Folks my issue is I currently use LDAP/NTLM authentication for single sign on. Folks login to their computers using smartcards and authenticate automatically to my Moodle server by simply landing on the page. Now I have the task of DUAL authenticating this server to a completely different AD forest AND put this server in a DMZ AND maintain the internal network autologin NTLM functionaility yet allow others outside our IP range to login using a differnt LDAP server (NON-NTLM) and utilize the server. I have seen other posts about allowing windows smb trafic from the DMZ and that is a NO GO. Thus the question is would it be better to use a separate moodle server in the DMZ and have it authenticate using the alternate LDAP server and simply create a peer relationship between the two servers? I need to consolidate the two database of users to ensure folks on the internal network (both user accounts would have same e-mail addy) ans those that use the external moodle would have a consolidated location. One thing everyone will have in common is the SAME e-mail on either side...Any suggestions? I also have the option of authenticating to Computer Associates Siteminder CAS. Anyone ever used this with moodle? If I can use siteminder, would I be able to use LDAP/NTLM as a secondary authentication mechanism? Appreciate any input!
-Michael