DokuWiki

It's better when it's simple

User Tools

Site Tools


plugin:authpdo:moodle

Moodle e-learning system

Configuration for authpdo plugin to authenticate with Moodle e-learning system.

Scenario

  • Basic authentication only.
  • Groups are read from Moodle's cohorts.
  • No user modification/adding. This assumes that all user/group accounts will be created and maintained through Moodle.
  • My “real world” scenario: School with fully working Moodle and 2 DokuWiki's:
    1. DokuWiki for documenting the school's internal curriculum
      → All Moodle users can login to DokuWiki, all cohorts are represented as groups.
    2. DokuWiki as CMS for the homepage of our school
      → Only group of Moodle users can login to DokuWiki, only part of cohorts are represented as groups.

Working with 2016-06-26a “Elenor of Tsort” and Moodle 3.0.5 based on Ubuntu 16.04.1 PHP 7.0 and MySQL 5.7.13.

:!: Warning: Moodle versions prior to 2.5 use MD5 hash with site wide salt.
This old hash scheme is currently not supported. Please upgrade Moodle to newer version.

Prerequisites

  • Access to your DokuWiki files via SSH or FTP.
  • :!: Backup of [yourdokuwiki]/conf/local.php!
  • Access to MySQL database containing all Moodle data (host, database, user, password).
  • Access to Moodle as “Administrator” (or equivalent role).

Approach

Moodle's internal user and cohort (group) management is quite flexible and thus complicated. To avoid errors in the plugin configuration I decided to add two new views in the database representing the needed data only. This way authpdo's configuration remains still readable.

As a side effect you can check your SELECT-Statements very carefully before connecting DokuWiki's authpdo to Moodle.

Adding views to Moodle database

Login to your MySQL database via command line, PHPMyAdmin, MySQL-Workbench or your other tool.

Execute the following commands:

Select Moodle's database

(don't forget to replace “moodle” with your name):

USE moodle;

Create view "dwusers" for user data:

CREATE VIEW `dwusers` AS
    SELECT 
        `user`.`username` AS `user`,
        `user`.`password` AS `hash`,
        CONCAT(`user`.`firstname`,
                ' ',
                `user`.`lastname`) AS `name`,
        `user`.`email` AS `mail`
    FROM
        `user`
    WHERE
        ((`user`.`username` <> 'guest')
            AND (`user`.`deleted` = 0)
            AND (`user`.`suspended` = 0));

Create view "dwgroups" for user groups:

CREATE VIEW `dwgroups` AS
    (SELECT 
        `u`.`username` AS `user`,
        `c`.`name` AS `group`
    FROM
        ((`user` `u`
        JOIN `cohort` `c`)
        JOIN `cohort_members` `cm`)
    WHERE
        ((`u`.`username` <> 'guest')
            AND (`u`.`deleted` = 0)
            AND (`u`.`suspended` = 0)
            AND (`u`.`id` = `cm`.`userid`)
            AND (`cm`.`cohortid` = `c`.`id`))) 
 UNION 
    (SELECT 
        `user`.`username` AS `login`, 'user' AS `group`
    FROM
        `user`
    WHERE
        ((`user`.`username` <> 'guest')
            AND (`user`.`deleted` = 0)
            AND (`user`.`suspended` = 0)));

Check for success:

SELECT * FROM dwusers;
 
SELECT * FROM dwgroups;

should give you something like this:

user hash name mail
kuhmann $2y$10$iYaw8J… Uwe Kuhmann kuhmann@moodle.myschool.de
donald.duck $2y$10$0NxTRU… Donald Duck donald.duck@moodle.myschool.de

and

user group
kuhmann user
kuhmann teacher
donald.duck user

As you see, all Moodle users are member of group “user” automatically.1) Group management is done now by creating global cohorts in Moodle and adding Moodle users matching your needs.

Plugin configuration

Common settings

Option 'debug' should be enabled for error messages at first. After success disable it.

Option 'dsn'

mysql:host=localhost;dbname=moodle;charset=utf8

Option 'user'

mysqlmoodleuser

Option 'pass'

mysqlmoodleusersecret

Don't forget to adjust the core settings:


Scenario 1

All Moodle users can login and all Moodle cohorts are DokuWiki groups too:

Option 'select-user'

SELECT * 
 FROM `dwusers`
  WHERE `login` = :user

Option 'select-user-groups'

SELECT `group` 
 FROM `dwgroups`
  WHERE `login` = :user

That's it. Save configuration and re-login. Good luck!


Scenario 2

Here only members of a special cohort can login to DokuWiki and only some Moodle cohorts are DokuWiki groups. In my example I use the prefix “hp”2) for the relevant cohort names. You could use “dw” instead.

Create Moodle cohorts named “hpusers”3), “hpadmin”, “hpblog” and so on. Add Moodle users to these cohorts matching your needs.

:!: Cohort “hpusers” has to have one member at least - the admin user!

After this:

Option 'select-user'

SELECT `u`.`user` AS `user`,
       `u`.`name` AS `name`, 
       `u`.`hash` AS `hash`,
       `u`.`mail` AS `mail`
  FROM (`dwusers` `u` 
         JOIN `dwgroups` `g`)
 WHERE ((`u`.`user` = :user)
           AND (`u`.`user` = `g`.`user`)
           AND (`g`.`group` = 'hpusers'))

Option 'select-user-groups'

SELECT SUBSTRING(`group`,3) AS `group`
  FROM `dwgroups`
 WHERE ((`user` = :user)
           AND (`group` LIKE 'hp%'))

:!: Warning again: Your admin MUST be a member of the Moodle cohort “hpusers”, otherwise he can't login anymore!

Discussion

1)
If you don't need this, you can delete the UNION (…) part from the “dwgroup” view.
2)
hp for homepage
3)
Required!
plugin/authpdo/moodle.txt · Last modified: 2016-08-04 08:54 by uwe.kuhmann