Talk:LDAP authentication

Jump to: navigation, search

Note: You are currently viewing documentation for Moodle 2.0. Up-to-date documentation for the latest stable version is available here: LDAP authentication.

What is the version of Moodle does this apply

QUESTION: TO WHAT VERSION OF MOODLE DOES THE BULK OF THIS DOCUMENT APPLY? This should be explicitly stated. My guess so far is Moodle 1.6.

For example, the screenshot on this page does not seem to be from a Moodle 1.8 or 1.9 site. Also, in Moodle 1.8/1.9, Authentication is at Admin->Authentication->Manage Auth. by User:Jeffrey Silverman

Hi Jeffrey, I moved your question from the article page to here. Good comment, if you know the answer, I would like to know it. I did go down the path a little bit on this page (perpetual newbie) but I did not have an LDAP server to check this against, so I am as clueless as you. Best --chris collman 18:06, 12 November 2008 (CST)

I don't know the answer. Thanks for the clarification. I put that thing there as a banner because, IMO, the comments on pages are too "hidden" as they are really a separate page linked to in the tab interface idiom.

-- Jeff

Being sparse with banners, is sort of a convention in MoodleDocs. Placing comments is like putting an index at the back of a book. You have to know where to look :) Sometimes I will put in my summary when I edit an article page, "see page comments". Helen Foster designed {{Update}} back in 2006 which is sort of like {{stub}}. Please add Update template if you think it is appropriate. Sorry I did not give an alternative in my earlier post. There is a rough "style guide" if you are curious. I confess, I only look at it once in a while. Thanks again for calling attention to something which could be done better --chris collman 06:40, 14 November 2008 (CST)
The screenshot and the (just fixed) path to the LDAP settings page did apply to 1.6, but the rest of the page applies up to 1.9 (as almost everything has stayed the same, except for the NTLM SSO settings, that are described in the NTLM_authentication) page. Anyway, I've updated the page to reflect the 1.9 settings Iñaki Arenaza 17:29, 19 November 2008 (CST)

old comment

Really useful section, although would be good to explicitly state whether the ldap bind account password is stored securely in the Moodle DB.

It's stored in plain text. But you can make the ldap bind account a non-priviledged account. It just needs to be able to bind to the LDAP directoy and search for existing users (i.e., read only access). -- Iñaki Arenaza 17:30, 19 November 2008 (CST)

What about the sync script?

There is no mention of /auth/ldap/auth_ldap_sync_users.php

Why is it there? What is it for? Should it always be run? Is it obsolete? Is it only for some instances? (As in, specific LDAP settings)


I think versioning notes would help. As for the sync function it appears that after the 1.9 version the sync file is:
Is this correct could a note be added to reflect the change?

(The preceding unsigned comment was added by Chris Moore (talkcontribs) .)

Proposed page changes

People who don't know what LDAP is, probably will not be reading this page. I am close to being one of those people. It is a primary help page. I am looking at this page from the standpoint that it is hard to navigate and find things.

TOC trick

This page has lots of tables, which gives it a nice organized look. I have created a section called Table of Contents and forced the TOC to locate there, then put a link "Table of Contents" at the end of every table. --chris collman 07:36, 15 December 2008 (CST)

Create pages and move content

I think we also need to shorted this page. After reading wikipedia in in the context of Moodle LDAP, I think this is the structure.

  • Directory Services - this how user names, passwords stuff are found (Wonder if this would be a useful page for Newbies like me).
    • LDAP/OS 500 is the cross platform standard
      • Active Directory is the MS version of LDAP (started to draft this page)
        • Global catalog stuff is part of AD? (Added to AD page draft)
      • Samba has functions which can be used by Linux in cross platform communication. For example to provide LDAP-Active Directory communication
      • OpenLDAP another version of a Directory Service program.
      • Novell's NDS or eDirectory

Thus I think we should split out AD, Samba, and the other potential pages, with cross links back to this and other pages. I have "a +1" from Iñaki Arenaza who knows more than me, so is that a 2 of 500,000 majority? :)--chris collman 08:03, 15 December 2008 (CST) "Self", I said, " 2 comments is the equal to a landside approval rating. Besides there is always the rollback"--chris collman 10:25, 16 December 2008 (CST)

Question: Using LDAPS (LDAP + SSL) should that removed from this page? I put it on the Active Directory help section and copied the entire section to Active Directory--chris collman 10:25, 16 December 2008 (CST)

Chris, yes Global Catalog is part of AD :-) Regarding LDAPS, there are two sides to it: enabling it on the LDAP server side (and this part is server dependent, and we only show how to do it in Active Directory) and the client part (that depends on the operating system the Moodle server is running on, but not on the LDAP server type).
I would just move the LDAP specific part to the AD page, and leave the client part in this page. Iñaki Arenaza 14:15, 16 December 2008 (CST)
Done! Iñaki Arenaza 14:34, 16 December 2008 (CST)
Beautiful! Thanks --chris collman 17:37, 16 December 2008 (CST)

Global Catalog

Are there any advantages or disadvantages of connecting to the Active Directory Global Catalog? If there are, then they should be listed here.

In this post on the Using Moodle forum Iñaki said: “Bear in mind that not all of the attributes are replicated to the Global Catalog, but just a few. So I would recommend not using the Global Catalog server unless you really need to, but the standard Domain Controller AD service (port 389 without SSL or 636 with SSL).”

Microsoft, on the other hand, says this in their What Is the Global Catalog? Technet article: "Searches that are directed to the global catalog are faster because they do not involve referrals to different domain controllers."

Is Microsoft saying that it is better to use the global catalog? If so, what should we do? Which of the attributes that are not replicated to the Global Catalog might we need in Moodle?

--Luis de Vasconcelos 20:54, 25 October 2010 (UTC)

Luis, see my response at :-) Iñaki Arenaza 22:21, 25 October 2010 (UTC)