Forums | Mahara Community

Developers /
Synching Mahara's accounts and groups with an LDAP directory


anonymous profile picture
Deleted user
Posts: 26

14 January 2012, 11:20 AM

Hello,

In our place, we exclusively rely on CAS/LDAP to synchronize accounts and groups with all institutional applications such as Plone, Moodle ... Thus we needed the same facility to keep Mahara accounts and groups synchronized with our LDAP.

This extension to Mahara provides two scripts :

  • Synching Mahara institution's users accounts with an LDAP directory: Keep the accounts of an institution in sync with accounts existing on a LDAP directory. Depending of command line arguments LDAP accounts not existing in Mahara can be created or not, Mahara accounts not anymore in LDAP can be deleted, suspended or just ignored. Finally existing Mahara accounts details (First Name, Last Name, Preferred Name, Email and Student number)) can be synchronized with LDAP data or not (thus delaying the sync until the next login of the user).

  • Synching Mahara institution's groups with an LDAP directory: Keep the groups and group membership of an institution in sync with an LDAP directory. Depending of command line arguments LDAP groups not existing in Mahara can be created or not and synchronization could be restricted to LDAP groups whose names match (or not) some regular expression.

 

Code to be installed in local's Mahara directory is available here and some documentation is in the associated wiki pages. 

Cheers.

Edit : This works against the master branch on gitorious (I.e; Mahara 1.5 dev) and has not been tested against Mahara 1.4. It requires a small patch to class AuthLdap located in auth/ldap/lib.php to make protected some private methods  (ldap_connect, ldap_find_userdn, filter_addslashes and get_userinfo_ldap)

Kristina Hoeppner's profile picture
Posts: 3739

14 January 2012, 11:46 PM

Hello Patrick,

Thank you very much for your post on these authentication plugins. I also linked them at https://wiki.mahara.org/index.php/Plugins#Authentication_Plugins . Please feel free to make changes there if necessary. Your mahara.org login works on the wiki.

Cheers

Kristina

anonymous profile picture
Deleted user
Posts: 4

29 June 2012, 10:59 AM

Cool, merci

Je suis en train de synchroniser mes users, et je tente les groupes ensuite.

Mahara 1.5

Éric

anonymous profile picture
Deleted user
Posts: 4

26 August 2012, 9:13 AM

Salut Patrick,

Je me mets à la synchro des groupes, mais je suis sous active directory.

J'ai du changer en hard dans lib.php deux lignes.

$this->config['group_class'] = strtolower(!empty($CFG->ldap_group_class) ? $CFG->ldap_group_class : 'group');

$this->config['memberattribute'] = strtolower(!empty($CFG->ldap_member_attribute) ? $CFG->ldap_member_attribute : 'member');

Ça semble êtres les paramètres corrects, puisqu'il trouve les groupes et les utilisateurs des groupes, qu'il crée les groupes, mais qu'il ne remplis pas les groupes.

Voici l'erreur, si tu as une idée :

[WAR] 32 (local/mahara_ldap_sync/lib.php:254) Undefined index: memberCall stack (most recent first):  * log_message("Undefined index: member", 8, true, true, "/var/www/html/mahara/htdocs/local/mahara_ldap_sync...", 254) at /var/www/html/mahara/htdocs/lib/errors.php:446  * error(8, "Undefined index: member", "/var/www/html/mahara/htdocs/local/mahara_ldap_sync...", 254, array(size 15)) at /var/www/html/mahara/htdocs/local/mahara_ldap_sync/lib.php:254  * GAAuthLdap->ldap_get_group_members_ad("Vie Scolaire") at /var/www/html/mahara/htdocs/local/mahara_ldap_sync/lib.php:335  * GAAuthLdap->ldap_get_group_members("Vie Scolaire") at /var/www/html/mahara/htdocs/local/mahara_ldap_sync/cli/mahara_sync_groups.php:286

 

Quand je laisse uniquemember, j'ai pas d'erreur, mais il ne trouve personne !

Je pense qu'il y a un truc à changer codé en dur, non ?

Merci, Éric

anonymous profile picture
Deleted user
Posts: 26

01 December 2012, 2:14 AM

>Ça semble êtres les paramètres corrects, puisqu'il trouve les groupes et les utilisateurs des groupes, qu'il crée les groupes, mais qu'il ne remplis pas les groupes.

Ceci vient du fait quand dans ton AD les DN des membres ne sont pas de la forme samaccountname=vdupont,ou=... mais surement cn=Victor Dupont,ou=... c'est à dire qu'ils ne contiennent pas le 'login Mahara' de l'utilisateur. Ce gag a été corrigé sur github début Novembre

 

Il n'est pas nécessaire de changer le code 'en dur' mais juste d'ajouter dans config.php les changements aux parametres par défaut comme 

//sync of mahara groups with LDAP
$CFG->ldap_member_attribute='uniquemember';
$CFG->ldap_member_attribute_isdn=1; 
$CFG->ldap_process_nested_groups=1;

Si tu ajoutes comme paramètre -v à l'appel au script, tu vas travailler en mode debug et obtenir beaucoup beaucoup plus d'infos qui me seront bien utiles pour trouver les particularités de ton annuaire AD

A+

5 results