Integration Of Moodle with two Active Directories

Integration Of Moodle with two Active Directories

by Piyush Pandey -
Number of replies: 6

Hi guy's

i am facing a big problem in moodle regarding integration of Moodle with two Active Directories placed at different location's.

I am using user authentication thru these active directories by using LDAP Server.

But when i am placing the host URL, a common username and password in both the directories, List of contexts where users are located but i am unable to use both of them at a same time but when i am using only one directory then it is working fine.

can any one help me out in fixing this problem as it is very urgent for me and it is very critical too.

Average of ratings: -
In reply to Piyush Pandey

Re: Integration Of Moodle with two Active Directories

by Howard Miller -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers
I don't think you can. The only option I can think of is to "clone" the LDAP authentication module. You'll need to rename the directory (to say 'ldap2') and in at least one internal file too (auth/ldap/auth.php). I've never tried this, so I have no idea if it will work.

I suppose the other option is to combine to two directories externally.
Average of ratings: -
In reply to Howard Miller

Re: Integration Of Moodle with two Active Directories

by Iñaki Arenaza -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers

The only option I can think of is to "clone" the LDAP authentication module. You'll need to rename the directory (to say 'ldap2') and in at least one internal file too (auth/ldap/auth.php). I've never tried this, so I have no idea if it will work.

You need to rename a few more things. I did it yesterday, just as an exercise, and you need to rename everything that uses 'auth/ldap' (all the configuration settings), a couple of language strings and the field mapping and locking options (in config.html).

Other than that, it works as long as you don't have duplicate user names in your two AD domains. Of course you can always use the userPrincipalName (i.e., something like username@my.dns.ad.domain.name) attribute as the user name. That way usernames will be unique across domains.

If anyone is interested in this dirty hack I can publish a patch for 1.9.x or 1.8.x. (though a more general solution would be desirable).

Saludos. Iñaki.

Average of ratings: -
In reply to Iñaki Arenaza

Re: Integration Of Moodle with two Active Directories

by Howard Miller -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers
Yes, of course. All the config stuff is hard-coded to the auth method... shame that.

It's unfortunate that many versions ago, when multiple authentication was written that you couldn't choose the same method more than once. That would have been an order of magnitude more complex though sad
Average of ratings: -
In reply to Howard Miller

Re: Integration Of Moodle with two Active Directories

by Iñaki Arenaza -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers

I have a partial patch (been working on it on and off for the last two and a half years) to be able to do it. After the multi-authentication rework of 1.8 things have got a lot easier, but I keep being distracted by other flashy shiny projects smile and it's still unfinished... sad

Saludos. Iñaki.

Average of ratings: -
In reply to Iñaki Arenaza

Re: Integration Of Moodle with two Active Directories

by Dan Rez -

 Iñaki,

Could you please publish the hack for 1.9.x. Thanks. I find some posts on how to do it for 1.8.x, but for some reason it doesn't work for me. all I need is instructions on how to duplicate existing LDAP module and I think the table in the database also needs to be extended.

Average of ratings: -
In reply to Dan Rez

Re: Integration Of Moodle with two Active Directories

by Iñaki Arenaza -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers

Hi Dan,

sorry for the delay. I was on holiday last week and didn't see your message until today (the backlog was pretty big wink).

I'm attaching a zip file to this post with a copy of a second LDAP auth plugin directory (current as of today for 1.9.9+). You need to unzip the file and put the 'ldap2' directory under .../moodle/auth, just like the regular LDAP plugin.

Once you put it there, you'll see a second LDAP plugin, called "LDAP server (2)". You need to configure it like the regular one, set the preferred one above the other in the order setting screen, and you are done.

As I said in my old message, make really sure you don't have users in both LDAP servers with the same username. Otherwise Moodle will think they are the same user and you will have all kind of troubles.

Saludos. Iñaki.

Average of ratings: Useful (1)