Friday, October 06, 2006

Stupid Moodle Tricks - Setting up LDAP

For our Moodle install, we wanted to set up the passwords so that a user can immediately log in to Moodle without setting up a separate Moodle account. To accomplish this, Ta used the LDAP authentication tool built into Moodle. The original instructions are listed at http://moodle.org. Go to the Administrator documentation.

When using this process – it is CRUCIAL to have the network guru with you.
Hint: Network gurus like food. Being extra nice to the network guru is also a good general policy. If you have not been nice to the network guru, or don’t know one – time to go make friends.

After the approval by the senior management and completion of course configuration, we are going to try and get the system to auto-login from our Intranet site so, if they are in the building, they won’t have to log in twice.

The administrative area in Moodle explains each of the fields in detail. Since we don't want to get hacked - I am changing some of the site-specific settings to generics.

Ta's techie notes follow:

- Under the authentication method, we chose Use an LDAP Server.

LDAP Server Settings
- ldap_host_url: clntldap.ourorg.com The comments next to this field tell you to add ldap:// or ldaps://. We found that wasn’t necessary. Talk to the network guru for these settings
- ldap_version: 2 We are using LDAP protocol version 2. Put in your appropriate version.

Bind settings
- ldap_preventpassindb: Yes This field prevents passwords from being stored in the Moodle database. Very important!
- ldap_bind_dn: cn=grpwise, o=ourorg We are using our Groupwise system in our cn field. You will need to talk to your network guru for these settings
- ldap_bind_pw: werenottelling This password should be EXTRA secure and hard to guess. Numbers in random spots don’t hurt. And make sure your network guru knows this password and places it in his/her password library.

User lookup settings
- ldap_user_type: Novell Edirectory Our organization uses Novell’s eDirectory
- ldap_contexts: ou=it, o=ourorg We are starting the pilot by allowing access only to those in the IT group of network users. Keeps the riff-raff out while we configure and test the system.
- ldap_search_sub: Yes We have subcontexts set up within our user directory and want Moodle to search those for authentication. Ask your network guru what the appropriate setting should be for your organization
- ldap_opt_deref: No We don’t want our system to use aliases when looking for users
- We left the optional fields blank.

Force change password
- Force change password: No
- Use standard change password page: No
We want any password changes to occur through our network. When the network password changes, the Novell password changes.

LDAP password expiration settings
- ldap_expiration: LDAP Moodle will check our LDAP to see if the password expired
- ldap_expiration_warning: 10 We currently have it set for 10 days – like our network ID. We may change our mind.
- ldap_expireattr: left blank
- ldap_gracelogins: No We decided not to do grace login support for Moodle.
- ldap_graceattr:left blank

Enable User Creation
- ldap_create_context: left blank

Course creators
- ldap_creators: Left blank. We only want the administrator (me) to create courses.

Data Mapping – We activated and used the default for the following fields:
- First Name
- Surname
- E-mail address
- Phone 1
- Phone 2 (used Mobile)
- Department

All other settings left blank.

1 comment:

Anonymous said...

how did you get the e-mail address to pass through to moodle? I have tried mail and userPrincipalName to no avail???