Note: You are currently viewing documentation for Moodle 3.7. Up-to-date documentation for the latest stable version of Moodle may be available here: LDAP enrolment.

LDAP enrolment: Difference between revisions

From MoodleDocs
Line 88: Line 88:
==Other LDAP Layout==
==Other LDAP Layout==


I do suggest to create a new LDAP object, say <TT>moodleCourse</TT>, which contains all information,&amp; members of the course, including teachers, students a.s.o. For instance (OpenLDAP):
I do suggest to create a new LDAP object, say <TT>Communicative-Competence-On-Line</TT>, which contains all information,&amp; members of the course, including teachers, students a.s.o. For instance (OpenLDAP):
<pre>
<pre>
attributetype ( oidAttrBase:44 NAME ( 'teacherUid' ) SUP memberUid
attributetype ( oidAttrBase:44 NAME ( 'Communicative-Competence-On-Line' ) SUP memberUid
         DESC 'which person is a teacher of this course'
         DESC 'which person is a teacher of this course'
     )
     )




objectclass ( oidObjRoot:14 NAME 'moodleCourse' SUP top STRUCTURAL
objectclass ( oidObjRoot:14 NAME 'Communicative-Competence-On-Line' SUP top STRUCTURAL
         DESC 'course available in Moodle'
         DESC 'course available in Moodle'
         MUST ( cn  )
         MUST ( cn  )
Line 111: Line 111:


objectclass    ( 1.2.1.1.1.1.1.1
objectclass    ( 1.2.1.1.1.1.1.1
                 NAME 'moodleCourse'
                 NAME 'Communicative-Competence-On-Line'
                 SUP top STRUCTURAL
                 SUP top STRUCTURAL
                 DESC 'course available in Moodle'
                 DESC 'course available in Moodle'

Revision as of 22:21, 11 February 2014

This page requires updating. Please do so and remove this template when finished.


Location: LDAP edit settings link in Site administration > Plugins > Enrolments > Manage enrol plugins


How to set up LDAP enrollment

This describes how to set up Lightweight Directory Access Protocol (LDAP) enrollment in Moodle (first written by Lars Jensen). LDAP enrolment works best in Moodle when used in conjunction with LDAP authentication, and we're going to assume that you have already set Moodle up for LDAP authentication.

Assumptions

  1. You are running a recent version of Moodle.
  2. You are using LDAP authentication as your primary authentication method.
  3. Each user in has a uid attribute in the users LDAP record, that matches the “ID number” in the same users Moodle profile (this can easily be arranged with a mapping on the Moodle LDAP Authentication setup page - for Active Directory, use 'distinguishedName', without the quotes)

The Course Setup

Our setup involves the following course and user definitions:

  • One courses, Communicative-Competence-On-Line.
  • Two teachers, TeacherA and TeacherB.
  • 70 students are enrolled as students in Communicative-Competence-On-Line, and TeacherA and TeacherB are both enrolled as teachers of Communicative-Competence-On-Line.

The LDAP Container Setup

  1. Define two LDAP containers ou=StudentEnrollment and ou=TeacherEnrollment
  2. For the course we define an LDAP group entry (e.g a posixGroup entry) in the StudentEnrollment and TeacherEnrollment containers. Thus, we define a Communicative-Competence-On-Line posixGroup under StudentEnrollment, and we define a Communicative-Competence-On-Line posixGroup under TeacherEnrollment. Be careful, the name of the posixGroup has to match the Course ID number of the Moodle course. Do not use the course short name, it will not work.
  3. Enroll students and teachers as members of in the LDAP-groups we just defined. This is done by entering the users uid attribute (idnumber) in the memberUid attribute of the relevant group:
    • TeacherA is a member of the Communicative-Competence-On-Line group under TeacherEnrollment.
    • Student 1-70 are a members of the Communicative-Competence-On-Line group under StudentEnrollment.
    • TeacherA and TeacherB are members of the Communicative-Competence-On-Line group under TeacherEnrollment


The LDAP Enrollment Configuration in Moodle

The LDAP enrollment settings in Moodle corresponding to the above setup are as follows:

LDAP Enrollment Variable: Value:
enrol_ldap_student_contexts: ou=StudentEnrollment,dc=ldapserver,dc=tmcc,dc=edu
enrol_ldap_student_memberattribute: memberUid (use 'member' -without the quotes- for Active Directory)
enrol_ldap_teacher_contexts: ou=TeacherEnrollment,dc=ldapserver,dc=tmcc,dc=edu
enrol_ldap_teacher_memberattribute: memberUid (use 'member' -without the quotes- for Active Directory)
enrol_ldap_objectclass: posixGroup (use 'group' -without the quotes- for Active Directory)
enrol_ldap_course_idnumber: cn
enrol_ldap_course_shortname: cn
enrol_ldap_course_fullname: cn
enrol_ldap_autocreate: Yes

Additionally, since you are using LDAP authentication, you should also map the Moodle "ID number" of users to the "uid" in the ldap entry of the user. This is done on the Moodle LDAP Authentication page (not the LDAP Enrollment page).

Automatic course creation

Courses can be created automatically if there are LDAP enrolments to a course that doesn't yet exist in Moodle. To enable this, set enrol_ldap_autocreate to Yes.

enrol_ldap_category field sets the category for the automatically created courses.

enrol_ldap_template field can contain the shortname of a course that is used as a template in the automatic course creation.

Notes:

  1. You do not need to create the courses manually in Moodle. If they don't exist, they will be created when the first enrolled user login.
  2. We are using the same string cn and uid in a users LDAP record. This is not necessary, I believe. However, if you use different values, you will need to define the ldap_user_attribute to uid in the LDAP authentication setup.
  3. The value of the group id number (gidNumber) defined for the groups in step 2 of the LDAP Container Setup above is not critical. It is not used in this setup.
  4. The attached .ldif file assumes that users are in the ou=People container in LDAP. You will need to configure your LDAP Authentication setup to reflect this (ldap_contexts variable).
  5. User passwords for this setup are defined in the attached .ldif file.
  6. If you use the attached .ldif file, you'll need to edit the ldap server information (the "dn=" lines).

Other LDAP Layout

I do suggest to create a new LDAP object, say Communicative-Competence-On-Line, which contains all information,& members of the course, including teachers, students a.s.o. For instance (OpenLDAP):

attributetype ( oidAttrBase:44 NAME ( 'Communicative-Competence-On-Line' ) SUP memberUid
        DESC 'which person is a teacher of this course'
    )


objectclass ( oidObjRoot:14 NAME 'Communicative-Competence-On-Line' SUP top STRUCTURAL
        DESC 'course available in Moodle'
        MUST ( cn  )
        MAY ( owner $ gn $ sn $ seeAlso $ description $ memberUid $ teacherUid )
        )

Note: Openldap 2.x will need something like:

attributetype   ( 1.2.1.1.1.1.2.1 NAME 'teacherUid'
                SUP memberUid
                DESC 'which person is a teacher of this course'
                EQUALITY caseExactIA5Match
                SUBSTR caseExactIA5SubstringsMatch
                SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

objectclass     ( 1.2.1.1.1.1.1.1
                NAME 'Communicative-Competence-On-Line'
                SUP top STRUCTURAL
                DESC 'course available in Moodle'
                MUST ( cn  )
                MAY ( owner $ gn $ sn $ seeAlso $ description $ memberUid $ teacherUid )
                )

The configuration is like this, in bold you see required changes, in italic you see useful changes.

LDAP Enrollment Variable: Value:
enrol_ldap_student_contexts: ou=moodle,ou=groups,dc=ldapserver,dc=tmcc,dc=edu
enrol_ldap_student_memberattribute: memberUid
enrol_ldap_teacher_contexts: ou=moodle,ou=groups,dc=ldapserver,dc=tmcc,dc=edu
enrol_ldap_teacher_memberattribute: teacherUid
enrol_ldap_objectclass: moodleGroup
enrol_ldap_course_idnumber: cn
enrol_ldap_course_shortname: givenname
enrol_ldap_course_fullname: sn
enrol_ldap_course_summary: description
enrol_ldap_autocreate: Yes

Note: The enrol_ldap_course_idnumber (cn in my setup) is used to identify the course by the LDAP enrolment script and the database uses an INTEGER numeric here, in Moodle v1.8 anyway. When you call cd enrol/ldap/ && php -f enrol_ldap_sync.php any course with the same idnumber is updated, hence, it is quite important for the LDAP synchronisation and needs to be unique.

Sample of an moodleCourse LDAP object:

dn: cn=851,ou=moodle,ou=groups,dc=ldapserver,dc=tmcc,dc=edu
objectClass: moodleCourse
cn: 851
givenName: LV851
sn: 2007S/Introduction to Moodle
description: Jahr: 2007 Sommer, <A TARGET=_blank HREF="https://other_server/display/851">Announcement</A>
teacherUid: userA
memberUid: user1

In the same fashion one can add all the other role mappings.

See also

Using Moodle forum discussions: