Skip to content

Home

Jump to bottom Edit New page
patrickpollet edited this page Mar 25, 2013 · 20 revisions

Welcome to the mahara_ldap_sync wiki

In our place, we exclusively rely on CAS/LDAP to synchronize accounts and groups with all institutional applications such as Plone, Moodle ... Thus we needed the same facility to keep Mahara accounts and groups synchronized with our LDAP.

This extension to Mahara provides three command line PHP scripts :

  • Synching Mahara institution's users accounts with an LDAP directory: Keep the accounts of an institution in sync with accounts existing on a LDAP directory. Depending of command line arguments LDAP accounts not existing in Mahara can be created or not, Mahara accounts not anymore in LDAP can be deleted, suspended or just ignored. Finally existing Mahara accounts details (First Name, Last Name, Preferred Name, Email and Student number) can be synchronized with LDAP data or not (thus delaying the sync until the next login of the user).

  • Synching Mahara institution's groups with an LDAP directory: Keep the groups and group membership of an institution in sync with an LDAP directory. Depending of command line arguments LDAP groups not existing in Mahara can be created or not and synchronization could be restricted to LDAP groups whose names match (or not) some regular expression.

  • Synching Mahara institution's groups with an LDAP specific attribute value: Keep the groups and group membership of an institution in sync with lists of LDAP users having some value in a given LDAP attribute. Depending of command line arguments LDAP groups not existing in Mahara can be created or not and synchronization could be restricted to values of the attribute whose names match (or not) some regular expression.

###Installation :

See the file README

Caveat :

  • These scripts have been tested against the latest version of Mahara (1.5) available on the master branch at http://gitorious.org/mahara/mahara

  • They may requires minor modifications to file mahara/auth/ldap/lib.php (changing private to protected to methods ldap_connect, ldap_find_userdn, filter_addslashes and get_userinfo_ldap, of class AuthLdap) until these modifications are incorporated in Mahara core. See https://bugs.launchpad.net/mahara/+bug/925000

  • These scripts are meant to be run on a nightly cron job on the Mahara server hosted on a Linux LAMP server. I just have no idea how to run then on a Windows based WAMP server.

  • The Mahara institution to sync with LDAP must have an LDAP or CAS authentication plugin activated and properly configured , since these scripts reuse the configuration of these plugins to fetch LDAP data ; some configuration values of the authentication plugin such as search contexts and serach sub contexts can be overriden by appropriate command line arguments.

  • For sites managing several institutions, thus using different LDAP directories or different ou within the same LDAP directory, it is possible to run these scripts for each institution.

  • The script mahara_ldap_sync_users should be run and complete before any script mahara_ldap_sync_groups* since the second one do not create accounts present in LDAP and not existing yet in Mahara.

  • If you have a large number of groups/users, you may want to raise the memory limits by passing -d memory_limit=256M or more to php

  • For debugging & better logging, you are encouraged to use in the command line : -d log_errors=1 -d error_reporting=E_ALL -d display_errors=0 -d html_errors=0

Add a custom footer
Add a custom sidebar

Clone this wiki locally