Hi all,
Has anyone successfully migrated from using LDAP to Shibboleth? Did you document this process?
We are currently exploring this option for on-site SSO, but we are puzzled as to how best to replace the LDAP CLI Sync script to pre-load accounts into Moodle. Our current thinking is to run the LDAP sync script as before but bounce the accounts between LDAP and Shibboleth authentication at a database level (updating the mdl_user table).
Any thoughts gratefully received.
Thanks,
Ben
What is your reason for moving away from LDAP? Are you going to move to pure Shibboleth or a product that wraps Shibboleth (e.g. OALA)
We're moving away from LDAP to Shibboleth to get 'proper' single-sign-in. ie. users should only be asked to sign in once and their credentials follow across multiple services; rather than the current situation of using the same credentials multiple times. It also means that other external services which rely on Shibboleth (via Moodle) should me more seamless.
We're going for pure Shibboleth via shibd and Apache with mod_shib.
