have two users (domain1\username33 and domain2\username33) and the first one logs in his/her username is stored in the user table with the authentication method pointing to that domain, so when the second user tries to log the system tries to authenticate it using the domain of the first user.
↧
Re: Er: Re: Er: Re: How to use multiple LDAP servers with Moodle 2.0(!)
by Georges O..
Hi Inigo,
When I used: "userPrincipalName" instead of "sAMAccountName" for the User attribute, both usernames were stored in this format: username33@domain1.com and username22@domain2.com which solved my problem however NTLM did not work.
Best regards,
Georges
↧
Social Media Login in Mobile App
by Vivek Kalyanarangan.
Hi Moodle Gurus!!
Is there a way to add social media login like facebook, google etc to the moodle mobile app?
The lenauth plugin runs well on the website but I can't find a way to do it in the mobile app. Help!
↧
↧
Re: LDAP with Active Directory - Failover to secondary server delays before connection successful.
by Joe Dutro.
I just realized that the subject or my post does not really help indicate that I need to see if there is a setting in the authentication plugin or in Moodle itself that I can change the authentication timeout when using multiple authentication sources in the event of a need to fail over to another authentication server.
Is there a setting or a modification that can be made in the authentication plugin or in moodle php itself that I can reduce the timeout from approximately 5 minutes per login to around 60 seconds?
When we disable the primary authentication server, moodle login attempts to communicate with the disabled server for about 5 minutes. It will then authenticate on the secondary server. If I refresh the screen, close the browser or start over with the login process the clock starts over and takes 5 minutes. This is per login as well.
Any help or guidance would be appreciated,
Joe Dutro
↧
LDAP SyncPlus - problem
by Mario Gharib.
Dear Moodlers,
We are using:
- Moodle 3.1 (Postgresql 9.2.2; PHP Version 5.5.26) with
- Server RedHatEnterpriseServer 5.3 Tikanga (Apache/2.2.4) RAM 32GB; CPU 8 GHz,
- LDAP server (Sync Plus) plugin: Version v3.1-r1 (2016071900)
We are trying to sync all our LDAP new users (that has not logged in into Moodle),
Since the LDAP plugin doesn't give me this option, we installed the LDAP SyncPlus plugin,
So what we did is the following:
- We Inserted the folder LDAP SyncPlus in the following place on Linux:
[full path to moodle]/auth, - We disabled the auth_ldap plugin,
- We configured and activated the auth_ldap_syncplus plugin,
- We updated the table mdl_user by executing:
UPDATE mdl_user SET auth='ldap_syncplus' WHERE auth='ldap'
We tried to schedule a task for auth_ldap_synchplus (through site administration -> server -> Scheduled tasks) but it keep showing ASAP,
So what we did is the following:
we executed
php [full path to moodle]/admin/tool/task/cli/schedule_task.php --execute=\\auth_ldap\\task\\sync_task
And here is what we are getting as a PHP Fatal error:
PHP Fatal error: Allowed memory size of 402653184 bytes exhausted (tried to allocate 72 bytes) in /usr/local/apache2/htdocs/moodle2.2/lib/dml/pgsql_native_moodle_database.php on line 812
Potential coding error - active database transaction detected during request shutdown:
* line 419 of /auth/ldap_syncplus/auth.php: call to moodle_database->start_delegated_transaction()
* line 54 of /auth/ldap_syncplus/classes/task/sync_task.php: call to auth_plugin_ldap_syncplus->sync_users()
* line 137 of /admin/tool/task/cli/schedule_task.php: call to auth_ldap_syncplus\task\sync_task->execute()
I tried to modify the memory_limit by
- memory_limit 1024M,
- restart apache server,
But it keeps giving me the same error,
Your help would be very appreciated
↧
Re: LDAP SyncPlus - problem
by Emma Richardson.
I am not familiar with the SyncPlus plugin but it looks like you are just hitting a timeout.
FYI - the regular LDAP has a sync utility. It is built in the Scheduled Tasks and can be enabled there or, if you do not enable in scheduled tasks, you can run it manually from moodle/auth/ldap/cli folder.
It could be an issue with syncplus so you could just revert to the regular ldap module.
↧
Re: LDAP SyncPlus - problem
by Mario Gharib.
Thank you Emma for your reply,
The thing is that with the regular LDAP, we do not have the option of adding new users
In the LDAP sync plus I have this option, as it is shown in the figure below.
I am afraid if I sync using the regular LDAP, all modifications that users made on Moodle (for example, we have users who changed their emails on Moodle) will be lost and will be replaced by original information on LDAP,
↧
↧
Capabilities - Create a user account
by Leticia Dark-rose.
Hi,
I am creating a customised role - Account Creator, which is to create manual student account. I have allowed the capability below, however the option is not there... only to browse bulk accounts. Can anyone asst with the roles that also need adding?
Capabilities/moodle/restore:createuser
Thanks
↧
Re: User Registration: Conditional User Profile Fields
by Shamim Rezaie.
Hi
You can use conditional profile field plugin
↧
Re: Capabilities - Create a user account
by Mary Cooch.
That capability is for allowing a user to create users when restoring a course, not for manually creating new users. The simplest way would be to give your account creator a sitewide Manager role. Would this work for you?
↧
Re: LDAP SyncPlus - problem
by Emma Richardson.
You can add new users with LDAP. Plus you can switch the update local behavior to only update when the user is created which would take care of your students adding emails. Also, once you have it going, you can set it up where any change in moodle is saved in ldap.
Anyway, I guess if you continue to have trouble with the plugin you are using, you might check with the developer. I can see that it has a few extra features but everything you have mentioned is already in the original plugin.
↧
↧
External Database queries
by karthi R.
Hi,
We are using External Database for connecting moodle, We are able to connect but the problem is when ever user login for the first time its taking to Edit profile page. How to restrict users from editing the profile. Thanks in advance.
↧
Re: External Database queries
by Emma Richardson.
This is because the profile on the database is missing a moodle required field.
↧
Re: External Database queries
by karthi R.
Thanks A lot EMMA!
↧