Hi everyone, I have been tasked to use LDAP authentication and Active Directory to push role assignments in Moodle. I am wanting to make sure I am on the right path here.
Summary: Using groups we create in Active Directory, I would like to use that information to automatically assign a role in a specific category to a Moodle user. This way, we will have trainers who have access to their department (category) but no one elses. Supervisors and Managers will need to check reports, so they will have more of a non-editing teacher role in their department (category) as well.
1. We are upgrading to Moodle 2.7.1 this weekend, and this is the version of my dev site that I'm already working in.
2. I have updated the 'Teacher' and 'Non-editing Teacher' roles to my liking. Then I am creating a role for each department, e.g. Customer Service Trainer (Teacher) and Customer Service Leader (Non-Editing Teacher).
3. Update permissions in each category (one of my gripes here--the editing is REALLY time consuming) to ensure the appropriate department role is assigned only to their category
4. Create cohorts for each department to have the role assigned when the user information is sent from Active Directory groups. e.g Active Directory Group 'Customer Service Trainers' are automatically added to the cohort 'Customer Service Trainers' so the role will automatically assign.
What am I missing? And do I really need to monkey with the category permissions, because it will take hours to get those all updated--I will have one for every department in my company. We are already using LDAP and active directory to create users, not just to this level.
Thanks for your thoughts on this project. I really appreciate your input!