Note: You are currently viewing documentation for Moodle 2.4. Up-to-date documentation for the latest stable version of Moodle may be available here: LDAP enrolment.

LDAP enrolment

From MoodleDocs
Revision as of 11:56, 6 April 2007 by chris collman (talk | contribs) (→‎LDAP Enrollment HOWTO (by Lars Jensen): minor Put in caps to help)

LDAP Enrollment HOWTO (by Lars Jensen)

This describes how to set up LDAP enrollment in Moodle. LDAP enrolment works best in Moodle when used in conjunction with LDAP authentication, and we're going to assume that you have already set Moodle up for LDAP authentication.

Assumptions

  1. You are running a recent version of Moodle. We have tested the setup presented here on versions 1.5.2+ and 1.6dev. It is likely to work on Moodle 1.4.5 as well.
  2. You are using LDAP authentication as your primary authentication method.
  3. Each user in has a uid attribute in the users LDAP record, that matches the “ID number” in the same users Moodle profile (this can easily be arranged with a mapping on the Moodle LDAP Authentication setup page).

The Course Setup

Our setup involves the following course and user definitions:

  • Two courses, Math101 and Eng201.
  • Two teachers, TeacherA and TeacherB.
  • Three students, StudentD, StudentE, and StudentF.
  • StudentD and StudentE are enrolled as students in Math101, and TeacherA is enrolled as teacher of Math101. StudentE and StudentF are enrolled as students in Eng201, and TeacherA and TeacherB are both enrolled as teachers of Eng201.

The LDAP Container Setup

  1. Define two LDAP containers ou=StudentEnrollment and ou=TeacherEnrollment
  2. For each course we define an LDAP group entry (e.g a posixGroup entry) in the StudentEnrollment and TeacherEnrollment containers. Thus, we define a Math101 posixGroup under StudentEnrollment, and we define a Math101 posixGroup under TeacherEnrollment. We define the two Eng201 groups in a similar way.
  3. Enroll students and teachers as members of in the LDAP-groups we just defined. This is done by entering the users uid attribute in the memberUid attribute of the relevant group:
    • TeacherA is a member of the Math101 group under TeacherEnrollment.
    • StudentD and StudentE are a members of the Math101 group under StudentEnrollment.
    • TeacherA and TeacherB are members of the Eng201 group under TeacherEnrollment
    • StudentE and StudentF are a members of the Eng201 group under StudentEnrollment.

The LDAP Enrollment Configuration in Moodle

The LDAP enrollment settings in Moodle corresponding to the above setup are as follows:

LDAP Enrollment Variable: Value:
enrol_ldap_student_contexts: ou=StudentEnrollment,dc=ldapserver,dc=tmcc,dc=edu
enrol_ldap_student_memberattribute: memberUid
enrol_ldap_teacher_contexts: ou=TeacherEnrollment,dc=ldapserver,dc=tmcc,dc=edu
enrol_ldap_teacher_memberattribute: memberUid
enrol_ldap_objectclass: posixGroup
enrol_ldap_course_idnumber: cn
enrol_ldap_course_shortname: cn
enrol_ldap_course_fullname: cn
enrol_ldap_autocreate: Yes

Additionally, since you are using LDAP authentication, you should also map the Moodle "ID number" of users to the "uid" in the ldap entry of the user. This is done on the Moodle LDAP Authentication page (not the LDAP Enrollment page).

Notes:

  1. You do not need to create the courses manually in Moodle. If they don't exist, they will be created when the first enrolled user login.
  2. We are using the same string cn and uid in a users LDAP record. This is not necessary, I believe. However, if you use different values, you will need to define the ldap_user_attribute to uid in the LDAP authentication setup.
  3. The value of the group id number (gidNumber) defined for the groups in step 2 of the LDAP Container Setup above is not critical. It is not used in this setup.
  4. The attached .ldif file assumes that users are in the ou=People container in LDAP. You will need to configure your LDAP Authentication setup to reflect this (ldap_contexts variable).
  5. User passwords for this setup are defined in the attached .ldif file.
  6. If you use the attached .ldif file, you'll need to edit the ldap server information (the "dn=" lines).

See also