I have some questions about authentication/user management and security in Moodle. I apologize in advance for the length of this message.
We are currently running the latest CLAMP 1.9 release (1.9.19+LAE 1.7.1) We use a php script (autouploaduser.php) to upload users from a CSV file. This is only compatible with Moodle 1.x however. We are currently running a Moodle 2.3 pilot with hopes of going live next fall.
We are investigating how to use LDAP to create/manage the user accounts (http://docs.moodle.org/22/en/LDAP_enrolment) and have some questions related to this.
- Is it possible to create accounts in 2.x from the command line? Does anyone know of a working script?
- Can one use the ldap host attribute as an authorized automatic enrollement opton? If so, where and how to configure it?
- What is the best practice for archiving and deleting non active users?
Related to security, what is the best/most appropriate owner, group, and permission for Moodle files?
Currently, the owner and group appears to be apache.apache for most of the binaries. Given that apache is owned and grouped by apache.apache, what is the best recommended owner and group of the files in the installed directories?
What are your recommendations regarding permissions? Should the files be 775, 755, etc?
Any help would be greatly appreciated.