I am sorry if my comments offend anyone here, but why assume that it is Moodle that will, or even should, be able to solve all such issues? There isn't a network admin that does not get serious issues with getting Moodle to work with LDAP
. If Microsoft designed AD properly, and/or were a lot clearer about how it works, then the majority of issues could be resolved easily, or at least considerably more easily than they are now.
Microsoft's inherent arrogance in their assertions they know best and we should not worry about it manifests itself in this kind of nonsense. My recommendation to anyone is to drop Microsoft and use Open Source - even if my own workplace is just as stuck on such issues. I understand the old saying that I should not wish too hard, but reality is that we, as a society, can no longer afford the Western Price model, nor proprietal interests like we have always done. This sort of nonsense is the end result, integration, although never easy, becomes almost impossible without huge, expensive and extremely complex support systems.
Sorry.. away for a bit, back again..
The structure of the LDAP does not lend itself easily to resolution of this problem, and I am not sure if there is a single solution that works for everyone. Or rather, if there is, no-one is saying. The information in MoodleDocs
seems to be accurate, but it does not always work - which leads me to think one size does not fit all.
At sometime in the next decade or so, I am hoping to get enough time to sort some of these issues through and if I find a resolution, I will post it. In the meantime, please feel free to look at all the documentation and if there is anything there you think wrong, post an alternative in the page comments and invite others to look at it and add to it.
Here is one thread
on it that might help.