Improvement to allow multiple values for restriction on user creation

[kkiiskin]

At the moment you can restrict user creation based on one AD-field and one value.

It would be better to be possible to select multiple fields and/or multiple values for one field.

For my own purposes, I enter multiple values separated by commas. Then I changed main.php in local/o365/classes/feature/usersync/ to explode it in array: $values = explode(',', $restriction['value']);

and then changed the following line in the same file if ($aaddata[$restriction['remotefield']] === $restriction['value']) { into -> if (in_array($aaddata[$restriction['remotefield']], $values)) {

[jamesmcq]

@kkiiskin Sounds interesting - if you'd like to send what you have as a pull request to this repo, I can take a look and put it in consideration for a future version.

[FatherOSam]

I would also like an option to exclude our onmicrosoft accounts from the sync So perhaps a better restrictions page/s options.

We have around 5 different domains synced to one AZURE domain and would like to include all with emails that meet the 5 different extensions or just exclude the administrative domains

[MH-ES]

Also would find this feature useful. Regex solves some of these problems on the new release but would be nice to be able to restrict based on multiple fields such as email and department.

@FatherOSam You can use regex on 35_stable to achieve what you need.

[mmulrthelp]

A feature to add multiple groups would be good. as we'd like to add 'All-Students' and 'All-Staff', AAD group size is limited to 50,000 per group : https://office365.uservoice.com/forums/264636-general/suggestions/16510204-azure-ad-groups-with-more-than-50-000-users

[jamesmcq]

Hi All - we've had a few requests for different improvements to user creation restrictions so I've created a project to keep things organized. I'll keep you updated as we further examine what we can do here.

[Teteia]

Hi,

are there any news here? If I set an office 365 group membership, does new people in the group automaticly appear after a sync? what should i enter in the field value the group name or the object id eq. (a108b686-b782-41ee-9a9e-b5a147c74111)

Or can I only sync everbody that use domain 1 and 2 of us eq. dtmd.eu and stud.dtmd.eu ?

Thanks :)

[nenorojas]

Hi @Teteia ,

For the Office 365 Group Membership you need to enter the field value of the group name.

You can only sync users from main tenant.

We will review enhancement request to add multiple restrictions fields using as reference how Add Mapping works.

Regards

[kkiiskin]

Hi @nenorojas

is there a reason why regular expression is not available when using the 'Microsoft 365 Group Member' option in the restriction?

[nenorojas]

Hi @kkiiskin,

I've consulted with @weilai-irl and it’s to do with how groups are searched using Graph API, the only search option available is using the filter parameter, which is described at https://docs.microsoft.com/en-us/graph/query-parameters#filter-parameter.

The operator types supported is limited, and we are using “eq”. For all other restriction types, we get the profile of the user from Azure AD, and apply the regex on the selected field locally, in Moodle, using PHP. Theoretically we could do the same for the group restriction, but this may cause performance issue.

Regards

[kkiiskin]

Hi @audrieMSFT

this issue can be closed , the original problem is solved nowadays by using the regexp option