|
|
| (No se muestran 15 ediciones intermedias de 5 usuarios) |
| Línea 1: |
Línea 1: |
| <p class="note">'''Nota:''' Pendiente de Traducir. ¡Ánimo Voluntarios!.</p> | | <p class="note">'''Nota:''' Pendiente de Traducir. ¡Anímese a traducir esta página!. |
| =Autentificación LDAP =
| | ([[Especial:Whatlinkshere/Plantilla:Pendiente_de_traducir| y otras páginas pendientes]])</p> |
| Este documento describe cómo establecer una autentificación LDAP en Moodle. Puede encontrar un Escenario Básico([[LDAP_authentication#Basic_Scenario|Basic Scenario]]), en el cuál todo es simple y avanzar, y eso será suficiente en la mayoría de las instalaciones. Si su instalación es un poco más grande y utiliza múltiples servidores LDAP, o múltiples localizaciones( contextos) para sus usuarios en su árbol LDAP, entonces tiene que explorar Escenarios Avanzados([[LDAP_authentication#Advanced_Scenarios|Advanced Scenarios]]).
| |
|
| |
|
| '''Tabla de contenidos'''[esconder]
| | <includeonly>[[Categoría:Pendiente de traducir]]</includeonly> |
| | | <noinclude>Esta plantilla categorizará artículos que se incluyen en la categoría [[:Categoría:Pendiente de traducir|Pendiente de traducir]].</noinclude> |
| * 1 Escenario básico
| |
| o 1.1 Suposiciones
| |
| o 1.2 Configurando la autentificación moodle
| |
| * 2 Escenarios avanzados
| |
| o 2.1 Utilizando múltiples servidores LDAP
| |
| o 2.2 Utilizando múltiples localizaciones de usuario (contextos) en su árbol LDAP
| |
| * 3 Apéndices
| |
| * 4 Ver también
| |
| | |
| =Escenario Básico=
| |
| ==Suposiciones==
| |
| 1. La dirección en internet de su sitio moodle es http://su.sitio.moodle/
| |
| 2. Tiene configurada su instalación PHP con la extensión LDAP. Está cargada y activada, y se muestra cuando va a http://su.sitio.moodle/admin/phpinfo.php (identificándose (log in)como 'admin').
| |
| 3. La dirección IP de su servidor LDAP es 192.168.1.100 .
| |
| 4. No utiliza LDAP con SSL ( conocido como LDAPS) en sus especificaciones iniciales. Esto podría impedir ciertas operaciones(por ejemplo, no puede actualizar datos si utiliza el Directorio Activo MS -- MS-AD from here on --), pero funcionaría si únicamente quiere autentificar sus usuarios.
| |
| 5. No quiere que sus usuarios cambien sus contraseñas (passwords) la primera vez que se registren (log in)en Moodle.
| |
| 6. Está utilizando un dominio simple como fuente de sus datos de autentificación, en caso de que esté utilizando MS-AD( más adelante en los Apéndices).
| |
| 7. Está utilizando un nivel superior de DN (de dc=mi,dc=organizacion,dc=dominio)como raíz de su árbol LDAP.
| |
| 8. Tiene una no-privilegiada cuenta de usuario LDAP que utilizará para enlazar con el servidor LDAP. Esto no es necesario con ciertos servidores LDAP, pero MS-AD requiere ésto y no estará de más utilizarlo incluso si su servidor LDAP no lo necesita. Asegúrese de que la cuenta y contraseña son válidas, y haga a su contraseña tan segura como le sea posible. Recuerde que sólo necesita teclearla una vez, cuando configura Moodle, procure que no sea conocida. Let's say this user account has a DN of cn=ldap-user,dc=my,dc=organization,dc=domain, and password hardtoguesspassword.
| |
| 9. All of your Moodle users are in an organizational unit (OU) called moodleusers, which is right under you LDAP root. That OU has a DN of ou=moodleusers,dc=my,dc=organization,dc=domain.
| |
| 10. You don't want your LDAP users' passwords to be stored in Moodle at all.
| |
| | |
| [editar] | |
| Configuring Moodle authentication
| |
| | |
| Log in as an admin user and go to Administration >> Users >> Authentication. In the drop down listbox titled "Choose an authentication method" select "Use an LDAP Server". You will get a page similar to this one:
| |
| | |
| | |
| Imagen:auth ldap config screenshot.jpg
| |
| | |
| | |
| Now, you just have to fill in the values. Let's go step by step.
| |
| | |
| Field name Value to fill in
| |
| ldap_host_url As the IP of your LDAP server is 192.168.1.100, type "ldap://192.168.1.100" (without the quotes).
| |
| ldap_version Unless you are using a really old LDAP server, version 3 is the one you should choose.
| |
| ldap_preventpassindb As you don't want to store the users's password in Moodle's database, choose Yes here.
| |
| ldap_bind_dn This is the distinguished name of the bind user defined above. Just type "cn=ldap-user,dc=my,dc=organization,dc=domain" (without the quotes).
| |
| ldap_bind_pw This is the bind user password defined above. Type "hardtoguesspassword" (without the quotes).
| |
| ldap_user_type Choose:
| |
| | |
| * Novel Edirectory if your LDAP server is running Novell's eDdirectory.
| |
| * posixAccount (rfc2307) if your LDAP server is running a RFC-2307 compatible LDAP server (choose this is your server is running OpenLDAP).
| |
| * posixAccount (rfc2307bis) if your LDAP server is running a RFC-2307bis compatible LDAP server.
| |
| * sambaSamAccount (v.3.0.7) if your LDAP server is running with SAMBA's 3.x LDAP schema extension and you want to use it.
| |
| * MS ActiveDirectory if your LDAP server is running Microsoft's Active Directory (MS-AD)
| |
| | |
| ldap_contexts The DN of the context (container) where all of your Moodle users are found. Type ou=moodleusers,dc=my,dc=organization,dc=domain here.
| |
| ldap_search_sub If you have any sub organizational units (subcontexts) hanging from ou=moodleusers,dc=my,dc=organization,dc=domain and you want Moodle to search there too, set this to yes. Otherwise, set this to no.
| |
| ldap_opt_deref Sometimes your LDAP server will tell you that the real value you are searching for is in fact in another part of the LDAP tree (this is called an alias). If you want Moodle to 'dereference' the alias and fetch the real value from the original location, set this to yes. If you don't want Moodle to dereference it, set this to no. If you are using MS-AD, set this to no.
| |
| ldap_user_attribute The attribute used to name/search users in your LDAP tree. This option takes a default value based on the ldap_user_type value you choosed above. So unless you need something special, you don't need to fill this in.
| |
| | |
| By the way, it's usually cn (Novell eDirectory and MS-AD) or uid (RFC-2037, RFC-2037bis and SAMBA 3.x LDAP extension), but if you are using MS-AD you could use sAMAccountName (the pre-Windows 2000 logon account name) if you need too.
| |
| ldap_memberattribute The attribute used to list the members of a given group. This option takes a default value based on the ldap_user_type value you choosed above. So unless you need something special, you don't need to fill this in.
| |
| | |
| By the way, the usual value is member.
| |
| ldap_objectclass The type of LDAP object used to search for users. This option takes a default value based on the ldap_user_type value you choosed above. So unless you need something special, you don't need to fill this in.
| |
| | |
| Here are the default values for each of the ldap_user_type values:
| |
| | |
| * User for Novel eDirectory
| |
| * posixAccount for RFC-2037 and RFC-2037bis
| |
| * sambaSamAccount for SAMBA 3.0.x LDAP extension
| |
| * user for MS-AD
| |
| | |
| Force change password Set this to Yes if you want to force your users to change their password on the first login into Moodle. Otherwise, set this to no. Bear in mind the password they are forced to change is the one stored in your LDAP server.
| |
| | |
| As you don't want your users to change their passwords in their first login, leave this set to No
| |
| Use standard Change Password Page
| |
| | |
| * Setting this to Yes makes Moodle use it's own standard password change page, everytime users want to change their passwords.
| |
| * Setting this to No makes Moodle use the the page specified in the field called "Change password URL" (at the bottom of the configuration page).
| |
| | |
| Bear in mind that changing your LDAP passwords from Moodle might require a LDAPS connection (this is true at least for MS-AD).
| |
| | |
| Also, code for changing passwords from Moodle for anything but Novell eDirectory is almost not tested, so this may or may not work for other LDAP servers.
| |
| ldap_expiration
| |
| | |
| * Setting this to No will make Moodle not to check if the password of the user has expired or not.
| |
| * Setting this to LDAP will make Moodle check if the LDAP password of the user has expired or not, and warn her a number of days before the password expires.
| |
| | |
| Current code only deals with Novell eDirectory LDAP server, but there is a patch floating around to make it work with MS-AD too (search in the authentication forum).
| |
| | |
| So unless you have Novell eDirectory server (or use the patch), choose No here.
| |
| ldap_expiration_warning This value sets how many days in advance of password expiration the user is warned that her password is about to expire.
| |
| ldap_exprireattr The LDAP user attribute used to check password expiration. This option takes a default value based on the ldap_user_type value you choosed above. So unless you need something special, you don't need to fill this in.
| |
| ldap_gracelogins This setting is specific to Novell eDirectory. If set to Yes, enable LDAP gracelogin support. After password has expired the user can login until gracelogin count is 0.
| |
| | |
| So unless you have Novell eDirectory server and want to allow gracelogin support, choose No here.
| |
| ldap_graceattr This setting is currently not used in the code (and is specific to Novell eDirectory).
| |
| | |
| So you don't need to fill this in
| |
| ldap_create_context
| |
| ldap_creators
| |
| First name
| |
| Surname
| |
| Email address
| |
| [editar]
| |
| Advanced Scenarios
| |
| [editar]
| |
| Using multiple LDAP Servers
| |
| [editar]
| |
| Using multiple user locations (contexts) in your LDAP tree
| |
| | |
| | |
| [editar]
| |
| Appendices
| |
| | |
| Talk about Global Catalog servers and MS Active Directory.
| |
| [editar]
| |
| Ver también
| |
| | |
| * Foro Using Moodle: User authentication
| |
| | |
| Obtenido de "https://docs.moodle.org/es/LDAP_authentication"
| |
| | |
| [[Category:Administrador]]
| |
| [[en:LDAP_authentication]]
| |
