Authentication

James,

idnumber is (afaik) meant to store the external db unique identifier. If you use it that way, you will want to block users from changing their idnumber (something you can do with my latest ldap and auth patches).

In that case you can use their current student number as their moodle username, instead of creating a new arbitrary username (and deal with name collision and all the hoopla.

That's what we are doing for Open Polytechnic of NZ (part of nzvle). The moodle username is actually the student id from the student management system. Knowing that this is sometimes hard to remember, I am letting users put their email address in the login box (and we do an email lookup).

The customizations we do as part of the NZVLE project are world-viewable at
http://lists.eduforge.org/cgi-bin/archzoom.cgi/arch-eduforge@catalyst.net.nz--2004-MIRROR/moodle--eduforge--1.3.3

The patch that achieves this is patch-31 (click on the [cset] link, then on the [+] to see the diffs).

This makes Moodle a little bit less secure. Standard moodle is very discreet about usernames, so for someone to impersonate you they will have to guess (or watch you type or sniff on the netwoek) your username and password. If knowing your email equals knowing your username, there's a bit less security. Just a minor thing though, in many enviroments, the usernames are well known for other reasons.

Lastly, if you really need another field to store the external id number, add a field to the mdl_user table, and patch the auth module a bit to store that extra bit of data. Petri has been known to do this with the ldap module ;)

cheers,





martin