Forums | Mahara Community

Support /
LDAP plugin - entering list of groups


anonymous profile picture
Account deleted
Posts: 9

05 February 2014, 11:57

I'm so thankful for 1.8 because of the ability to automatically create groups based on LDAP groups. But I can't figure out how to enter a list of LDAP groups in the LDAP plugin field called "Include only LDAP groups with these names". If I only put in one LDAP group, like "mahara-users", then it works great. But I can't figure out the syntax for entering more than one group.

I've tried a space (mahara-users chem-admins).

I've tried a comma (mahara-users,chem-admins).

I've tried a comma and a space (mahara-users, chem-admins).

I've tried a semi-colon (mahara-users;chem-admins).

Nothing has worked so far. Can anyone share what the syntax should be?

Thanks.

John

anonymous profile picture
Account deleted
Posts: 26

07 February 2014, 1:48

Hello John,

       The way I programmed it as an extension of  1.7( https://github.com/patrickpollet/mahara_ldap_sync)  before it was included in core 1.8 is that the include list (parameter -o) or exclude list (parameter -x)  is to be a semi-column separated list of regular expressions such  as 

     repository*;cipc-*[;another reg. exp.]  

this would mean all groups with name starting with repository or cipc-

      A quick peek at 1.8 code (in auth/ldap/lib.php near line 1412 show that it is always the case.

 

      Since the script cli/sync_groups.php is a command line script you MUST surround parameters values containing some Unix specific characters (or simply space) in simple quotes . This is indeed the case with the semi column 

thus I would try

    -o ' mahara-users;chem-admins' 

this should expain why it works with a single group and fails with more than one ;-) 

Cheers        

 

anonymous profile picture
Account deleted
Posts: 26

07 February 2014, 2:45

Hi again, 

     I peeked again to current 1.8 code in auth/ldap/lib.php and I suspect it is broken when group sync is done by Mahara INTERNAL cron . In that case the include/exclude parameters are fetched from LDAP settings see http://manual.mahara.org/fr/1.8/administration/institutions.html#new-in-mahara-1-8-ldap-group-sync and surrounding them with quotes is irrelevant . 

 According to current code of auth/ldap/lib.php near lines 2188, the list should be comma separated 

  1. if ($includelist !== null) {
  2. if (!is_array($includelist)) {
  3. $includelist = explode(',', $includelist);
  4. }
  5. $instance->set_config('syncgroupsincludelist', $includelist);
  6. }

My previous advice to surround parameters with quotes is valid ONLY when calling scripts cli/sync_groups.php by the Unix cron (i.e. having an entry in server's  /etc/crontab) as shown of the wiki of my github repository. An even in that case, current code shows that it is to be a comma separated list (see method auth_ldap_sync_groups near line 2189

I guess Aaron that ported my code to Mahara core will help your more on this now.

 

Sorry.

 

anonymous profile picture
Account deleted
Posts: 9

07 February 2014, 3:42

No sorry needed. Thank you very much for the detailed response. I'm hopeful that I'll get this to work. This is great information!

John

anonymous profile picture
Account deleted
Posts: 9

08 February 2014, 9:24

I found that the comma-separated list of LDAP groups in the field "Include only LDAP groups with these names" was only working for the first group in the list. So with the help of my collegue, Sam DeLaughter at UMass Amherst, the following changes to lib.php (in the auth/ldap directory) fixed the problem. (This is around line 1408)

        foreach ($groups as $group) {
            // Modified by Sam DeLaughter of UMass Amherst.
            $nomatch = 0;

            log_debug("Processing group '{$group}'");

            // Check whether we should skip this group
            if (!empty($includelist)) {
                foreach ($includelist as $regexp) {
                    if (!filter_var($group, FILTER_VALIDATE_REGEXP, array("options" => array('regexp' => '/' . $regexp . '/')))) {
                        log_debug($group . " skipped because not in include list \n");
                        continue;
                    }else{
                        $nomatch = 1;
                    }
                }
                if ($nomatch == 0){
                    continue;
                }
            }

John

Kristina Hoeppner's profile picture
Posts: 4717

09 February 2014, 16:28

Hello John and Patrick,

Thank you for your suggestions. I filed a bug report at https://bugs.launchpad.net/mahara/+bug/1278013

John: If you wish, you / Sam can put your ptach through to our code review system. If not, it would be great to get Sam's email address so it can be included in the patch authorship if we use the patch as is.

Cheers

Kristina

 

anonymous profile picture
Account deleted
Posts: 9

11 February 2014, 2:11

Hi Kristina,

I'm not a developer, so the process looks a bit involved for the contribution. I'll opt to simply provide Sam DeLaughter's email address, which is sdelaughter[a]umass _ edu.

Thanks.

John

anonymous profile picture
Account deleted
Posts: 26

11 February 2014, 23:45

Hi John & Kristina

      I just pushed on my github https://github.com/patrickpollet/mahara_ldap_sync/commit/13c3d419f2e9b9336297ae9a69d9e414af542a48 a slightly different fix  for Mahara 1.7.  I guess modified code of my function ldap_sync_filter_name  could be easily ported to 1.8 core. 

 

This has been tested as a command line script with 

./mahara_sync_groups.php -i=premiercycle -o='test;^repo*' -x='-18' -v  

that is include only LDAP group whose names starts with repo but not those containing -18 (such as repository-18, repository-180 .... on institution named premiercycle and in verbose mode.  

Cheers 

Edit :  Note that in 1.7 the lists are semi-column separated whereas in 1.8 they must be column separated. 

 

Kristina Hoeppner's profile picture
Posts: 4717

19 February 2014, 8:18

Hello Patrick,

Son is working on getting the change made in core. Please feel free to test it. See https://bugs.launchpad.net/mahara/+bug/1278013

Cheers

Kristina

 

9 results