Forums | Mahara Community
Support
/
LDAP authentication not auto creating users
14 October 2014, 19:05
We are using Mahara 1.9 and have migrated from version 1.6 on a windows install to a Linux box. The LDAP has been set up and works fine for old users but and new user, when they try and log in Mahara reports a non specific error has occurred. Not helpful.I have no idea why the LDAP a should work fine for old users but not with new ones. On the old system it auto created users but now doesn't.
Does anyone know of a possible Linux setting that we have not taken care off?
Thanks in advance
Steve
14 October 2014, 23:52
I have tried to manually create an account and still get the following message.
ePortfolio: Site unavailable
A nonrecoverable error occurred. This probably means you have encountered a bug in the system.
No idea why.
15 October 2014, 9:07
Hi Steve,
Hmm, that generic error message can be thrown for a number of reasons.
Are you able to check the error logs after trying to make a user to see if there is a more detailed error message there?
If there is can you paste it here?
Also if you check the Administration -> Extensions are there any un-installed plugins that may relate to user creation?
Cheers
Robert
15 October 2014, 11:24
Since you're having problems with LDAP specifically, make sure that you've got the PHP LDAP module installed. In Ubuntu Linux, for instance, it's listed as a separate package called "php5-ldap".
There is a list of required PHP modules in the README file that comes with Mahara... although I've just noticed that the LDAP module isn't listed there. I guess I always assumed (until now) that it was a standard part of PHP. I'll add that in for the next release.
Cheers,
Aaron
18 October 2014, 0:01
OK narrowed it down.
It seems that I can add a user on manually but I am unable to add them into the institution.
This causes the new user creation to fail.
If I select no institution then I can create a new user with LDAP authentication.
Any ideas why I get the error message when I try and add the users to the institution?
20 October 2014, 10:45
Hi Steve,
Now that's a weird one.
I don't know why it would be erroring out for users in an institution, but not for users in "No institution". (In fact on the back-end, "No institution" is an institution.)
I'd recommend you take a look at your PHP error logs to see what the actual underlying PHP error is. The actual location of your PHP error logs will vary depending on your operating system and server configuration; in Ubuntu Linux by default they get printed into the Apache web server error logs at /var/log/apache2/error.log .
If you can't locate your error logs in your filesystem, you can also tell Mahara to print them directly to the web browser. The easiest way to do this is by adding "$cfg->productionmode = false;" to your config.php file. (This will also put a big pink warning on the top of the screen saying the site is not in production mode.)
Cheers,
Aaron
20 October 2014, 12:40
Hi Aaron
Thanks for info about printing error logs to screen - I've been wanting something like this for a while but didnt know there was functionality there.
I'm a non-technical admin so would really like to be able to turn this on and off myself (as the change is in the config file i have to go to someone else). Do you know if there is any plans to add this to the Site Admin area? I think it would be great if it was there somewhere too. If not i can add it as a feature request.
Cheers
Anita
20 October 2014, 20:43
Hello Anita,
I understand your concerns, but I don't think having too much root or admin options for the Mahara site administrators is a good thing.
On every platform it is important there is one hardware and core software admin who knows about CGI scripts (e.g. PHP, Phyton, Perl,...), Web servers and databases (e.g. MySQL, Oracle, Progresql,...) for multiple reasons. First because of security holes you could create if you don't know how to secure these different parts of a Web service; second because the configuration of all these parts of a server is not trivial; third and not the last, because all theses different elements must be smoothly integrated to work all together. It takes time and request some work to be able to master all these technical elements.
This has to be the sake of the server manager only. IMHO.
On the other hand, it is not the technician job to manage the service's life. This is therefore one Mahara or Moodle platform must have at least one site admin (I would say should have only ONE site admin). This person has already a lot of power but must not have access to tools or options that could jeopardize the security of the site. This person has then no reason to access to information she or he won't be able to manage or deal with.
After we have the institutions admin and staff and the groups admin and tutors. At each time with less power but the are closer and closer to the users and the tasks the users have to do.
In you "in-between" situation (I have personally been long time ago before you) you have two solutions :
- learn the technical skills needed to manage a server and drive the cart from the driver's seat. It will take time, but with a virtual server on your machine you can train yourself to become, maybe not a web server specialist, but a web server confident. Books, forums, web sites, are available to give you all the required information about this personal, hard but interesting journey.
- work closer with your ISP or the person in charge of your server in your institution. Create a real bond in discussing your need, the need of your Mahara users and agree on a way of working together. Then you have to accept to depend on your IT guy (or girl).
Both solution work well. But referring to my own experience, staying in-between is not the best position to be.
Hope this helps (a bit)
Regards,
-dajan
21 October 2014, 18:23
Hi Anita,
I would not be opposed to adding that to Mahara (it's a feature that Moodle has, and I have found it helpful there). But what Dajan says is more or less correct, the error messages you'd see from this are not particularly helpful to a non-technical user. On the other hand, it could be helpful in gathering information to send off to tech support.
If you care to hack your existing site, here's a quick-and-dirty script I whipped up to let you switch production mode on and off from the web. Of course, you have to have your tech person make the necessary changes on your server first.
1. Open up htdocs/lib/config-defaults.php, and comment out the line that sets $cfg->productionmode to true
2. If you have a setting for $cfg->productionmode in your htdocs/config.php file, remove that.
3. Place this PHP script at htdocs/local/productionmode.php
<?php
define('INTERNAL', 1);
define('ADMIN', 1);
require(dirname(dirname(__FILE__)) . '/init.php');
if (isset($_POST['submitted']) && $_POST['sesskey'] == $USER->get('sesskey')) {
set_config('productionmode', ($_POST['productionmode'] ? 1 : 0));
}
$productionmode = get_config('productionmode');
?><form method="POST">
<b>Production mode:</b>
<select name='productionmode'>
<option value="1" <?php if ($productionmode) echo 'selected'; ?>>On</option>
<option value="0" <?php if (!$productionmode) echo 'selected'; ?>>Off</option>
</select>
<br>
<input type="hidden" name="submitted" value="1">
<input type="hidden" name="sesskey" value="<?php echo $USER->get('sesskey'); ?>">
<input type="submit">
</form>
Once that's done, you should be able to go to http://<yoursite>/local/productionmode.php and switch production mode on and off. The script will require you to have site admin access to do so.
Cheers,
Aaron
02 November 2014, 16:50
Hi Stephen,
Did you check:
- That the setting for auto-creating users is still turned on?
- That you have not reached the limit of allowed users in your institution? Sometimes this gets set in the institution settings (same screen where you select your authentication method towards the bottom).
Cheers
Kristina