Quantcast
Channel: Authentication
Viewing all 8253 articles
Browse latest View live

LDAP server (Sync Plus) - Required fields for entry

October 27, 2020, 2:45 am
$
0
0
by Дмитрий Курбатов.  

Good afternoon!

I have Moodle 3.9.

Is there a solution or workaround that would allow creating new user accounts without specifying Name, Surname and E-mail, if the LDAPserver authentication method (Sync Plus) is specified?

From the description for this plugin, it follows that “The only thing you have to specify correctly is the username (which corresponds to the username in LDAP). All other details like first name or email address can be filled with placeholder content. After you click the "Create user" button, Moodle pulls the other user's details from LDAP and creates the user account correctly with the details from LDAP. "

How to disable even the need for "placeholders" at all, i.e. make the above fields optional if the authentication method is LDAP server (Sync Plus)?

Thanks in advance.

Search

Re: LDAP server (Sync Plus) - Required fields for entry

October 27, 2020, 9:46 am
$
0
0
by Emma Richardson.  

Do you don't want these fields in Moodle at all? How will they get contacted without an email?

Re: LDAP server (Sync Plus) - Required fields for entry

October 27, 2020, 11:21 am
$
0
0
by Дмитрий Курбатов.  

Dear Emma!

The point is that if the data source for these fields is the LDAP-catalog, then there is no need for them (fields) to be required for input.They should be at least optional, or disabled (unavailable) at all.

Filling in these fields with so-called «placeholders» in order to bypass the integrity constraint (the data is not saved if you leave the fields empty - the System requires you to fill in the Name, Surname and E-mail), I find it very inconvenient, unreasonable and suboptimal.

Re: LDAP server (Sync Plus) - Required fields for entry

October 27, 2020, 5:03 pm
$
0
0
by Iñaki Arenaza.  

Dear Дмитрий Курбатов

I'm not sure I'm understanding you right. Moodle expects every user to have at least a name, a surname and an email (in addition to a username and password). That expectation is deeply ingrained in Moodle. It will assume those values are always available and will try to use them in lots of places in the code. If they are empty, sometimes you will get very strage behaviour. Oh, I forgot. Moodle needs those values in its own database. Not in an external system that needs to be queried when it needs those fields (for performance and code complexity reasons)

If you already have those values in your LDAP catalog and want to use them, why don't you want Moodle to simply copy those values automatically from LDAP to its own database when the user logs in for the first time (or even every time, if you want to keep them updated). If you tell Moodle how to get those values (you just need to fill in the righ values in the data mapping section) it will do it automatically. No need for placeholders or the user to fill in those values him or herself.

Saludos.

Iñaki.

Re: LDAP server (Sync Plus) - Required fields for entry

October 27, 2020, 10:41 pm
$
0
0
by Дмитрий Курбатов.  

Hello dear Iñaki Arenaza.

Thank you for your message.

Unfortunately, you really misunderstood me, so I apologize for my poor English.

Of course, the Name, Surname and E-mail as mandatory (necessary) attributes should be stored and processed directly in the Moodle database, and not be retrieved «on the fly» with each request from the LDAP catalog. 😉

My question, or more precisely, the request was directed to the fact that if the LDAP server authentication method (Sync Plus) is set for the user account and further it is assumed that the Name, Surname and E-mail will be automatically filled in (or synchronized) with LDAP
1) at the first user login to the System, or
2) as suggested by the LDAP server plugin (Sync Plus), directly during the creation of a user account manually by the Administrator,
then perhaps it is superfluous to control for the inadmissibility of empty values ​​in the above attributes at the User Interface level (not in the Moodle Database)?

P.S. Our IT-company implements Moodle not in an educational institution, but in a business company - an airline, where the educational process has its own specific features and differs significantly from educational institutions. In particular, it is impossible to automatically create an account in Moodle when you first log into the System, filling in the missing user information from the LDAP. We have requirements, user accounts will only be created centrally by the Administrator.

really hope that my additional explanations will allow you to get constructive suggestions and / or solutions, including that this requires a complete redesign of the user input form to adapt it to LDAP (develop your own plugin).

Ri: Invalid login. Please try again

October 29, 2020, 3:27 am
$
0
0
by Daniel Gavriliuc.  

Have you got logstore xAPI installed and enabled?

Confirmation of Operation of the OpenID Connect and Oauth2 authentication and multi-tenancy

October 29, 2020, 9:46 am
$
0
0
by Chris Swinney.  

Hi All, 

I raised this as an issue in the MS o365-moodle plugin tracker but haven't got any feedback as yet, so wonder if anyone else was doing something similar.

We use Moodle (indeed now Moodle Workplace) to deliver training both internally, and (most importantly) externally to many partners and customers. We currently use the O365 series of plugins (which includes the OpenID Connect authentication plugin), that allows us to not only provide authentication against Azure AD for our internal employees but also to pre-provision those users into our internal courses that are required when onboarding new staff.

However, we need to provide a mechanism to enable ALL our partners and customers to be able to use their own MS365/Google authentication. Correct me if I'm wrong, but I do NOT think I can use the current OpenID Connect authentication?

You can set up multi-tenancy in the O365 plugins, but I believe this is more for multiple tenants that would exist within your own organisations rather than generic tenants used by others. I did try this on a demo setup and it appeared as if other domains were then asked for consent against our AAD app, which is totally impractical.

Question 1

Does this then mean that I need two separate authentication buttons for MS365? One for internal users via the OpenID Connect, and another for all other users via Oauth2? 

Question 2

Slightly different but related to above, is it possible to allow users to sign up with their corporate identities, yet also bind that Moodle account to be able to be accessed using a personal login? People do have a tendency to move positions and companies, but their training accomplishments should be personal to them, but also linked to the partner organisation what at that organisation. 


NOTE: I should also say, we will not be providing a CAS, so all authentication like this should be offloaded to the relevant Identity Providers.

Re: Run Now

October 30, 2020, 3:24 am
$
0
0
by Susmitha Nori.  

Many thanks Leon. It worked for me.
Search

How to show password field in login box with reveal toggle

October 30, 2020, 5:21 am
$
0
0
by alfonso marotta.  

Hi, 

I use theme Moove but when my students write the login and password they haven't got the possibility to view the password. 

So is there a way to show them the password field with reveal toggle like an eyes or a checkbox?  

SAML2 exception. Cannot retrieve metadata for iDP

October 30, 2020, 9:40 am
$
0
0
by Steve Evans.  

I have a user who is unable to login from the SSO but the direct URL works.

SAML2 exception. Cannot retrieve metadata for iDP

https://sts.windows.net/* because it isn't a valid iDP for this SP

error/auth saml2/exception

docs.moodle.org/35/en/error/auth_saml2/exception

user is using MAC OS.




How can I disable a registration if a value is duplicated?

October 31, 2020, 4:13 pm
$
0
0
by Plataforma Aula Virtual.  

Hi! 

I'm administrating a Moodle site in which many students have two accounts. Those students can't have the same email, since the system won't allow that in the registration form.

The registration form allows students to create an account with the same student's identity document which is duplicated in this cases I'm describing. How can I deny the form submission if the student's identity document number is already in the database for another student?

Thanks!

Re: Run Now

November 1, 2020, 10:51 pm
$
0
0
by Mai Nguyen.  

Thanks for the reply. But I use hosting and I can't find Path to PHP CLI

And "Sync users with Azure AD": Never

Please help meimagee. 

Re: Run Now

November 2, 2020, 3:12 am
$
0
0
by Susmitha Nori.  

Please find the path I followed in Moodle for this setup >
Site administration > Server> System Paths. For example below is the screenshot for my setup
I have XAMPP installation for Apache where Moodle is running. Therefore the path is under XAMPP folder. When provided that path in environment variables run now option started appearing.  
I hope this helps. Thank you

Re: Run Now

November 2, 2020, 3:30 am
$
0
0
by Leon Stringer.  

What version of Moodle do you have?

Path to PHP CLI

Screenshot highlighting 'Site administration > Server > System' paths in Vietnamese

Screenshot showing 'Path to PHP CLI' in Vietnamese


Sync users with Azure AD: Never

Is the cron set up and working? If your screenshot is recent then maybe it's not working, e.g. task Create user groups in Office 365 should run every time the cron is run but your screenshot shows this was last run on Thursday, 22 October 2020, 11:15 AM.

CAS plugin LDAP Sync : can't get group creators sync working

November 2, 2020, 4:49 am
$
0
0
by Baptiste PELLEGRIN.  

Hello Moodle admins !

I try to import my users from an OpenLDAP server and I can't get my "teachers" users assigned the "course creator role".

All my users are imported correctly (I also import cohorts from groups successfully) but no one get the system course creator role.

On the "Course creator" part of the CAS plugin  :

-> I let the "Attribute creators" filed empty.

-> i set the "Group creators" field to "cn=mygroup,ou=myunit,dc=myorg,dc=fr"


The description of these parameters seems strange. May be an error ? Or these parameters are outdated ?

-> The "attribute creators" is documented as :

List of groups or contexts whose members are allowed to create attributes. Separate multiple groups with ';'. Usually something like 'cn=teachers,ou=staff,o=myorg'


-> The "Group creators" is documented as :

List of groups or contexts whose members are allowed to create groups. Separate multiple groups with ';'. Usually something like 'cn=teachers,ou=staff,o=myorg'


Any Idea ?

Regards,

Baptiste.

Search

Re: Run Now

November 2, 2020, 10:47 pm
$
0
0
by Mai Nguyen.  

Thanks for reply

image

image

LDAP Sync via AD-Groups

November 3, 2020, 3:14 am
$
0
0
by Dominik Rehm.  

Hello together,

we got following challenge: we tried to import active directory users over 2 security groups. One is for the moodle users, and the other one for the content creators. After succesfully binding and adjusting the organisation unit we got only one user imported succesfully (which was not member of one of the security groups). The other users from the security groups will not be imported. 

We tried the import over the system rules (add the dn of the security group).

Does anybody had this issue or might has an idea why the import is not working?

Thanks in advance.

Dominik

Re: Run Now

November 3, 2020, 3:23 am
$
0
0
by Leon Stringer.  

/usr/local/php72 is a folder, Path to PHP CLI must be a file.

If you have command line access to the server then the command which php should show this, for example on my server:

Screenshot showing the command 'which php' in a terminal window, result: /usr/bin/php

On your server it may be /usr/local/php72/php so you could try that.

OAuth2 Custom Service connecting to Processmaker

November 4, 2020, 1:38 am
$
0
0
by BC tan.  

Seeking for the advise from the expert. I am new to Moodle.

We are trying to setup the OAuth2 custom service connecting to our portal running on processmaker 3.0

Below are the endpoint setup:

authorization_endpoint: https://myprocessmakersite.com/api/1.0/myworkspace/oauth2/authorize
token_endpoint: https://myprocessmakersite.com/api/1.0/myworkspace/oauth2/token
userinfo_endpoint: https://myprocessmakersite.com/api/1.0/myworkspace/users

When it's redirected back to https://mymoodlesite.com/admin/oauth2callback.php, we are getting the error below. 

Your session has most likely timed out. Please log in again.
More information about this error

Anyone share with us your experience if you have done the similar setup and help us on resolving this error.

Excesive users from LDAP

November 9, 2020, 5:22 am
$
0
0
by Pedro Gago.  

Hi all,

I think I have made an error configuring LDAP with the bind_dn or the context and I have now in Moodle more users than needed. I want to revert this situation. I have changed the bind_dn and force a resync but all the users still exist in Moodle.

My question is: how can I delete this extra users? Please, consider that the correct users have information (courses done, califications, etc) and I don't want to lose it.

My Moodle version is 3.9.

Thanks in advance. 

Pedro

Viewing all 8253 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>