After reviewing the forums and playing around for days, I am unable to come to a solution.
LDAP works great for users to login against eDirectory.
I am now working on auto enrolling staff eDir accounts with the teacher role, and student eDir accounts with the student role.
I have not, and will not be, setting up groups for auto endrolling staff and students into courses and what-not. All I want to do is assign user roles.
My current structure:
o=Myorg
ou=school (this is where staff accounts are located)
ou=students (this is where student accounts are created)
What I currently have setup in SiteAdmin/Courses/Enrolments/LDAP
* Ldap Server Settings are correct so I won't list them here
* Role Mapping
* Teacher: ou=school,o=Myorg | Attribute: member
* Student: ou=student,ou=school,o=Myorg | Attribute: member
Everything else is blank.
Am I missing something? It appears that the attribute is talking about some kind of membership into a group, and all of my users are in some kind of group, but not all the same.
Also, I noticed it is requiring a valid idnumber field. I am unsure what that is for, the eDir user or something else?
I just started with Moodle a week ago, so bear with me, I'm trying my best!
Thanks,
Dan
We've got it working correctly here on campus; for eDir it requires some code hacks though. I've documented our changes in the Moodle issue tracker here: http://tracker.moodle.org/browse/MDL-20759 You can also vote on the issue there as well in order to get it bumped up in priority for getting worked on.
I see you are using it for class enrolment as well. Is there a way with your code to only assign teacher and student roles based on OU's? We are not going to be creating groups in eDirectory to assign anything.
Hmm, I'm not really sure. How did you intend on telling Moodle what courses the users would be in without using groups?
At this time, courses are not a primary concern. Only a few teachers will be providing classes in the next year and our Media Director will work with those teachers to setup the courses.
In the future, we use Infinite Campus for grading, so our IS department will most likely take over the role of porting in the class structure if needed.
Not sure if I mentioned already, but LDAP logins are working great. Each user that has an eDirectory account is able to login and their account get created, the only problem is that they all get created without a role (student/staff). I may just end up defaulting everyone to student and manually applying the other roles on a case by case basis if this doesn't work out.
In the future, we use Infinite Campus for grading, so our IS department will most likely take over the role of porting in the class structure if needed.
Not sure if I mentioned already, but LDAP logins are working great. Each user that has an eDirectory account is able to login and their account get created, the only problem is that they all get created without a role (student/staff). I may just end up defaulting everyone to student and manually applying the other roles on a case by case basis if this doesn't work out.
That would probably be the best. I don't know if there's a way to set system-wide roles for new users based on their LDAP context; it might involve some more Moodle hacking I'm guessing though 
I don't know what would happen if an entire group of professors was defaulted to "teacher" or an entire group of students was defaulted to "student;" I'm guessing that the students would be a "student" in all courses and the professors would all be "teachers" in all courses. Which definitely isn't ideal for us since we have about 6,000 courses and 37,000 users in the system
I don't know what your intentions are or what you use Moodle for, but that might not be the most ideal thing for your situation either unless you want all the students to be a "student" in all the courses; generally global roles aren't the best thing because they are truly "global."
I don't know what would happen if an entire group of professors was defaulted to "teacher" or an entire group of students was defaulted to "student;" I'm guessing that the students would be a "student" in all courses and the professors would all be "teachers" in all courses. Which definitely isn't ideal for us since we have about 6,000 courses and 37,000 users in the system
I don't know what your intentions are or what you use Moodle for, but that might not be the most ideal thing for your situation either unless you want all the students to be a "student" in all the courses; generally global roles aren't the best thing because they are truly "global."