In 2016 Lafayette College began maintaining the LDAP Syncing Scripts (
local_ldap) plugin after the tragic death of the previous maintainer, Patrick Pollet.
I didn’t know Patrick but he had a strong reputation in the Moodle community. I’m pleased to say that we made few substantive changes to his code. Most of the changes were simple updates, such as migrating the command-line/cron scripts to Moodle’s task infrastructure, and various nit-picky code standards issues which didn’t affect functionality.
The biggest lift was implementing PHPUnit test coverage for the plugin. I started out with the following requirements:
- Fully-scripted setup for OpenLDAP, so that the tests can run inside a continuous integration environment
- Test coverage for group synchronization
- Test coverage for attribute synchronization
I started this project by building an OpenLDAP environment inside Moodle Hat, the Vagrant development profile I maintain. Implementing a configuration in Puppet is good practice for wrestling with Travis.
Starting from scratch with OpenLDAP (every time!) presents certain challenges that you don’t encounter in a mature environment. A few I encountered:
- When you bootstrap OpenLDAP it has a completely empty schema. PHP’s ldap libraries can’t talk to it in that state. You have to populate it with some data, even if it’s completely arbitrary.
- Selection of backend databases matter. LDIF is the quick and easy path, but it doesn’t support pagination and Moodle will break in obscure ways. I chose
bdbbecause it’s available in most repositories and it worked.
- When you’re setting a generic testing password in your slapd.conf you can just dump in
SomeArbitraryPlaintextPasswordand it’ll work. Don’t run in production! Or, really, anywhere that has state.
Once I’d worked through those issues Christian Weiske’s invaluable blog post provided everything I needed for implementing on Travis.
LDAP Syncing Scripts leverages Moodlerooms’ excellent moodle-plugin-ci plugin for travis-ci integration, with a few tweaks. The full travis-ci.yml file is visible on the GitHub repository; let me walk through a few things.
We need the
ldap-utils packages installed. To use Moodle’s built-in LDAP PHPUnit testing we need to define the location of the test server in the config file:
define("TEST_AUTH_LDAP_HOST_URL", "ldap://localhost:3389"); define("TEST_AUTH_LDAP_BIND_DN", "cn=admin,dc=example,dc=com"); define("TEST_AUTH_LDAP_BIND_PW", "password"); define("TEST_AUTH_LDAP_DOMAIN", "dc=example,dc=com");
We need to create an INI file to force PHP (in travis) to load the ldap extension, and a slapd.conf file to define how our OpenLDAP enviroment will function. The schema settings need to match what you added to Moodle’s
config.php. We start slapd and then, as the final step, import our default data. This data isn’t used, but it gets around the problem of an empty schema. Note that while this data is stored as an
ldif file for readability purpose, the backend is
The actual tests I derived from the tests for Moodle’s
auth_ldap plugin. The code is long but self-documenting. There are no particular gotchas, though I found it helpful to extend
auth_ldap_plugin_testcase instead of starting fresh.